OTL logfile created on: 5/28/2014 9:54:05 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Otis Endicott\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17041) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.91 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 73.28% Memory free 5.91 Gb Paging File | 5.20 Gb Available in Paging File | 88.06% Paging File free Paging file location(s): c:\pagefile.sys 3072 6144 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283.34 Gb Total Space | 228.16 Gb Free Space | 80.53% Space Free | Partition Type: NTFS Computer Name: OTISENDICOTT-PC | User Name: Otis Endicott | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014/05/28 21:53:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Otis Endicott\Downloads\OTL.exe PRC - [2014/05/10 19:29:55 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014/05/10 19:29:38 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014/04/07 15:38:50 | 000,210,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\V-bates\ExtensionUpdaterService.exe -- (V-bates Updater) SRV:[b]64bit:[/b] - [2014/04/07 15:38:50 | 000,129,312 | ---- | M] (Wajamu) [Auto | Stopped] -- C:\Program Files\V-bates\guardsvc.exe -- (Mext Guard) SRV:[b]64bit:[/b] - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:[b]64bit:[/b] - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:[b]64bit:[/b] - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2010/12/17 15:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:[b]64bit:[/b] - [2010/12/17 15:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:[b]64bit:[/b] - [2010/12/17 15:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:[b]64bit:[/b] - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:[b]64bit:[/b] - [2009/07/13 21:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (70e6ca8c) SRV - [2014/05/25 20:10:19 | 000,068,608 | ---- | M] (globalUpdate) [On_Demand | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdatem) SRV - [2014/05/25 20:10:19 | 000,068,608 | ---- | M] (globalUpdate) [Auto | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdate) SRV - [2014/05/14 21:08:06 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014/05/10 19:29:54 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014/04/23 18:52:18 | 000,016,384 | ---- | M] () [Auto | Stopped] -- C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe -- (System Update kb70007) SRV - [2014/04/08 11:26:48 | 000,037,920 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\LPT\srpts.exe -- (LPTSystemUpdater) SRV - [2014/03/14 10:17:00 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack) SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/11/03 12:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010/10/05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/10/05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/05/14 13:21:22 | 000,098,304 | R--- | M] (Orb Networks, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe -- (KodakDigitalDisplayService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2014/05/24 19:24:21 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon) DRV:[b]64bit:[/b] - [2014/05/08 11:32:32 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:[b]64bit:[/b] - [2014/04/24 12:32:28 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys -- ({890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64) DRV:[b]64bit:[/b] - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:[b]64bit:[/b] - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvolwin7.sys -- (Sftvol) DRV:[b]64bit:[/b] - [2013/06/26 19:21:48 | 000,029,352 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirwin7.sys -- (Sftredir) DRV:[b]64bit:[/b] - [2013/06/26 19:21:46 | 000,768,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfswin7.sys -- (Sftfs) DRV:[b]64bit:[/b] - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaywin7.sys -- (Sftplay) DRV:[b]64bit:[/b] - [2012/11/23 14:00:19 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36) DRV:[b]64bit:[/b] - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011/01/07 21:42:34 | 012,262,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2010/12/21 10:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:[b]64bit:[/b] - [2010/12/10 17:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:[b]64bit:[/b] - [2010/12/10 17:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:[b]64bit:[/b] - [2010/12/03 18:32:24 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:[b]64bit:[/b] - [2010/12/01 06:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:[b]64bit:[/b] - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010/11/06 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2010/11/04 06:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:[b]64bit:[/b] - [2010/11/04 04:31:44 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:[b]64bit:[/b] - [2010/10/29 20:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:[b]64bit:[/b] - [2010/10/26 15:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010/10/19 19:12:58 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:[b]64bit:[/b] - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2010/09/21 10:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2010/08/12 11:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:[b]64bit:[/b] - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:[b]64bit:[/b] - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:[b]64bit:[/b] - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:[b]64bit:[/b] - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-search.net/search?sid=492&aid=166&itype=a&ver=12692&tm=356&src=ds&p={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {6347BB13-7F4C-49D8-A2F3-857E0E085D0E} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-search.net/search?sid=492&aid=166&itype=a&ver=12692&tm=356&src=ds&p={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118 IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Otis Endicott IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50 IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.trovi.com/?gd=&ctid=CT3 [Binary data over 200 bytes] IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=Installmetrix&dpid=Installmetrix_CH&co=US&userid=5ecb7ea1-8c77-18fc-9a0f-23448dbe8e21&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM} IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3318152&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPA9027950-801F-4D55-AB9F-EF20CC6879D5&q={searchTerms}&SSPV= IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\..\SearchScopes\{75491962-E77E-4120-9D1A-E71745F3D35E}: "URL" = http://www.bing.com/search?FORM=U146ID&PC=U146I&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-search.net/search?sid=492&aid=166&itype=a&ver=12692&tm=356&src=ds&p={searchTerms} IE - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Trovi search" FF - prefs.js..browser.search.defaultthis.engineName: "Vgrabber v1.5 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3293216&CUI=UN82930160143823716&UM=2&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "default-search.net" FF - prefs.js..browser.search.order.3: "Bing " FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 8118 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 8118 FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Otis Endicott\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\PROGRAM FILES\V-BATES\FIREFOX [2014/05/24 03:36:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\search-snacks@search-snacks.com: C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\Program Files\V-bates\Firefox [2014/05/24 03:36:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\LyricsParty@BRNE.co: C:\Program Files (x86)\LyricsParty\125.xpi FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/23 23:37:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Otis Endicott\AppData\Roaming\mozilla\Extensions [2014/05/26 22:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Otis Endicott\AppData\Roaming\mozilla\Firefox\Profiles\ce89jpbd.default\extensions [2014/05/23 11:23:57 | 000,006,060 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\mozilla\firefox\profiles\ce89jpbd.default\searchplugins\bingp.xml [2014/05/23 10:08:26 | 000,002,579 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\mozilla\firefox\profiles\ce89jpbd.default\searchplugins\default-search.xml [2014/05/24 03:41:53 | 000,002,773 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\mozilla\firefox\profiles\ce89jpbd.default\searchplugins\Speedial.xml [2014/05/25 22:04:01 | 000,001,014 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\mozilla\firefox\profiles\ce89jpbd.default\searchplugins\trovi-search.xml [2014/05/23 09:43:05 | 000,002,397 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\mozilla\firefox\profiles\ce89jpbd.default\searchplugins\Web Search.xml [2014/05/23 10:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2014/05/10 19:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2014/05/10 19:29:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\Otis Endicott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\ CHR - Extension: No name found = C:\Users\Otis Endicott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (no name) - {2977C29A-6723-4436-90BB-F7C5FDEF88A1} - No CLSID value found. O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-4274430286-4139735347-335498181-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4274430286-4139735347-335498181-1000..\Run: [Facebook Update] C:\Users\Otis Endicott\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell) O4 - HKLM..\RunOnce: [HowToSimplified_8ebar Uninstall] C:\Program Files (x86)\8eUninstall HowToSimplified.dll (MindSpark) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Otis Endicott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk = C:\Users\Otis Endicott\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28BBE2B3-DF34-4CB6-870F-E9CC7DEE880A}: DhcpNameServer = 209.18.47.61 209.18.47.62 O18:[b]64bit:[/b] - Protocol\Handler\cozi - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\rebinfo - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.) O18 - Protocol\Handler\rebinfo - No CLSID value found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:[b]64bit:[/b] - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\volaro: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\vonteera: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\volaro: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\vonteera: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{49cdd7d7-6336-11e1-ae79-bc773741df56}\Shell - "" = AutoRun O33 - MountPoints2\{49cdd7d7-6336-11e1-ae79-bc773741df56}\Shell\AutoRun\command - "" = E:\KODAK_Software_Downloader.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014/05/26 22:52:05 | 000,712,264 | ---- | C] (MindSpark) -- C:\Program Files (x86)\8eUninstall HowToSimplified.dll [2014/05/25 20:16:26 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Local\com [2014/05/25 20:10:25 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Local\globalUpdate [2014/05/25 20:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate [2014/05/24 04:04:48 | 002,185,872 | ---- | C] (Microsoft Corporation) -- C:\Users\Otis Endicott\DefaultPack (3).EXE [2014/05/24 03:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB [2014/05/24 03:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters [2014/05/23 11:04:01 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Local\fastcleanpro [2014/05/23 10:59:29 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Local\IsolatedStorage [2014/05/23 10:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\{E0A9340B-C01B-42C1-9910-C307D7BE4756} [2014/05/23 10:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak [2014/05/23 10:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartMediaConverter [2014/05/23 10:26:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector [2014/05/23 10:25:42 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Roaming\Speedial [2014/05/23 10:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Speedial [2014/05/23 10:25:30 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Roaming\Systweak [2014/05/23 10:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro [2014/05/23 10:19:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2014/05/23 10:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Linkey [2014/05/23 10:06:43 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup [2014/05/23 10:05:23 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Roaming\Settings Manager [2014/05/23 10:04:53 | 001,705,063 | ---- | C] (AnyProtect.com) -- C:\Users\Otis Endicott\AppData\Local\AnyProtectScannerSetup.exe [2014/05/23 10:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyProtectEx [2014/05/23 09:56:02 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Local\WebBar [2014/05/23 09:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallSightSDK [2014/05/23 09:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\WebBar [2014/05/23 09:54:48 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Local\PC_Drivers_Headquarters [2014/05/23 09:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Updates Downloader [2014/05/23 09:54:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Updates Downloader [2014/05/23 09:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Restore [2014/05/23 09:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Restore [2014/05/23 09:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiDefMedia [2014/05/23 09:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Restore [2014/05/23 09:51:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiDefMedia [2014/05/23 09:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCTechHotline [2014/05/23 09:46:44 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Roaming\PCFixSpeed [2014/05/23 09:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PCFixSpeed [2014/05/23 09:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCFixSpeed [2014/05/23 09:45:25 | 002,185,872 | ---- | C] (Microsoft Corporation) -- C:\Users\Otis Endicott\DefaultPack (2).EXE [2014/05/23 09:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\V-bates [2014/05/23 09:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LPT [2014/05/23 09:41:57 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Local\LPT [2014/05/23 09:41:56 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Local\Smartbar [2014/05/23 09:40:46 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Local\TidyNetwork [2014/05/23 09:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TidyNetwork [2014/05/23 09:40:32 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft [2014/05/23 09:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSR [2014/05/23 09:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\rrsavings [2014/05/23 09:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\002 [2014/05/19 15:56:19 | 002,185,872 | ---- | C] (Microsoft Corporation) -- C:\Users\Otis Endicott\DefaultPack (1).EXE [2014/05/19 09:37:39 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Local\SlimWare Utilities Inc [2014/05/19 09:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate [2014/05/19 09:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate [2014/05/18 19:25:53 | 002,185,872 | ---- | C] (Microsoft Corporation) -- C:\Users\Otis Endicott\DefaultPack.EXE [2014/05/18 18:16:52 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\Documents\Optimizer Pro [2014/05/18 18:12:40 | 000,000,000 | ---D | C] -- C:\temp [2014/05/18 18:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\003 [2014/05/18 18:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 [2014/05/18 18:11:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro [2014/05/18 18:10:40 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Local\Local_Weather_LLC [2014/05/18 18:10:12 | 000,000,000 | ---D | C] -- C:\Users\Otis Endicott\AppData\Local\WeatherAlerts [2014/05/16 08:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Performer [2014/05/16 08:28:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Touch Software Suite [2014/05/15 03:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2014/05/10 19:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2014/05/07 03:03:42 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014/05/28 21:47:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/05/28 21:47:35 | 2342,916,096 | -HS- | M] () -- C:\hiberfil.sys [2014/05/28 21:29:02 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2014/05/28 21:28:26 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/05/28 21:28:26 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job [2014/05/26 22:55:42 | 000,000,067 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\mbam.context.scan [2014/05/26 20:59:47 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/05/26 20:59:43 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4274430286-4139735347-335498181-1000UA.job [2014/05/26 20:59:42 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\FF Watcher {4AEB1DC9-55B6-4DD8-841D-F6003B9B4AA0}.job [2014/05/26 20:59:39 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\FF Watcher {5A8E07FF-80F2-40A6-91C0-C5344AA2ED11}.job [2014/05/25 21:48:10 | 000,783,464 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/05/25 21:48:10 | 000,663,102 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/05/25 21:48:10 | 000,122,680 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/05/25 20:15:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job [2014/05/25 20:15:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job [2014/05/25 20:03:40 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/05/25 20:03:40 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/05/24 19:24:21 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys [2014/05/24 19:24:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/05/24 07:58:06 | 000,000,310 | ---- | M] () -- C:\Windows\SysWow64\ff.bin [2014/05/24 07:53:05 | 000,000,552 | ---- | M] () -- C:\Windows\SysWow64\schtasks.bin [2014/05/24 03:37:50 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP1.job [2014/05/24 03:37:50 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP3.job [2014/05/24 03:37:50 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP2.job [2014/05/23 10:06:59 | 000,002,944 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\aps.scan.results [2014/05/23 10:06:59 | 000,001,152 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\aps.scan.quick.results [2014/05/23 10:06:59 | 000,000,318 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\aps.uninstall.scan.results [2014/05/23 09:57:01 | 000,000,000 | ---- | M] () -- C:\END [2014/05/23 09:54:28 | 000,001,801 | ---- | M] () -- C:\Users\Public\Desktop\Windows Updates Downloader.lnk [2014/05/23 09:53:10 | 000,002,303 | ---- | M] () -- C:\Users\Public\Desktop\Driver Restore.lnk [2014/05/23 09:53:05 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\HiDef Media Player.lnk [2014/05/23 09:29:27 | 000,002,104 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014/05/22 20:48:24 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4274430286-4139735347-335498181-1000Core.job [2014/05/22 20:37:59 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2014/05/21 15:00:20 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\PC Performer_UPDATES.job [2014/05/19 09:37:28 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\DriverUpdate.lnk [2014/05/19 07:19:26 | 001,705,063 | ---- | M] (AnyProtect.com) -- C:\Users\Otis Endicott\AppData\Local\AnyProtectScannerSetup.exe [2014/05/18 18:10:13 | 000,001,211 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk [2014/05/18 18:07:34 | 000,808,072 | ---- | M] () -- C:\Users\Otis Endicott\flashplayerpro-setup.exe [2014/05/16 08:54:57 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\PC Performer.lnk [2014/05/10 14:49:05 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job [2014/05/08 11:32:32 | 000,050,464 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2014/04/30 17:39:31 | 000,003,584 | ---- | M] () -- C:\Users\Otis Endicott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014/05/26 22:55:42 | 000,000,067 | ---- | C] () -- C:\Users\Otis Endicott\AppData\Roaming\mbam.context.scan [2014/05/26 22:52:05 | 000,194,952 | ---- | C] () -- C:\Program Files (x86)\8eres.dll [2014/05/25 20:10:47 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job [2014/05/25 20:10:44 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job [2014/05/24 03:59:51 | 000,000,310 | ---- | C] () -- C:\Windows\SysWow64\ff.bin [2014/05/24 03:40:57 | 000,000,552 | ---- | C] () -- C:\Windows\SysWow64\schtasks.bin [2014/05/23 10:08:47 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP3.job [2014/05/23 10:08:46 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP2.job [2014/05/23 10:08:44 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP1.job [2014/05/23 10:06:48 | 000,002,944 | ---- | C] () -- C:\Users\Otis Endicott\AppData\Roaming\aps.scan.results [2014/05/23 10:06:48 | 000,001,152 | ---- | C] () -- C:\Users\Otis Endicott\AppData\Roaming\aps.scan.quick.results [2014/05/23 10:06:48 | 000,000,318 | ---- | C] () -- C:\Users\Otis Endicott\AppData\Roaming\aps.uninstall.scan.results [2014/05/23 10:05:57 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014/05/23 09:54:28 | 000,001,801 | ---- | C] () -- C:\Users\Public\Desktop\Windows Updates Downloader.lnk [2014/05/23 09:53:10 | 000,002,303 | ---- | C] () -- C:\Users\Public\Desktop\Driver Restore.lnk [2014/05/23 09:53:05 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\HiDef Media Player.lnk [2014/05/23 09:45:49 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\FF Watcher {5A8E07FF-80F2-40A6-91C0-C5344AA2ED11}.job [2014/05/23 09:44:05 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\FF Watcher {4AEB1DC9-55B6-4DD8-841D-F6003B9B4AA0}.job [2014/05/23 09:43:06 | 000,002,531 | ---- | C] () -- C:\Users\Otis Endicott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk [2014/05/19 09:37:43 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\DriverUpdate Startup.job [2014/05/19 09:37:40 | 000,016,152 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys [2014/05/19 09:37:28 | 000,002,469 | ---- | C] () -- C:\Users\Public\Desktop\DriverUpdate.lnk [2014/05/18 18:10:13 | 000,001,211 | ---- | C] () -- C:\Users\Otis Endicott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk [2014/05/18 18:07:27 | 000,808,072 | ---- | C] () -- C:\Users\Otis Endicott\flashplayerpro-setup.exe [2014/05/16 08:55:52 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2014/05/16 08:55:38 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\PC Performer_UPDATES.job [2014/05/16 08:54:57 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\PC Performer.lnk [2014/04/30 17:39:31 | 000,003,584 | ---- | C] () -- C:\Users\Otis Endicott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/01/05 22:29:59 | 000,149,266 | ---- | C] () -- C:\Users\Otis Endicott\Serving-It-Safe-certificate (1).pdf [2013/12/10 20:47:48 | 001,729,351 | ---- | C] () -- C:\Users\Otis Endicott\schoo lunch.jpeg [2013/03/05 19:57:24 | 002,175,258 | ---- | C] () -- C:\Users\Otis Endicott\photo (3).JPG [2013/03/05 19:57:00 | 000,569,050 | ---- | C] () -- C:\Users\Otis Endicott\photo (2).JPG [2013/03/05 19:48:13 | 000,388,949 | ---- | C] () -- C:\Users\Otis Endicott\photo (1).JPG [2013/03/05 19:38:46 | 002,536,499 | ---- | C] () -- C:\Users\Otis Endicott\photo.JPG [2013/01/19 11:26:10 | 000,215,088 | ---- | C] () -- C:\Users\Otis Endicott\MapsGalaxy.exe [2012/11/30 16:57:27 | 000,038,187 | ---- | C] () -- C:\Users\Otis Endicott\Statement of Client's Rights and Responibilities.pdf [2011/12/06 23:14:50 | 001,624,124 | ---- | C] () -- C:\Users\Otis Endicott\Image (3).jpg [2011/11/27 19:21:29 | 000,115,334 | ---- | C] () -- C:\Users\Otis Endicott\HPIM0224.JPG [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012/01/13 18:14:31 | 000,000,000 | ---D | M] -- C:\Users\Edna Endicott\AppData\Roaming\PC Cleaners [2011/09/25 21:05:51 | 000,000,000 | ---D | M] -- C:\Users\Edna Endicott\AppData\Roaming\PCPowerSpeed [2012/01/13 18:14:31 | 000,000,000 | ---D | M] -- C:\Users\Edna Endicott\AppData\Roaming\PCPro [2011/11/28 18:03:11 | 000,000,000 | ---D | M] -- C:\Users\Edna Endicott\AppData\Roaming\Skinux [2012/12/24 18:29:23 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\KEDDS [2011/11/24 09:28:39 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PCPowerSpeed [2011/11/30 22:44:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Skinux [2014/04/14 17:48:05 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\.minecraft [2012/01/14 22:12:24 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\DriverCure [2012/01/09 20:21:11 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\ErrorTeck [2014/05/16 08:29:30 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\Fingertapps [2013/06/13 05:32:59 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\FixCleaner [2011/07/16 23:51:58 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\IDT [2011/11/27 22:43:10 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\KEDDS [2011/07/23 23:55:40 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\OpenOffice.org [2012/01/14 22:12:24 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\ParetoLogic [2012/01/12 21:50:12 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\PC Cleaners [2014/05/24 20:53:52 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\PCFixSpeed [2012/02/06 21:35:56 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\PCPro [2014/05/24 03:35:50 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\PerformerSoft [2014/05/23 10:05:23 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\Settings Manager [2011/11/26 17:57:40 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\Skinux [2014/05/18 17:48:28 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\SoftGrid Client [2014/05/23 23:41:52 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\Speedial [2014/05/24 03:36:06 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\Systweak [2013/03/05 17:49:02 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\TP [2011/08/21 21:58:24 | 000,000,000 | ---D | M] -- C:\Users\Otis Endicott\AppData\Roaming\Windows Live Writer [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2013/01/09 21:30:56 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\?i?ilotserviceruntime.log) -- C:\Windows\SysWow64\i餈ilotserviceruntime.log [2013/01/09 21:30:56 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\?i?ilotserviceruntime.log) -- C:\Windows\SysWow64\i餈ilotserviceruntime.log [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 188 bytes -> C:\Users\Otis Endicott\Image (3).jpg:3or4kl4x13tuuug3Byamue2s4b < End of report >