OTL logfile created on: 2/20/2014 9:46:16 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\blade\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 52.81% Memory free
5.00 Gb Paging File | 3.67 Gb Available in Paging File | 73.43% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.72 Gb Total Space | 247.52 Gb Free Space | 53.15% Space Free | Partition Type: NTFS
 
Computer Name: FRANK-PC | User Name: blade | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014/02/20 09:43:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Blade\Downloads\OTL.exe
PRC - [2014/02/16 13:02:35 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/03/31 20:28:18 | 000,647,168 | ---- | M] (IDEVFH) -- C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\27tbs75q.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
PRC - [2012/11/05 02:19:30 | 000,040,384 | ---- | M] (Support.com, Inc.) -- C:\Program Files\AOL Computer Checkup\sdcCont.exe
PRC - [2011/02/24 19:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014/02/16 13:02:35 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/16 15:09:18 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/11/15 13:58:28 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9f7b241c4cff24e6d0b554efb60aa8be\WindowsFormsIntegration.ni.dll
MOD - [2012/11/15 13:56:48 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll
MOD - [2012/11/15 13:53:03 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/15 13:52:49 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012/11/15 13:52:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/15 13:52:27 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/15 13:52:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/15 13:52:00 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/15 12:07:19 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/15 12:07:19 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\aa983d1ad8df4422c0859ab4d6e19a83\UIAutomationProvider.ni.dll
MOD - [2012/11/15 12:07:00 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/15 12:06:51 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/15 12:06:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/15 12:06:42 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/15 12:05:27 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Unknown] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2014/02/16 13:02:35 | 000,118,896 | ---- | M] (Mozilla Foundation) [Disabled | Unknown] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/18 14:23:26 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Unknown] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Unknown] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Unknown] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/12/10 13:01:54 | 003,569,512 | ---- | M] (Sendori) [Disabled | Unknown] -- C:\Program Files\Sendori\sndappv2.exe -- (sndappv2)
SRV - [2012/12/10 13:01:54 | 000,118,632 | ---- | M] (Sendori, Inc.) [Disabled | Unknown] -- C:\Program Files\Sendori\SendoriSvc.exe -- (Application Sendori)
SRV - [2012/12/10 13:01:54 | 000,014,696 | ---- | M] (sendori) [Disabled | Unknown] -- C:\Program Files\Sendori\Sendori.Service.exe -- (Service Sendori)
SRV - [2012/11/16 10:44:46 | 000,217,088 | ---- | M] (AMD) [Auto | Unknown] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/11/05 02:19:30 | 000,406,976 | ---- | M] (Support.com, Inc.) [Disabled | Unknown] -- C:\Program Files\AOL Computer Checkup\SDCService.exe -- (AOL Computer Checkup)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Unknown] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/13 15:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 15:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 15:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/29 10:21:52 | 003,110,016 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Unknown] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/06/15 14:52:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Unknown] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Unknown] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Unknown] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (avm1470w)
DRV - File not found [Kernel | Auto | Unknown] --  -- (adfs)
DRV - [2012/11/16 11:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/11/16 11:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/11/16 09:38:48 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/02/23 02:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012/01/10 17:29:48 | 000,428,088 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/11/20 02:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 02:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 02:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 00:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 00:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/19 23:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/19 23:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/19 23:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/10/26 15:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/07/23 20:48:00 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/07/13 12:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 12:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {BE28C22E-F666-424d-B5FD-125C4AFEE34E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aolrt-chromesbox-en-us&tb_uuid=20130105061243968&tb_oid=05-01-2013&tb_mrud=05-01-2013
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm0039Nus&ptb=E3C13CCC-C3D4-4C98-AF44-517A76638301&psa=&ind=2011101519&ptnrS=XPxdm0039Nus&si=CKyhvZ3d6asCFRVOgwodjlz9wQ&st=sb&n=77def94f&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1427241637-3662617669-1930280946-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1427241637-3662617669-1930280946-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1427241637-3662617669-1930280946-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 0F 9F B2 16 2E CF 01  [binary data]
IE - HKU\S-1-5-21-1427241637-3662617669-1930280946-1008\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1427241637-3662617669-1930280946-1008\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1427241637-3662617669-1930280946-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1427241637-3662617669-1930280946-1008\..\SearchScopes\Yahoo!: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans
IE - HKU\S-1-5-21-1427241637-3662617669-1930280946-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1427241637-3662617669-1930280946-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7BE173B749-DB5B-4fd2-BA0E-94ECEA0CA55B%7D:7.4
FF - prefs.js..extensions.enabledAddons: unloadtab%40firefox.ext:0.24.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@ei.VideoScavenger_1e.com/Plugin: C:\Program Files\VideoScavenger_1eEI\Installr\1.bin\NP1eEISB.dll (VideoScavenger)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/01 20:49:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/09/10 14:27:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/12/29 15:27:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/16 13:02:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/16 13:02:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/09/10 14:27:59 | 000,000,000 | ---D | M]
 
[2013/03/29 00:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blade\AppData\Roaming\Mozilla\Extensions
[2010/08/25 21:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blade\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2014/02/20 02:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\27tbs75q.default\extensions
[2013/03/31 21:31:02 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\27tbs75q.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2013/03/29 00:27:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\vbju4ecj.default\extensions
[2013/03/29 00:27:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\vbju4ecj.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2014/02/20 02:28:32 | 002,934,183 | ---- | M] () (No name found) -- C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\27tbs75q.default\extensions\firefox@mega.co.nz.xpi
[2014/02/19 18:28:52 | 000,068,452 | ---- | M] () (No name found) -- C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\27tbs75q.default\extensions\unloadtab@firefox.ext.xpi
[2013/07/31 10:21:22 | 000,223,750 | ---- | M] () (No name found) -- C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\27tbs75q.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2014/02/03 23:08:35 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\27tbs75q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/11 12:16:32 | 000,281,667 | ---- | M] () (No name found) -- C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\vbju4ecj.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2013/03/29 00:20:50 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\vbju4ecj.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/03/29 00:20:52 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\vbju4ecj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/11 12:16:32 | 000,713,793 | ---- | M] () (No name found) -- C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\vbju4ecj.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013/02/11 12:16:32 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\vbju4ecj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/02/19 19:53:22 | 000,001,001 | ---- | M] () -- C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\27tbs75q.default\searchplugins\torrentz-search.xml
[2013/03/29 18:25:53 | 000,002,057 | ---- | M] () -- C:\Users\Blade\AppData\Roaming\Mozilla\Firefox\Profiles\27tbs75q.default\searchplugins\youtube-video-search.xml
[2014/02/16 13:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/02/16 13:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/02/16 13:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/16 13:02:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/29 15:27:17 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
 
O1 HOSTS File: ([2011/03/31 19:30:01 | 000,431,715 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14862 more lines...
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MakiwaraNotify] C:\Program Files\AOL Computer Checkup\sdccont.exe (Support.com, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows COM Host] C:\{$3639-2282-3518-6023$}\iexplorer_.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows" File not found
O4 - HKU\S-1-5-21-1427241637-3662617669-1930280946-1008..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1427241637-3662617669-1930280946-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1427241637-3662617669-1930280946-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1427241637-3662617669-1930280946-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\Sendori.dll (Sendori)
O13 - gopher Prefix: missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244983639212 (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244983679197 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9A85739-2338-4A9A-B4BD-A03F86E7C397}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O27 - HKLM IFEO\avcenter.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\avguard.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\avp.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\bdagent.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\ccuac.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\ComboFix.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\egui.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\hijackthis.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\keyscrambler.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\mbam.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MSASCui.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MsMpEng.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\msseces.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\spybotsd.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\wireshark.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\zlclient.exe: Debugger - nsjw.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 11:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4389d855-af70-11e0-84a9-001d097b0bcc}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
System Restore Service not available.
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014/02/20 08:50:28 | 000,000,000 | ---D | C] -- C:\FRST
[2014/02/20 01:48:50 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2014/02/20 01:03:11 | 000,000,000 | ---D | C] -- C:\Users\blade\Desktop\rkill
[2014/02/19 22:35:15 | 000,000,000 | ---D | C] -- C:\Users\blade\AppData\Roaming\RealNetworks
[2014/02/19 20:10:03 | 000,000,000 | ---D | C] -- C:\Adobe Photoshop CS6 Extended
[2014/02/16 13:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/05 16:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
[2014/02/05 16:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\File Shredder
[2014/01/30 18:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/30 18:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014/02/20 09:41:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/20 09:41:24 | 1609,175,040 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/20 09:40:50 | 000,016,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/20 09:40:49 | 000,016,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/20 03:51:02 | 002,337,731 | ---- | M] () -- C:\Users\blade\Desktop\peter-gelderloos-anarchy-works.pdf
[2014/02/19 22:31:37 | 000,001,232 | RHS- | M] () -- C:\Users\blade\ntuser.pol
[2014/02/19 19:46:47 | 002,255,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/02/19 18:44:16 | 000,632,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/19 18:44:16 | 000,110,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/19 18:22:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
[2014/02/19 16:13:49 | 006,663,680 | ---- | M] () -- C:\Users\blade\Desktop\RemoveWAT.exe
[2014/02/19 15:52:36 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/19 15:52:35 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2014/02/18 19:47:01 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1427241637-3662617669-1930280946-1007UA.job
[2014/02/18 19:47:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1427241637-3662617669-1930280946-1007Core.job
[2014/02/18 19:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/18 19:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/05 16:34:38 | 000,847,510 | ---- | M] () -- C:\Users\blade\Desktop\vy4iuc.jpg
[2014/01/30 18:20:34 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014/02/20 03:51:03 | 002,337,731 | ---- | C] () -- C:\Users\blade\Desktop\peter-gelderloos-anarchy-works.pdf
[2014/02/19 18:22:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
[2014/02/19 16:13:49 | 006,663,680 | ---- | C] () -- C:\Users\blade\Desktop\RemoveWAT.exe
[2014/02/05 16:34:37 | 000,847,510 | ---- | C] () -- C:\Users\blade\Desktop\vy4iuc.jpg
[2014/01/30 18:20:34 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/04 21:08:09 | 000,002,646 | ---- | C] () -- C:\Windows\System32\regHiveData.bin
[2012/11/16 16:01:04 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/11/16 09:53:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/11/16 09:53:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/10/28 21:27:26 | 000,008,704 | ---- | C] () -- C:\Windows\System32\ComputerCheckup.exe
[2012/07/05 12:36:48 | 000,164,706 | ---- | C] () -- C:\Windows\hpoins29.dat
[2012/07/05 12:36:48 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2012/04/27 01:01:57 | 000,000,448 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2012/04/18 18:39:06 | 000,028,672 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/04/15 13:58:05 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2012/03/06 07:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/08/19 17:36:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sampler Instruments
[2010/04/28 16:41:56 | 000,001,036 | -HS- | C] () -- C:\ProgramData\erTd
[2010/04/26 17:31:19 | 000,000,928 | -HS- | C] () -- C:\ProgramData\KLry0l
[2010/04/25 13:08:29 | 000,010,986 | -HS- | C] () -- C:\ProgramData\w1vjs2h771
[2010/04/02 20:09:04 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/03/29 18:06:56 | 000,001,232 | RHS- | C] () -- C:\Users\blade\ntuser.pol
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/13 18:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 02:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 15:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/11/10 17:37:03 | 000,000,000 | ---D | M] -- C:\Users\blade\AppData\Roaming\.minecraft
[2013/04/19 03:05:08 | 000,000,000 | ---D | M] -- C:\Users\blade\AppData\Roaming\3909 LLC
[2013/03/31 18:55:10 | 000,000,000 | ---D | M] -- C:\Users\blade\AppData\Roaming\AVG
[2013/08/25 18:45:47 | 000,000,000 | ---D | M] -- C:\Users\blade\AppData\Roaming\Canneverbe Limited
[2014/02/19 22:41:10 | 000,000,000 | ---D | M] -- C:\Users\blade\AppData\Roaming\DAEMON Tools Lite
[2010/11/07 22:34:46 | 000,000,000 | ---D | M] -- C:\Users\blade\AppData\Roaming\GetRightToGo
[2013/08/30 15:35:46 | 000,000,000 | ---D | M] -- C:\Users\blade\AppData\Roaming\LibreOffice
[2011/03/17 15:34:58 | 000,000,000 | ---D | M] -- C:\Users\blade\AppData\Roaming\LimeWire
[2012/01/24 03:17:51 | 000,000,000 | ---D | M] -- C:\Users\blade\AppData\Roaming\LolClient
[2014/02/20 00:52:11 | 000,000,000 | ---D | M] -- C:\Users\blade\AppData\Roaming\Mumble
[2012/04/27 01:01:18 | 000,000,000 | ---D | M] -- C:\Users\blade\AppData\Roaming\MyHeritage
[2011/12/20 01:47:28 | 000,000,000 | ---D | M] -- C:\Users\blade\AppData\Roaming\Nikon
[2010/11/11 21:08:12 | 000,000,000 | ---D | M] -- C:\Users\blade\AppData\Roaming\Notepad++
[2010/04/28 14:45:26 | 000,000,000 | ---D | M] -- C:\Users\blade\AppData\Roaming\OpenOffice.org
[2013/03/29 20:07:50 | 000,000,000 | ---D | M] -- C:\Users\blade\AppData\Roaming\TuneUp Software
[2014/02/20 03:53:49 | 000,000,000 | ---D | M] -- C:\Users\blade\AppData\Roaming\uTorrent
[2011/03/02 14:53:50 | 000,000,000 | ---D | M] -- C:\Users\brent.Frank-PC\AppData\Roaming\.minecraft
[2011/05/25 14:09:27 | 000,000,000 | ---D | M] -- C:\Users\brent.Frank-PC\AppData\Roaming\AnvSoft
[2011/06/21 02:07:20 | 000,000,000 | ---D | M] -- C:\Users\brent.Frank-PC\AppData\Roaming\FrostWire
[2011/03/31 19:23:02 | 000,000,000 | ---D | M] -- C:\Users\brent.Frank-PC\AppData\Roaming\LimeWire
[2014/01/24 16:20:56 | 000,000,000 | ---D | M] -- C:\Users\brent.Frank-PC\AppData\Roaming\MyHeritage
[2010/05/20 17:57:22 | 000,000,000 | ---D | M] -- C:\Users\brent.Frank-PC\AppData\Roaming\Nikon
[2010/04/28 14:45:29 | 000,000,000 | ---D | M] -- C:\Users\brent.Frank-PC\AppData\Roaming\Notepad++
[2010/04/28 14:45:29 | 000,000,000 | ---D | M] -- C:\Users\brent.Frank-PC\AppData\Roaming\OpenOffice.org
[2012/11/15 17:39:14 | 000,000,000 | ---D | M] -- C:\Users\brent.Frank-PC\AppData\Roaming\SynthMaker
[2013/03/15 20:58:55 | 000,000,000 | ---D | M] -- C:\Users\brent.Frank-PC\AppData\Roaming\uTorrent
[2012/10/12 11:19:59 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/12 11:19:59 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2010/12/13 19:14:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\.minecraft
[2011/04/02 12:42:18 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\AnvSoft
[2011/09/19 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Auslogics
[2012/05/31 17:16:35 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\AVG
[2013/10/19 13:45:44 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Canneverbe Limited
[2010/03/15 00:12:24 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2010/03/15 00:12:24 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Crayon Physics Deluxe
[2011/09/19 22:09:01 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DAEMON Tools Lite
[2009/06/26 16:35:29 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DAEMON Tools Pro
[2011/03/31 19:36:46 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\FrostWire
[2009/08/14 09:29:59 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\GetRightToGo
[2011/04/03 14:23:09 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\HandBrake
[2010/04/28 14:45:33 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\IObit
[2010/11/06 11:32:18 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Leadertech
[2013/08/31 12:10:43 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\LibreOffice
[2013/04/19 00:43:49 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\LolClient
[2012/05/13 13:32:01 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\MyHeritage
[2010/08/19 17:25:31 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nikon
[2010/08/29 12:46:43 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Notepad++
[2010/04/28 14:45:36 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\OpenOffice.org
[2010/04/28 14:47:15 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\scdata
[2013/03/10 14:57:24 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TaxCut
[2012/04/15 13:58:05 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2012/09/27 18:01:54 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TuneUp Software
[2011/09/19 22:08:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\uTorrent
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#E56717]========== Base Services ==========[/color]
SRV - [2009/07/13 15:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2010/11/20 02:18:03 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 15:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 02:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 02:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 19:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 15:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 11:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/01 18:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 02:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 02:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/02 19:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 15:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 15:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 15:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Unknown] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 02:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/13 15:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 15:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 15:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 15:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2009/07/13 15:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\svchost.exe -- (NlaSvc)
SRV - [2009/07/13 15:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\svchost.exe -- (nsi)
SRV - [2011/05/24 00:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/11/20 02:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 19:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 15:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 02:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 02:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 15:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 19:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/13 15:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 02:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 02:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 02:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Disabled | Unknown] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 02:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 15:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2010/11/20 02:20:57 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 02:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 02:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 02:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 02:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009/07/13 15:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 02:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 02:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 02:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 02:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 15:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 12:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 02:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 15:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 02:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
[color=#A23BEC]< c:\program files (x86)\Google\Desktop >[/color]
[2009/07/13 18:53:46 | 000,032,586 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/13 18:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011/04/03 13:47:36 | 000,000,880 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/04/03 13:47:36 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/05/19 11:23:11 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/08/25 19:42:32 | 000,000,924 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1427241637-3662617669-1930280946-1007Core.job
[2012/08/25 19:42:33 | 000,000,946 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1427241637-3662617669-1930280946-1007UA.job
[2013/01/24 12:51:16 | 000,000,342 | ---- | C] () -- C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
 
[color=#A23BEC]< c:\program files\Google\Desktop >[/color]
 
[color=#A23BEC]< dir "%systemdrive%\*" /S /A:L /C >[/color]
 Volume in drive C has no label.
 Volume Serial Number is A816-0B72
 Directory of C:\
07/13/2009  06:53 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/13/2009  06:53 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  06:53 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  06:53 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  06:53 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  06:53 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  06:53 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/13/2009  06:53 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/13/2009  06:53 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/13/2009  06:53 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  06:53 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  06:53 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  06:53 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  06:53 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  06:53 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\blade
03/14/2010  11:37 PM    <JUNCTION>     Application Data [C:\Users\blade\AppData\Roaming]
03/14/2010  11:37 PM    <JUNCTION>     Cookies [C:\Users\blade\AppData\Roaming\Microsoft\Windows\Cookies]
03/14/2010  11:37 PM    <JUNCTION>     Local Settings [C:\Users\blade\AppData\Local]
03/14/2010  11:37 PM    <JUNCTION>     My Documents [C:\Users\blade\Documents]
03/14/2010  11:37 PM    <JUNCTION>     NetHood [C:\Users\blade\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/14/2010  11:37 PM    <JUNCTION>     PrintHood [C:\Users\blade\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/14/2010  11:37 PM    <JUNCTION>     Recent [C:\Users\blade\AppData\Roaming\Microsoft\Windows\Recent]
03/14/2010  11:37 PM    <JUNCTION>     SendTo [C:\Users\blade\AppData\Roaming\Microsoft\Windows\SendTo]
03/14/2010  11:37 PM    <JUNCTION>     Start Menu [C:\Users\blade\AppData\Roaming\Microsoft\Windows\Start Menu]
03/14/2010  11:37 PM    <JUNCTION>     Templates [C:\Users\blade\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\blade\AppData\Local
03/14/2010  11:37 PM    <JUNCTION>     Application Data [C:\Users\blade\AppData\Local]
03/14/2010  11:37 PM    <JUNCTION>     History [C:\Users\blade\AppData\Local\Microsoft\Windows\History]
03/14/2010  11:37 PM    <JUNCTION>     Temporary Internet Files [C:\Users\blade\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\blade\Documents
03/14/2010  11:37 PM    <JUNCTION>     My Music [C:\Users\blade\Music]
03/14/2010  11:37 PM    <JUNCTION>     My Pictures [C:\Users\blade\Pictures]
03/14/2010  11:37 PM    <JUNCTION>     My Videos [C:\Users\blade\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\brent.Frank-PC
03/14/2010  11:37 PM    <JUNCTION>     Application Data [..]
03/14/2010  11:37 PM    <JUNCTION>     Cookies [..]
03/14/2010  11:37 PM    <JUNCTION>     Local Settings [..]
03/14/2010  11:37 PM    <JUNCTION>     My Documents [..]
03/14/2010  11:37 PM    <JUNCTION>     NetHood [..]
03/14/2010  11:37 PM    <JUNCTION>     PrintHood [..]
03/14/2010  11:37 PM    <JUNCTION>     Recent [..]
03/14/2010  11:37 PM    <JUNCTION>     SendTo [..]
03/14/2010  11:37 PM    <JUNCTION>     Start Menu [..]
03/14/2010  11:37 PM    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/13/2009  06:53 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009  06:53 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009  06:53 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/13/2009  06:53 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/13/2009  06:53 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009  06:53 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009  06:53 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009  06:53 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009  06:53 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009  06:53 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/13/2009  06:53 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/13/2009  06:53 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009  06:53 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/13/2009  06:53 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/13/2009  06:53 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/13/2009  06:53 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Frank
03/14/2010  11:37 PM    <JUNCTION>     Application Data [..]
03/14/2010  11:37 PM    <JUNCTION>     Cookies [..]
03/14/2010  11:37 PM    <JUNCTION>     Local Settings [..]
03/14/2010  11:37 PM    <JUNCTION>     My Documents [..]
03/14/2010  11:37 PM    <JUNCTION>     NetHood [..]
03/14/2010  11:37 PM    <JUNCTION>     PrintHood [..]
03/14/2010  11:37 PM    <JUNCTION>     Recent [..]
03/14/2010  11:37 PM    <JUNCTION>     SendTo [..]
03/14/2010  11:37 PM    <JUNCTION>     Start Menu [..]
03/14/2010  11:37 PM    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Mike
05/11/2010  03:54 PM    <JUNCTION>     Application Data [..]
05/11/2010  03:54 PM    <JUNCTION>     Cookies [..]
05/11/2010  03:54 PM    <JUNCTION>     Local Settings [..]
05/11/2010  03:54 PM    <JUNCTION>     My Documents [..]
05/11/2010  03:54 PM    <JUNCTION>     NetHood [..]
05/11/2010  03:54 PM    <JUNCTION>     PrintHood [..]
05/11/2010  03:54 PM    <JUNCTION>     Recent [..]
05/11/2010  03:54 PM    <JUNCTION>     SendTo [..]
05/11/2010  03:54 PM    <JUNCTION>     Start Menu [..]
05/11/2010  03:54 PM    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/13/2009  06:53 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/13/2009  06:53 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/13/2009  06:53 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              80 Dir(s)  265,709,510,656 bytes free
 
[color=#A23BEC]< MD5 for: RPCSS.DLL  >[/color]
[2010/11/20 02:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll
[2010/11/20 02:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2009/07/13 15:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:612B5BD9
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6107F428

< End of report >