OTL logfile created on: 4/7/2014 1:35:01 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Public\Documents Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16521) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 28.21% Memory free 4.27 Gb Paging File | 2.37 Gb Available in Paging File | 55.38% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 186.16 Gb Total Space | 51.20 Gb Free Space | 27.50% Space Free | Partition Type: NTFS Drive D: | 49.00 Mb Total Space | 35.73 Mb Free Space | 72.93% Space Free | Partition Type: NTFS Computer Name: PELON-PC | User Name: pelon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014/04/07 01:34:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Documents\OTL.exe PRC - [2014/03/21 16:03:26 | 000,061,816 | ---- | M] (Creative Island Media, LLC) -- C:\ProgramData\Websteroids\WebsteroidsService.exe PRC - [2014/03/21 16:02:54 | 000,151,416 | ---- | M] (Creative Island Media, LLC) -- C:\ProgramData\Websteroids\Websteroids.exe PRC - [2014/03/14 17:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2014/03/06 15:47:22 | 000,049,464 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe PRC - [2014/03/02 04:09:22 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2014/02/13 15:58:02 | 000,152,560 | ---- | M] (Coupons.com Inc.) -- C:\Program Files\Coupons\CouponPrinterService.exe PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/07/15 09:54:54 | 000,204,216 | ---- | M] () -- C:\Program Files\Coupons.com CouponBar\TbHelper2.exe PRC - [2013/05/13 16:33:02 | 001,693,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe PRC - [2013/05/13 16:33:02 | 001,113,296 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/07/13 18:14:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe PRC - [2008/08/14 11:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe PRC - [2002/04/11 04:19:36 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014/03/21 16:02:56 | 001,161,080 | ---- | M] () -- C:\Windows\System32\Websteroids.B324755F3F87.dll MOD - [2014/03/14 17:50:40 | 013,637,448 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll MOD - [2014/03/14 17:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll MOD - [2014/03/14 17:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll MOD - [2014/03/14 17:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll MOD - [2014/03/14 17:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll MOD - [2014/03/06 20:53:22 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll MOD - [2014/03/06 20:51:29 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll MOD - [2014/03/06 20:51:23 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll MOD - [2014/03/06 20:51:19 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll MOD - [2014/03/06 20:51:07 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll MOD - [2014/02/26 03:46:50 | 004,591,616 | ---- | M] () -- C:\Users\pelon\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll MOD - [2014/02/26 03:46:50 | 000,112,128 | ---- | M] () -- C:\Users\pelon\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll MOD - [2013/07/15 09:54:54 | 000,204,216 | ---- | M] () -- C:\Program Files\Coupons.com CouponBar\TbHelper2.exe MOD - [2013/07/15 09:54:54 | 000,120,760 | ---- | M] () -- C:\Program Files\Coupons.com CouponBar\TbCommonUtils.dll MOD - [2002/04/11 04:19:42 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll MOD - [2002/04/11 04:19:36 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2014/03/21 16:03:26 | 000,061,816 | ---- | M] (Creative Island Media, LLC) [Auto | Running] -- C:\ProgramData\Websteroids\WebsteroidsService.exe -- (Websteroids) SRV - [2014/03/11 18:42:25 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2014/03/06 15:47:22 | 000,049,464 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService) SRV - [2014/02/28 20:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2014/02/27 09:47:12 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2014/02/13 15:58:02 | 000,152,560 | ---- | M] (Coupons.com Inc.) [Auto | Running] -- C:\Program Files\Coupons\CouponPrinterService.exe -- (CouponPrinterService) SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/07/19 04:01:38 | 000,701,288 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\pelon\AppData\Local\Temp\7zS6478\HPSLPSVC32.DLL -- (HPSLPSVC) SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/05/31 21:36:46 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\ftpsvc.dll -- (ftpsvc) SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010/11/20 05:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 18:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC) SRV - [2009/07/13 18:15:33 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip) SRV - [2009/07/13 18:14:48 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSVC) SRV - [2009/07/13 18:14:21 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | System | Stopped] -- system32\drivers\qknfd.sys -- (qknfd) DRV - [2014/04/06 18:50:10 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55FC7E4D-1D0A-4E87-A84E-0387C7226A13}\MpKsl71ec284c.sys -- (MpKsl71ec284c) DRV - [2014/03/17 01:52:11 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS) DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2013/10/01 17:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2013/03/25 15:41:44 | 000,065,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2012/08/23 07:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/07/13 15:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2009/07/13 15:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2007/11/09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2006/11/19 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/ IE - HKLM\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=suma_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtCyCtByB0EtBzz0Czz0C0EtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzz0EzytCtCyBzytG0E0A0B0FtG0FyDyEyBtGtAtDyD0CtGtC0Ezy0E0FyBtByBtCtAzyyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0FtD0AyE0E0AtG0FyCtByBtGzyyB0F0FtG0B0C0F0DtGyBtDyD0A0B0EtDzzyCzztCyE2Q&cr=859755633&ir= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{9B2CF6EA-DCE8-41CF-9EA8-1675E3FE68F7}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=suma_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtCyCtByB0EtBzz0Czz0C0EtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzz0EzytCtCyBzytG0E0A0B0FtG0FyDyEyBtGtAtDyD0CtGtC0Ezy0E0FyBtByBtCtAzyyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0FtD0AyE0E0AtG0FyCtByBtGzyyB0F0FtG0B0C0F0DtGyBtDyD0A0B0EtDzzyCzztCyE2Q&cr=859755633&ir= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://search.conduit.com/?gd=&ctid=CT3319612&octid=EB_ORIGINAL_CTID&ISID=M2BC63FE3-7153-4A3F-BEFF-C960ADBBE1E4&SearchSource=55&CUI=&UM=5&UP=SP443EB6DB-A339-43D1-85D6-7D76855C1CD7&SSPV= CHR - plugin: Widevine Content Decryption Module (Disabled) = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Disabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll CHR - Extension: craigslist pop. = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aikbdokcmcbbeaadpdbhlcdcgghdkhja\2.91_0\ CHR - Extension: Google Docs = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Webpage Screenshot = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk\1.0_0\ CHR - Extension: YOUZEEK Free Music = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce\2.0.3_0\ CHR - Extension: YouTube = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: WebCamera360 = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfojbadjlaaiddllnogeohfgamgedcfd\0.0.1_0\ CHR - Extension: Coupons.com Toolbar = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\ CHR - Extension: Google Search = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Search by Image (by Google) = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.1_0\ CHR - Extension: Photoshop 4U = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\damhoidgnfbiidoiajljbdpgnojmemlf\1.0.1_0\ CHR - Extension: ShopAtHome.com extension = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.1.0.18_0\ CHR - Extension: Drive Template Gallery = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\edccfahmoapjmcaahncgcekjodejmhkg\1.4_0\ CHR - Extension: The Economist = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebjgjhbjedcomcajgpodjgfjgkepgpl\1.0.32.1_0\ CHR - Extension: Permanent Readability = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkoadlaadbnnaipkigapbbgbclcdhkaf\0.10_0\ CHR - Extension: Open PayPal = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\glghgmejmmepalcnengjekjfmfbailbl\2.0_0\ CHR - Extension: DocuSign = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\goblijolcnempeilmnkmfbhohlpngemd\2.6.1.0_0\ CHR - Extension: Pin It Button = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_0\ CHR - Extension: Quotes = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgajkhbbneeeiglmojmbjppekeklmcp\3.66_0\ CHR - Extension: Quotes Everlasting = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmeioahpbcoknbbdeikokbhenkmmeilo\0.0.0.4_0\ CHR - Extension: Google Keep = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14143.1351_0\ CHR - Extension: Google Play Music = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.2_0\ CHR - Extension: Custom Googleâ„¢ Background = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jepibmfmhopgkplegmkjgifmhabbjadg\6.3_0\ CHR - Extension: Craigslist = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfhkdighkjbghfkkelkgdlmbkjopoali\0.1_0\ CHR - Extension: Google Forms = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg\0.5_0\ CHR - Extension: eBay Extension for Google Chromeâ„¢ = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\3.1.0_0\ CHR - Extension: Storegate = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfhaebnoglcnaogaafcigjmjkjdnejpi\0.0.0.1_0\ CHR - Extension: Bookmarks = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljcgggmjhkegncpcaffddonfhpnfocdk\1.2_0\ CHR - Extension: PDF Cloud Tools = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpieolhcmajmolkhbbeljknkcdcmffk\1.0.1.4_0\ CHR - Extension: Google Play Books = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.9_0\ CHR - Extension: Photo Editor = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgdinedcmfmiafjedljkdahmohmafbb\1.0_0\ CHR - Extension: Google Wallet = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: Picky Wallpapers = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj\1.0.0_0\ CHR - Extension: My Chrome Theme = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\ CHR - Extension: Picasa = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\ CHR - Extension: Gmail = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: eBay Deals = C:\Users\pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pllkgmcojhajjmojfoagiegoibjognlc\1.0.4_0\ O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll () O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB5AA166-B34A-4B0F-BEB4-F752ED4EA324}: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014/04/07 01:34:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Public\Documents\OTL.exe [2014/04/06 14:22:57 | 000,000,000 | ---D | C] -- C:\Users\pelon\AppData\Roaming\Share-to-Web Upload Folder [2014/04/06 03:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons.com CouponBar [2014/04/06 03:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons [2014/04/06 03:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons [2014/04/06 03:56:13 | 002,021,104 | ---- | C] (Coupons.com Incorporated) -- C:\Users\pelon\Desktop\CouponPrinterCPS.exe [2014/04/05 04:31:42 | 000,000,000 | ---D | C] -- C:\Users\pelon\AppData\Roaming\Windows [2014/04/03 19:51:39 | 000,000,000 | ---D | C] -- C:\Users\pelon\.android [2014/04/03 19:51:37 | 000,000,000 | ---D | C] -- C:\Users\pelon\AppData\Local\cache [2014/04/03 19:51:35 | 000,000,000 | ---D | C] -- C:\Users\pelon\AppData\Roaming\0S1F1O2Z0S2Y1H1T [2014/04/03 19:51:32 | 000,000,000 | ---D | C] -- C:\Users\pelon\Documents\Mobogenie [2014/04/03 19:51:32 | 000,000,000 | ---D | C] -- C:\Users\pelon\AppData\Local\Mobogenie [2014/04/02 23:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2014/03/29 01:05:44 | 000,000,000 | ---D | C] -- C:\Users\pelon\AppData\Roaming\ImgBurn [2014/03/29 00:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2014/03/29 00:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn [2014/03/29 00:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect [2014/03/29 00:33:43 | 000,000,000 | ---D | C] -- C:\Users\pelon\AppData\Local\SearchProtect [2014/03/27 23:50:50 | 000,000,000 | ---D | C] -- C:\Users\pelon\AppData\Local\Websteroids [2014/03/27 23:50:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids [2014/03/23 02:04:41 | 000,000,000 | ---D | C] -- C:\Windows\pss [2014/03/23 01:47:22 | 000,000,000 | ---D | C] -- C:\Users\pelon\AppData\Local\MigWiz [2014/03/19 00:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2014/03/19 00:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2014/03/17 01:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Share-to-Web [2014/03/17 01:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard [2014/03/17 01:52:11 | 000,077,004 | ---- | C] (Oak Technology Inc.) -- C:\Windows\System32\drivers\AFS.SYS [2014/03/17 01:16:10 | 000,000,000 | R--D | C] -- C:\Users\pelon\Documents\Scanned Documents [2014/03/17 01:16:09 | 000,000,000 | ---D | C] -- C:\Users\pelon\Documents\Fax [2014/03/16 22:18:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2014/03/16 20:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\Hp [2014/03/16 20:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard [2014/03/16 20:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap [2014/03/16 20:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2014/03/16 19:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2014/03/16 02:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2014/03/13 22:25:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Apple - Support - Confirmation_files [2014/03/13 18:21:07 | 002,021,112 | ---- | C] (Coupons.com Incorporated) -- C:\Users\Public\Documents\CouponPrinter.exe [2014/03/13 17:55:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\USPS.com® - Schedule a Pickup_files [2014/03/11 18:33:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\toshiba [2014/03/09 23:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2014/03/08 20:04:31 | 000,000,000 | ---D | C] -- C:\Users\pelon\AppData\Roaming\Pantech [2014/03/08 18:22:10 | 000,077,824 | ---- | C] (Mobile Leader) -- C:\Windows\System32\mp4_vcodec.dll [2014/03/08 18:22:09 | 000,684,032 | ---- | C] (Mobile Leader) -- C:\Windows\System32\fun_mp4_enc.dll [2014/03/08 18:22:09 | 000,057,344 | ---- | C] (InterObject Ltd.) -- C:\Windows\System32\MelodySource.ax [2014/03/08 18:22:09 | 000,049,152 | ---- | C] (InterObject Ltd.) -- C:\Windows\System32\Pal.dll [2014/03/08 18:22:09 | 000,016,384 | ---- | C] (Mobile Leader) -- C:\Windows\System32\fun_mp4_dec.dll [2014/03/08 18:22:08 | 000,212,992 | ---- | C] (Mobile Leader) -- C:\Windows\System32\FunMpgDecFilter.ax [2014/03/08 18:22:08 | 000,188,416 | ---- | C] (Mobile Leader) -- C:\Windows\System32\FunOggDecFilter.ax [2014/03/08 18:22:08 | 000,159,744 | ---- | C] (Mobile Leader) -- C:\Windows\System32\FunMp3DecFilter.ax [2014/03/08 18:22:08 | 000,086,016 | ---- | C] (Mobile Leader) -- C:\Windows\System32\FunMpgGrabFilter.ax [2014/03/08 18:22:08 | 000,069,632 | ---- | C] (Mobile Leader) -- C:\Windows\System32\FunSubFilter.ax [2014/03/08 18:22:08 | 000,065,536 | ---- | C] (Mobile Leader) -- C:\Windows\System32\FunVideoCodecFilter2.ax [2014/03/08 18:22:08 | 000,065,536 | ---- | C] (Mobile Leader) -- C:\Windows\System32\FunVideoAdjustFilter.ax [2014/03/08 18:22:08 | 000,061,440 | ---- | C] (Mobile Leader) -- C:\Windows\System32\FunVideoCodecFilter.ax [2014/03/08 18:22:08 | 000,057,344 | ---- | C] (Mobile Leader) -- C:\Windows\System32\FunImgFilter.ax [2014/03/08 18:22:08 | 000,053,248 | ---- | C] (Mobile Leader) -- C:\Windows\System32\FunVideoResizeFilter.ax [2014/03/08 18:22:07 | 001,069,056 | ---- | C] (Mobile Leader) -- C:\Windows\System32\FunDecFilter.ax [2014/03/08 18:22:07 | 000,540,672 | ---- | C] (Mobile Leader) -- C:\Windows\System32\FunEncFilter.ax [2014/03/08 18:22:07 | 000,196,608 | ---- | C] (Mobile Leader) -- C:\Windows\System32\FunAudioCodecFilter.ax [2014/03/08 18:22:07 | 000,192,512 | ---- | C] (Mobile Leader) -- C:\Windows\System32\FunAudioCodecFilter2.ax [2014/03/08 18:22:07 | 000,172,032 | ---- | C] (Gabest) -- C:\Windows\System32\FunAviSplitter2.ax [2014/03/08 18:22:07 | 000,069,632 | ---- | C] (Mobile Leader) -- C:\Windows\System32\FunEQFilter.ax [2014/03/08 18:22:07 | 000,061,440 | ---- | C] (Mobile Leader) -- C:\Windows\System32\FunConvFilter.ax [2014/03/08 18:21:55 | 002,359,296 | ---- | C] (Codejock Software) -- C:\Windows\System32\XTP9601LibL.dll [2014/03/08 18:21:55 | 002,334,720 | ---- | C] (Codejock Software) -- C:\Windows\System32\XTP9601LibU.dll [2014/03/08 18:21:54 | 002,338,816 | ---- | C] (Codejock Software) -- C:\Windows\System32\XTP9601LibA.dll [2014/03/08 18:21:54 | 002,338,816 | ---- | C] (Codejock Software) -- C:\Windows\System32\XTP9600LibL.dll [2014/03/08 18:21:53 | 000,507,904 | ---- | C] (MobileLeader, Inc.) -- C:\Windows\System32\MSLUP71.DLL [2014/03/08 18:21:53 | 000,352,256 | ---- | C] (MobileLeader, Inc.) -- C:\Windows\System32\MSLUR71.DLL [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014/04/07 01:34:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Documents\OTL.exe [2014/04/07 01:21:12 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/04/07 01:21:12 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/04/07 00:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/04/07 00:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/04/06 19:33:50 | 000,121,230 | ---- | M] () -- C:\Users\Public\Documents\myWeekly Ad _ Personalized CVS Weekly Ad.pdf [2014/04/06 18:51:15 | 000,805,644 | ---- | M] () -- C:\Windows\System32\perfh00A.dat [2014/04/06 18:51:15 | 000,712,354 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014/04/06 18:51:15 | 000,181,502 | ---- | M] () -- C:\Windows\System32\perfc00A.dat [2014/04/06 18:51:15 | 000,138,270 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014/04/06 18:30:55 | 000,000,434 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2014/04/06 15:45:40 | 000,054,395 | ---- | M] () -- C:\Users\Public\Documents\satellite_L555-S7945.pdf [2014/04/06 09:29:48 | 000,208,909 | ---- | M] () -- C:\Users\Public\Documents\CVS Coupon Matchups.pdf [2014/04/06 03:56:51 | 002,021,104 | ---- | M] (Coupons.com Incorporated) -- C:\Users\pelon\Desktop\CouponPrinterCPS.exe [2014/04/06 03:21:16 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/04/06 03:20:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/04/06 03:20:22 | 1602,789,376 | -HS- | M] () -- C:\hiberfil.sys [2014/04/05 20:13:47 | 242,380,740 | ---- | M] () -- C:\Users\pelon\Desktop\KB3AIK_EN.iso [2014/04/05 14:56:03 | 000,122,558 | ---- | M] () -- C:\Users\Public\Documents\ExtraCare_ Email Offer - Success.pdf [2014/04/04 16:04:51 | 000,059,055 | ---- | M] () -- C:\Users\Public\Documents\Shopping list for Big Lots.pdf [2014/04/03 19:52:38 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014/04/03 19:48:20 | 000,684,904 | ---- | M] ( ) -- C:\Users\pelon\Desktop\CCleaner_Setup.exe [2014/04/03 02:56:24 | 002,163,296 | ---- | M] () -- C:\Users\pelon\Desktop\DunnEdwardsStores_California (1).pdf [2014/04/03 02:56:11 | 002,100,032 | ---- | M] () -- C:\Users\pelon\Desktop\DunnEdwardsStores_California.pdf [2014/04/02 23:58:19 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk [2014/04/02 23:58:19 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk [2014/04/02 23:58:19 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk [2014/04/02 09:12:32 | 000,063,458 | ---- | M] () -- C:\Users\pelon\Desktop\$(KGrHqZ,!j!FBt9yFqU9BQh,vUd0sw~~_32.jpg [2014/04/02 07:57:04 | 000,239,803 | ---- | M] () -- C:\Users\pelon\Desktop\$_57 (1).JPG [2014/04/02 05:05:09 | 000,147,635 | ---- | M] () -- C:\Users\Public\Documents\Thank you for shopping at FRYS.pdf [2014/04/01 22:57:16 | 000,855,968 | ---- | M] () -- C:\Users\Public\Documents\Swann PRO-655 Super-tough DayNight Security Camera Data Sheet.pdf [2014/03/29 00:35:35 | 000,001,871 | ---- | M] () -- C:\Users\pelon\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk [2014/03/29 00:35:35 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2014/03/29 00:33:45 | 000,000,000 | ---- | M] () -- C:\END [2014/03/28 16:13:19 | 000,071,473 | ---- | M] () -- C:\Users\Public\Documents\UPS_ Tracking Information.pdf [2014/03/26 22:59:19 | 000,127,498 | ---- | M] () -- C:\Users\Public\Documents\xbox.pdf [2014/03/25 17:08:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2014/03/24 03:00:40 | 000,128,624 | ---- | M] () -- C:\Users\Public\Documents\glasses.pdf [2014/03/23 04:32:55 | 000,127,418 | ---- | M] () -- C:\Users\Public\Documents\ipod.pdf [2014/03/22 16:16:47 | 000,165,050 | ---- | M] () -- C:\Users\Public\Documents\BestBuy.pdf [2014/03/21 16:02:56 | 001,161,080 | ---- | M] () -- C:\Windows\System32\Websteroids.B324755F3F87.dll [2014/03/20 00:30:32 | 000,005,849 | ---- | M] () -- C:\Users\Public\Documents\https___postage.ebay.com_ws_eBayISAPI.pdf [2014/03/19 20:57:07 | 000,001,194 | ---- | M] () -- C:\Users\pelon\Desktop\Backup 2014-02-24 092823 - Shortcut.lnk [2014/03/18 11:32:39 | 000,120,167 | ---- | M] () -- C:\Users\Public\Documents\USPS.pdf [2014/03/17 21:59:37 | 000,000,000 | -H-- | M] () -- C:\Users\pelon\Documents\Default.rdp [2014/03/17 18:10:12 | 000,000,014 | ---- | M] () -- C:\Windows\pagesuit.ini [2014/03/17 02:18:31 | 000,133,057 | ---- | M] () -- C:\Users\Public\Documents\new - Copy.pdf [2014/03/17 01:54:01 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\HP Director.lnk [2014/03/17 01:52:11 | 000,077,004 | ---- | M] (Oak Technology Inc.) -- C:\Windows\System32\drivers\AFS.SYS [2014/03/17 01:23:45 | 003,118,787 | ---- | M] () -- C:\Users\Public\Documents\c01176633.pdf [2014/03/17 00:12:45 | 000,157,253 | ---- | M] () -- C:\Users\Public\Documents\new.pdf [2014/03/16 22:14:57 | 000,129,874 | ---- | M] () -- C:\Users\pelon\Desktop\new - Copy.pdf [2014/03/16 21:11:10 | 000,078,636 | ---- | M] () -- C:\Users\Public\Documents\hp.pdf [2014/03/16 20:56:57 | 000,083,267 | ---- | M] () -- C:\Users\Public\Documents\hp psc 2200 series tour.pdf [2014/03/16 20:33:50 | 004,435,968 | ---- | M] () -- C:\Users\pelon\Desktop\HPSupportSolutionsFramework.msi [2014/03/16 19:53:36 | 002,338,824 | ---- | M] () -- C:\Users\pelon\Desktop\hppiw.exe [2014/03/16 14:09:35 | 000,002,238 | ---- | M] () -- C:\Users\Public\Desktop\MP160 On-screen Manual.lnk [2014/03/15 20:55:44 | 000,001,486 | ---- | M] () -- C:\Users\pelon\Application Data\Microsoft\Internet Explorer\Quick Launch\Amazon.lnk [2014/03/15 18:34:19 | 000,000,017 | ---- | M] () -- C:\Users\pelon\AppData\Local\resmon.resmoncfg [2014/03/15 12:22:52 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014/03/15 05:09:32 | 000,113,688 | ---- | M] () -- C:\Users\Public\Documents\phillipines label.pdf [2014/03/14 12:56:21 | 000,088,538 | ---- | M] () -- C:\Users\Public\Documents\march.pdf [2014/03/14 02:37:24 | 000,019,213 | ---- | M] () -- C:\Users\Public\Documents\00M0M_4f7OauJgi7t_600x450.jpg [2014/03/14 02:35:24 | 000,015,960 | ---- | M] () -- C:\Users\Public\Documents\00w0w_JIquMYAMi5_600x450.jpg [2014/03/13 22:25:32 | 000,052,104 | ---- | M] () -- C:\Users\Public\Documents\Apple - Support - Confirmation.htm [2014/03/13 18:21:12 | 002,021,112 | ---- | M] (Coupons.com Incorporated) -- C:\Users\Public\Documents\CouponPrinter.exe [2014/03/13 17:55:55 | 000,077,414 | ---- | M] () -- C:\Users\Public\Documents\USPS.com® - Schedule a Pickup.htm [2014/03/13 14:56:41 | 000,088,170 | ---- | M] () -- C:\Users\Public\Documents\d.e.#4.pdf [2014/03/13 14:55:20 | 000,089,089 | ---- | M] () -- C:\Users\Public\Documents\d.e.#3.pdf [2014/03/13 14:54:16 | 000,088,925 | ---- | M] () -- C:\Users\Public\Documents\d.e.#2.pdf [2014/03/13 14:52:31 | 000,088,998 | ---- | M] () -- C:\Users\Public\Documents\Direct Express ®.pdf [2014/03/13 11:58:35 | 000,129,374 | ---- | M] () -- C:\Users\Public\Documents\2.pdf [2014/03/12 22:52:18 | 000,000,000 | -H-- | M] () -- C:\Users\pelon\Desktop\7600.16385.090713-1255_x86fre_enterprise_en-us_EVAL_Eval_Enterprise-GRMCENEVAL_EN_DVD.iso.part [2014/03/12 11:07:15 | 000,148,501 | ---- | M] () -- C:\Users\Public\Documents\Print Postage.pdf [2014/03/11 18:13:10 | 000,606,599 | ---- | M] () -- C:\Users\Public\Documents\t.s 013.JPG [2014/03/11 18:12:53 | 000,542,440 | ---- | M] () -- C:\Users\Public\Documents\t.s 012.JPG [2014/03/11 18:12:21 | 000,577,086 | ---- | M] () -- C:\Users\Public\Documents\t.s 011.JPG [2014/03/11 18:12:13 | 000,558,373 | ---- | M] () -- C:\Users\Public\Documents\t.s 010.JPG [2014/03/11 18:12:03 | 000,664,464 | ---- | M] () -- C:\Users\Public\Documents\t.s 009.JPG [2014/03/11 18:11:42 | 000,567,934 | ---- | M] () -- C:\Users\Public\Documents\t.s 008.JPG [2014/03/11 18:11:28 | 000,518,792 | ---- | M] () -- C:\Users\Public\Documents\t.s 007.JPG [2014/03/11 18:10:40 | 000,635,910 | ---- | M] () -- C:\Users\Public\Documents\t.s 006.JPG [2014/03/11 18:10:22 | 000,488,720 | ---- | M] () -- C:\Users\Public\Documents\t.s 005.JPG [2014/03/11 18:10:05 | 000,583,408 | ---- | M] () -- C:\Users\Public\Documents\t.s 004.JPG [2014/03/11 18:10:02 | 000,602,102 | ---- | M] () -- C:\Users\Public\Documents\t.s 003.JPG [2014/03/11 18:09:49 | 000,525,224 | ---- | M] () -- C:\Users\Public\Documents\t.s 002.JPG [2014/03/11 18:08:36 | 000,493,532 | ---- | M] () -- C:\Users\Public\Documents\t.s 001.JPG [2014/03/11 12:24:54 | 000,269,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014/03/09 23:12:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_wpdcomp_01_09_00.Wdf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014/04/06 15:45:40 | 000,054,395 | ---- | C] () -- C:\Users\Public\Documents\satellite_L555-S7945.pdf [2014/04/06 09:29:47 | 000,208,909 | ---- | C] () -- C:\Users\Public\Documents\CVS Coupon Matchups.pdf [2014/04/05 20:07:46 | 242,380,740 | ---- | C] () -- C:\Users\pelon\Desktop\KB3AIK_EN.iso [2014/04/05 14:56:02 | 000,122,558 | ---- | C] () -- C:\Users\Public\Documents\ExtraCare_ Email Offer - Success.pdf [2014/04/05 12:49:43 | 000,121,230 | ---- | C] () -- C:\Users\Public\Documents\myWeekly Ad _ Personalized CVS Weekly Ad.pdf [2014/04/04 16:04:50 | 000,059,055 | ---- | C] () -- C:\Users\Public\Documents\Shopping list for Big Lots.pdf [2014/04/03 19:48:16 | 000,684,904 | ---- | C] ( ) -- C:\Users\pelon\Desktop\CCleaner_Setup.exe [2014/04/03 02:56:23 | 002,163,296 | ---- | C] () -- C:\Users\pelon\Desktop\DunnEdwardsStores_California (1).pdf [2014/04/03 02:51:53 | 002,100,032 | ---- | C] () -- C:\Users\pelon\Desktop\DunnEdwardsStores_California.pdf [2014/04/02 23:58:19 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Google Slides.lnk [2014/04/02 23:58:19 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Google Sheets.lnk [2014/04/02 23:58:19 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Google Docs.lnk [2014/04/02 09:12:31 | 000,063,458 | ---- | C] () -- C:\Users\pelon\Desktop\$(KGrHqZ,!j!FBt9yFqU9BQh,vUd0sw~~_32.jpg [2014/04/02 07:57:04 | 000,239,803 | ---- | C] () -- C:\Users\pelon\Desktop\$_57 (1).JPG [2014/04/02 05:05:01 | 000,147,635 | ---- | C] () -- C:\Users\Public\Documents\Thank you for shopping at FRYS.pdf [2014/04/01 22:57:16 | 000,855,968 | ---- | C] () -- C:\Users\Public\Documents\Swann PRO-655 Super-tough DayNight Security Camera Data Sheet.pdf [2014/03/29 00:35:35 | 000,001,871 | ---- | C] () -- C:\Users\pelon\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk [2014/03/29 00:35:35 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2014/03/29 00:33:45 | 000,000,000 | ---- | C] () -- C:\END [2014/03/28 16:13:16 | 000,071,473 | ---- | C] () -- C:\Users\Public\Documents\UPS_ Tracking Information.pdf [2014/03/26 22:59:18 | 000,127,498 | ---- | C] () -- C:\Users\Public\Documents\xbox.pdf [2014/03/24 03:00:39 | 000,128,624 | ---- | C] () -- C:\Users\Public\Documents\glasses.pdf [2014/03/23 04:32:55 | 000,127,418 | ---- | C] () -- C:\Users\Public\Documents\ipod.pdf [2014/03/22 16:16:46 | 000,165,050 | ---- | C] () -- C:\Users\Public\Documents\BestBuy.pdf [2014/03/21 16:02:56 | 001,161,080 | ---- | C] () -- C:\Windows\System32\Websteroids.B324755F3F87.dll [2014/03/20 00:30:30 | 000,005,849 | ---- | C] () -- C:\Users\Public\Documents\https___postage.ebay.com_ws_eBayISAPI.pdf [2014/03/19 20:57:07 | 000,001,194 | ---- | C] () -- C:\Users\pelon\Desktop\Backup 2014-02-24 092823 - Shortcut.lnk [2014/03/18 11:32:39 | 000,120,167 | ---- | C] () -- C:\Users\Public\Documents\USPS.pdf [2014/03/17 21:59:37 | 000,000,000 | -H-- | C] () -- C:\Users\pelon\Documents\Default.rdp [2014/03/17 01:54:01 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\HP Director.lnk [2014/03/17 01:51:06 | 000,007,765 | ---- | C] () -- C:\Windows\hpomdl01.dat [2014/03/17 01:23:39 | 003,118,787 | ---- | C] () -- C:\Users\Public\Documents\c01176633.pdf [2014/03/16 22:15:07 | 000,129,874 | ---- | C] () -- C:\Users\pelon\Desktop\new - Copy.pdf [2014/03/16 22:13:45 | 000,133,057 | ---- | C] () -- C:\Users\Public\Documents\new - Copy.pdf [2014/03/16 21:24:06 | 000,157,253 | ---- | C] () -- C:\Users\Public\Documents\new.pdf [2014/03/16 21:11:10 | 000,078,636 | ---- | C] () -- C:\Users\Public\Documents\hp.pdf [2014/03/16 20:56:57 | 000,083,267 | ---- | C] () -- C:\Users\Public\Documents\hp psc 2200 series tour.pdf [2014/03/16 20:33:11 | 004,435,968 | ---- | C] () -- C:\Users\pelon\Desktop\HPSupportSolutionsFramework.msi [2014/03/16 20:19:20 | 000,000,014 | ---- | C] () -- C:\Windows\pagesuit.ini [2014/03/16 19:52:56 | 002,338,824 | ---- | C] () -- C:\Users\pelon\Desktop\hppiw.exe [2014/03/16 14:09:08 | 000,002,238 | ---- | C] () -- C:\Users\Public\Desktop\MP160 On-screen Manual.lnk [2014/03/15 20:55:44 | 000,001,486 | ---- | C] () -- C:\Users\pelon\Application Data\Microsoft\Internet Explorer\Quick Launch\Amazon.lnk [2014/03/15 18:34:19 | 000,000,017 | ---- | C] () -- C:\Users\pelon\AppData\Local\resmon.resmoncfg [2014/03/15 05:09:31 | 000,113,688 | ---- | C] () -- C:\Users\Public\Documents\phillipines label.pdf [2014/03/14 12:56:21 | 000,088,538 | ---- | C] () -- C:\Users\Public\Documents\march.pdf [2014/03/14 02:37:24 | 000,019,213 | ---- | C] () -- C:\Users\Public\Documents\00M0M_4f7OauJgi7t_600x450.jpg [2014/03/14 02:35:23 | 000,015,960 | ---- | C] () -- C:\Users\Public\Documents\00w0w_JIquMYAMi5_600x450.jpg [2014/03/13 22:25:30 | 000,052,104 | ---- | C] () -- C:\Users\Public\Documents\Apple - Support - Confirmation.htm [2014/03/13 17:55:53 | 000,077,414 | ---- | C] () -- C:\Users\Public\Documents\USPS.com® - Schedule a Pickup.htm [2014/03/13 14:56:41 | 000,088,170 | ---- | C] () -- C:\Users\Public\Documents\d.e.#4.pdf [2014/03/13 14:55:20 | 000,089,089 | ---- | C] () -- C:\Users\Public\Documents\d.e.#3.pdf [2014/03/13 14:54:16 | 000,088,925 | ---- | C] () -- C:\Users\Public\Documents\d.e.#2.pdf [2014/03/13 11:58:34 | 000,129,374 | ---- | C] () -- C:\Users\Public\Documents\2.pdf [2014/03/12 22:52:18 | 000,000,000 | -H-- | C] () -- C:\Users\pelon\Desktop\7600.16385.090713-1255_x86fre_enterprise_en-us_EVAL_Eval_Enterprise-GRMCENEVAL_EN_DVD.iso.part [2014/03/12 11:07:15 | 000,148,501 | ---- | C] () -- C:\Users\Public\Documents\Print Postage.pdf [2014/03/11 18:32:53 | 000,664,464 | ---- | C] () -- C:\Users\Public\Documents\t.s 009.JPG [2014/03/11 18:32:53 | 000,635,910 | ---- | C] () -- C:\Users\Public\Documents\t.s 006.JPG [2014/03/11 18:32:53 | 000,606,599 | ---- | C] () -- C:\Users\Public\Documents\t.s 013.JPG [2014/03/11 18:32:53 | 000,602,102 | ---- | C] () -- C:\Users\Public\Documents\t.s 003.JPG [2014/03/11 18:32:53 | 000,583,408 | ---- | C] () -- C:\Users\Public\Documents\t.s 004.JPG [2014/03/11 18:32:53 | 000,577,086 | ---- | C] () -- C:\Users\Public\Documents\t.s 011.JPG [2014/03/11 18:32:53 | 000,567,934 | ---- | C] () -- C:\Users\Public\Documents\t.s 008.JPG [2014/03/11 18:32:53 | 000,558,373 | ---- | C] () -- C:\Users\Public\Documents\t.s 010.JPG [2014/03/11 18:32:53 | 000,542,440 | ---- | C] () -- C:\Users\Public\Documents\t.s 012.JPG [2014/03/11 18:32:53 | 000,525,224 | ---- | C] () -- C:\Users\Public\Documents\t.s 002.JPG [2014/03/11 18:32:53 | 000,518,792 | ---- | C] () -- C:\Users\Public\Documents\t.s 007.JPG [2014/03/11 18:32:53 | 000,493,532 | ---- | C] () -- C:\Users\Public\Documents\t.s 001.JPG [2014/03/11 18:32:53 | 000,488,720 | ---- | C] () -- C:\Users\Public\Documents\t.s 005.JPG [2014/03/09 23:12:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_wpdcomp_01_09_00.Wdf [2014/03/08 18:22:10 | 000,196,608 | ---- | C] () -- C:\Windows\System32\lame_dshow.ax [2014/03/08 18:22:09 | 003,566,434 | ---- | C] () -- C:\Windows\System32\fun_avcodec.dll [2014/03/08 18:22:09 | 000,827,392 | ---- | C] () -- C:\Windows\System32\Mpeg4System.dll [2014/03/08 18:22:09 | 000,167,936 | ---- | C] () -- C:\Windows\System32\Mpeg4Tools.dll [2014/03/08 18:22:09 | 000,122,880 | ---- | C] () -- C:\Windows\System32\Mpeg4DSF.dll [2014/03/08 18:22:09 | 000,064,566 | ---- | C] () -- C:\Windows\System32\RegisterCodec.reg [2014/03/08 18:22:09 | 000,042,108 | ---- | C] () -- C:\Windows\System32\fun_avutil.dll [2014/03/08 18:22:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\FunSampleGrabberFilter.ax [2014/03/08 18:22:07 | 000,057,344 | ---- | C] () -- C:\Windows\System32\EvrcDecDll.dll [2014/03/08 18:22:07 | 000,057,344 | ---- | C] () -- C:\Windows\System32\AMRDSF.dll [2014/03/08 18:22:06 | 000,241,664 | ---- | C] () -- C:\Windows\System32\AMR.dll [2014/03/06 02:32:57 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat [2014/03/06 02:32:56 | 000,805,644 | ---- | C] () -- C:\Windows\System32\perfh00A.dat [2014/03/06 02:32:56 | 000,181,502 | ---- | C] () -- C:\Windows\System32\perfc00A.dat [2014/03/06 02:32:56 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat [2014/02/27 17:19:06 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2014/02/27 17:16:42 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2014/03/07 02:34:38 | 000,000,000 | ---D | M] -- C:\Users\pelon\AppData\Roaming\ CANON POWERSHOT SD870 IS DIGITAL ELPH user guide [2014/04/03 19:51:35 | 000,000,000 | ---D | M] -- C:\Users\pelon\AppData\Roaming\0S1F1O2Z0S2Y1H1T [2014/03/07 03:12:05 | 000,000,000 | ---D | M] -- C:\Users\pelon\AppData\Roaming\canon [2014/03/29 01:05:44 | 000,000,000 | ---D | M] -- C:\Users\pelon\AppData\Roaming\ImgBurn [2014/03/08 20:04:31 | 000,000,000 | ---D | M] -- C:\Users\pelon\AppData\Roaming\Pantech [2014/04/05 04:31:42 | 000,000,000 | ---D | M] -- C:\Users\pelon\AppData\Roaming\Windows [2014/03/01 02:58:01 | 000,000,000 | ---D | M] -- C:\Users\pelon\AppData\Roaming\WindSolutions [color=#E56717]========== Purity Check ==========[/color] < End of report >