Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect - Not found using TDSS removal tool [Closed]


  • This topic is locked This topic is locked

#1
Charles Frederick

Charles Frederick

    New Member

  • Member
  • Pip
  • 2 posts
Hi,
Operating Windows 7 - been infected with the Google Redirect virus for 2-3 weeks.

I have Norton 360 installed (I didn't expect it to discover anything) and I've tried using Kapersky's TDSS removal, which found no infections.

OTL log is attached below; please let me know if you have any suggestions.

Many thanks,
Charlie

OTL logfile created on: 1/27/2012 12:11:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Charlie Henderson\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 40.90% Memory free
7.60 Gb Paging File | 5.02 Gb Available in Paging File | 65.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.01 Gb Total Space | 471.03 Gb Free Space | 68.96% Space Free | Partition Type: NTFS
Drive D: | 15.33 Gb Total Space | 1.90 Gb Free Space | 12.36% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 84.74 Mb Free Space | 85.71% Space Free | Partition Type: FAT32
Unable to calculate disk information.

Computer Name: CHARLIE-LAPTOP | User Name: Charlie Henderson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/27 12:06:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Charlie Henderson\Downloads\OTL.com
PRC - [2012/01/24 22:06:39 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/11/02 08:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011/10/20 10:40:57 | 000,641,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/03/17 17:54:30 | 001,832,016 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2011/01/27 11:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/12/11 01:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/11/09 18:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/09/16 12:13:14 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/09/16 12:13:06 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 20:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/12/03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/08/12 16:04:04 | 009,618,728 | ---- | M] (SMART Technologies ULC) -- C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
PRC - [2008/08/08 08:30:02 | 002,123,048 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
PRC - [2008/07/31 02:51:38 | 001,037,608 | ---- | M] (SMART Technologies ULC) -- C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
PRC - [2008/07/31 02:48:36 | 005,571,880 | ---- | M] (SMART Technologies ULC) -- C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\Marker.exe
PRC - [2008/07/31 02:48:16 | 002,323,752 | ---- | M] (SMART Technologies ULC) -- C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\Aware.exe
PRC - [2007/08/06 19:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/24 22:06:38 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/01/11 01:47:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/12/14 23:57:08 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/13 10:44:49 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 10:44:32 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 10:44:27 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/13 10:44:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 10:44:04 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 10:43:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 10:43:56 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 10:43:46 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/11/22 16:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/11/22 16:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/11/22 16:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008/02/27 09:09:18 | 001,536,000 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\QtCore4.dll
MOD - [2008/02/19 13:37:32 | 000,561,152 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\QtNetwork4.dll
MOD - [2008/02/19 13:36:06 | 006,230,016 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\QtGui4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/09 06:24:21 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/11/02 08:23:46 | 000,341,280 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2)
SRV:64bit: - [2011/07/27 22:10:24 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/05/04 17:54:40 | 000,783,704 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV:64bit: - [2011/04/15 17:21:46 | 004,180,824 | ---- | M] (Motorola Solutions, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV:64bit: - [2011/03/17 17:52:42 | 001,193,040 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 17:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/09/13 17:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV:64bit: - [2009/09/13 17:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/01/09 06:24:17 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/11/02 08:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/07/27 22:09:07 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/09/16 12:13:14 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/09/16 12:13:06 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/06/18 20:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/16 21:29:49 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/27 22:10:29 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/07/27 22:09:08 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/07/27 22:07:31 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/07/19 09:19:16 | 001,492,992 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/23 12:08:24 | 000,663,936 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 18:33:16 | 000,052,736 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/12/16 21:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/11 01:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/07 16:05:36 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/12/07 16:05:36 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/12/07 16:05:26 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/13 20:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/08/20 22:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/07/30 23:08:34 | 000,015,784 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTVHidMiniVistaAmd64.sys -- (SMARTVHidMiniVistaAmd64)
DRV:64bit: - [2008/07/30 23:08:26 | 000,012,584 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTMouseFilterx64.sys -- (SMARTMouseFilterx64)
DRV:64bit: - [2008/07/30 23:08:24 | 000,017,832 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTVTabletPCx64.sys -- (SMARTVTabletPCx64)
DRV:64bit: - [2008/03/08 20:11:00 | 000,031,320 | ---- | M] (KORG Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KORGUM64.SYS -- (KORGUMDS)
DRV:64bit: - [2007/08/06 19:21:32 | 000,057,776 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/01/16 01:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120126.033\EX64.SYS -- (NAVEX15)
DRV - [2012/01/16 01:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/01/16 01:00:00 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/01/16 01:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120126.033\ENG64.SYS -- (NAVENG)
DRV - [2011/12/23 22:17:32 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/12/15 18:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120126.003\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/02 10:13:12 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2011/05/19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://www.questscan...anPB&keywords="

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Charlie Henderson\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Charlie Henderson\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Charlie Henderson\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Charlie Henderson\AppData\Local\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Charlie Henderson\AppData\Local\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/01/27 11:42:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_0_8 [2012/01/27 11:41:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/24 22:06:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/17 18:35:59 | 000,000,000 | ---D | M]

[2011/07/14 22:35:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlie Henderson\AppData\Roaming\Mozilla\Extensions
[2012/01/27 12:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlie Henderson\AppData\Roaming\Mozilla\Firefox\Profiles\tgm0dvrw.default\extensions
[2012/01/27 12:04:00 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Charlie Henderson\AppData\Roaming\Mozilla\Firefox\Profiles\tgm0dvrw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/01/22 19:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/03 05:40:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/22 19:31:22 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2011/08/08 18:41:43 | 000,000,000 | ---D | M] (QuestScan) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
[2012/01/24 22:06:40 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll
[2010/04/08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2012/01/24 22:06:36 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/24 22:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/24 22:06:36 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/01/24 22:06:36 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/24 22:06:36 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/08/23 23:21:03 | 000,001,836 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Notebook Software\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {7863175D-410D-6845-1331-73BA140629AA} - C:\Windows\SysWOW64\ReAgennt.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Epson Stylus NX420(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_SEE1F.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Epson Stylus NX420(Network) (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_SA23B.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Charlie Henderson\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Startup] C:\Users\Charlie Henderson\AppData\Roaming\Microsoft\svchost.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Windows86] "C:\Users\Charlie Henderson\Downloads\Microsoft Office 2010 KeYGeN ][ + Patch Activation -- ] GeNeRaPRG\Microsoft Office 2010 KeYGeN ][ + Patch Activation -- ] GeNeRaPRG\KeYGeN GiV.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B74ACA8-4D20-4A24-B408-6C16452C6B48}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F2B8DF0-F251-41C4-9556-AE134CDDA27D}: DhcpNameServer = 24.25.5.60 24.25.5.61
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/27 11:48:05 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\Desktop\GooredFix Backups
[2012/01/27 11:37:11 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/01/27 11:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012/01/27 11:32:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012/01/27 11:32:28 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\Documents\Anti-Malware
[2012/01/27 09:32:02 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{F35A4D53-2FBB-4891-8466-BDE768FFA324}
[2012/01/27 09:31:50 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{EC5037BA-C9EA-4E81-97DF-47CDFCC3C1DC}
[2012/01/27 09:31:37 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{42C481D6-63A8-4748-89CA-0E18C2525603}
[2012/01/27 09:31:24 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{30B4117A-9B6D-44A1-86AE-0C658C6C006A}
[2012/01/27 00:27:20 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDFtoMusic Pro
[2012/01/27 00:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFtoMusic Pro
[2012/01/26 21:31:12 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{E3F1DE63-A468-4DF3-BC5D-D0DE61BD7ACF}
[2012/01/26 21:31:02 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{C7BCF6F8-B0E3-4B4F-9C2F-DD6074BEEC74}
[2012/01/26 21:30:52 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{F926462E-3D6B-4DBB-B099-53F700212F07}
[2012/01/26 21:30:42 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{126DDD59-37BC-4675-92CA-FAE78BD19FED}
[2012/01/26 09:30:28 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{23AA4267-4CF3-434E-9A3F-A996C3BE3F9B}
[2012/01/26 09:30:16 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{BF626E65-4F71-48C7-BC2B-3DBB38B54AC9}
[2012/01/26 09:30:02 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{16309230-A949-47A7-943B-AC9EF30BDE24}
[2012/01/26 09:29:47 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{F76CD0AF-093C-4ECE-AE05-9ECC7B69F536}
[2012/01/25 21:29:33 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{5F9B51DC-930E-4B7A-BADD-33C98B2C0BDB}
[2012/01/25 21:29:21 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{88DF5A95-C62B-486C-838E-D6AE554F2D50}
[2012/01/25 21:29:08 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{4A947D42-837F-4A2D-B1FE-1A3174389AF6}
[2012/01/25 21:28:52 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{E285BD9C-6553-40A8-A4C2-3BA09DC3FE86}
[2012/01/25 09:27:57 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{44367332-18F0-4C2A-B4B9-D2022543C7C5}
[2012/01/25 08:10:24 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{CA464092-E31E-4551-BEBA-8DE287023B0E}
[2012/01/25 08:09:38 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{87AD258E-BFD1-4F66-B1F8-A460319D95B9}
[2012/01/24 17:54:35 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{C12334D4-8B2B-4C1D-ABCD-EEECAAA7A601}
[2012/01/24 17:54:25 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{DF8FD4C4-0848-45F9-B273-89A70801C4CB}
[2012/01/24 17:54:16 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{2F661518-93E4-4BAD-BB2C-2FA2E4DE29DF}
[2012/01/24 17:54:06 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{C09A9EED-BAFA-4144-9DAE-3F7293DEAC4A}
[2012/01/24 05:53:54 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{0DB0C5F1-4920-436F-8F8E-E789645BA874}
[2012/01/24 05:53:45 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8FCA6D91-F478-425B-89F5-9E0E607A07A8}
[2012/01/24 05:53:35 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{6227B1EB-498D-43B9-9993-8CC539E314C8}
[2012/01/24 05:52:57 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{2C13765C-2BA5-41B9-BB94-0A24E6C5F05E}
[2012/01/23 22:34:28 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\Documents\Teaching Resources
[2012/01/23 13:24:41 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{5AD018DA-E83C-43B6-A80F-8A589EF53102}
[2012/01/23 13:24:31 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{D846BD7C-DDE7-461A-AAFA-1E7DE4EC591E}
[2012/01/23 13:24:22 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{939E9925-9A16-49D5-9A71-E2A68FB665D3}
[2012/01/23 13:24:11 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{DC6303CF-A943-4ACF-823C-DEDE44E1638B}
[2012/01/23 01:23:57 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{01E8799B-F222-4EF6-95E8-77149DA840A8}
[2012/01/23 01:23:47 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{73AB85A4-4DFB-42E9-9E4A-39E83D2A86D3}
[2012/01/23 01:23:33 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{08451277-AD3A-4518-AA69-3C9BE11BD47B}
[2012/01/23 01:23:19 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{DF276E5D-E7BB-463F-974C-0F31740B3E94}
[2012/01/22 21:29:40 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\Documents\My Notebook Content
[2012/01/22 21:29:29 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\SMART Technologies Inc
[2012/01/22 20:36:09 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\SMART Technologies
[2012/01/22 20:32:47 | 000,033,064 | ---- | C] (SMART Technologies) -- C:\Windows\SysNative\smrtlocalmon.dll
[2012/01/22 20:32:47 | 000,022,312 | ---- | C] (SMART Technologies Inc.) -- C:\Windows\SysNative\smrtlocalui.dll
[2012/01/22 19:32:28 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\SMART Technologies Inc
[2012/01/22 19:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMART Technologies
[2012/01/22 19:31:52 | 000,110,592 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2012/01/22 19:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SMART Technologies
[2012/01/22 19:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SMART Technologies
[2012/01/22 19:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SMART Technologies
[2012/01/22 19:30:49 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\Downloaded Installations
[2012/01/22 13:23:05 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8117C766-8D53-421B-B767-BFBD9609F379}
[2012/01/22 13:22:55 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{FEB4EC84-4D39-4FF1-89FE-7FF198E56B12}
[2012/01/22 13:22:42 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{7235CB0B-B848-4777-8D9C-931F190FD45A}
[2012/01/22 13:22:29 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{9D98D931-0236-4E36-B05C-09BFB1791350}
[2012/01/22 01:22:17 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{C4DB70A8-88AE-47A3-8B0E-32759BCFA0BD}
[2012/01/22 01:22:08 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{04546B27-88C5-4DE1-A829-1592C3900D2A}
[2012/01/22 01:21:59 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{3B90FDB7-4E1C-4887-AD68-9D2AE399E8F6}
[2012/01/22 01:21:23 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{7C6BF1B7-67D0-4309-A1AA-CBBC1A7FA623}
[2012/01/21 10:35:20 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{029A6C94-61B5-448B-B6FC-BC0EAD3A8F7D}
[2012/01/21 10:35:00 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{F60A2FFE-5EAF-474C-A0D0-97D006F65357}
[2012/01/21 06:46:25 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{B74EA57D-A5E8-48AE-954C-B9810475F11F}
[2012/01/20 15:46:41 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{627EDBD5-E1F0-43DB-A313-3D06629B4A06}
[2012/01/20 15:45:52 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{61A134D1-ED46-4B4C-93B6-3E34D1E1B3BA}
[2012/01/20 14:01:19 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{7AC67704-3E6A-42D1-BB8E-48B3F6775EFA}
[2012/01/19 23:56:22 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\.pdfsam
[2012/01/19 23:53:09 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge
[2012/01/19 23:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfsam
[2012/01/19 21:17:46 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{90DA5318-193D-44EE-A597-8A151566343B}
[2012/01/19 21:17:36 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{0BA34302-F4F8-474A-8586-703FCCA2BDA3}
[2012/01/19 21:17:27 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{0AA3E26A-06FE-4FF3-93BD-795C3B711AB1}
[2012/01/19 21:17:16 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{15FAD005-38BE-4512-8CC2-3B6299DED807}
[2012/01/19 05:51:49 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{ABD847C4-1113-41AB-BD0E-94CF7BCF6A46}
[2012/01/19 05:51:39 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{2299DB52-733A-4921-A145-7AA36479EE15}
[2012/01/19 05:51:30 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{2A3795AA-D232-4632-AC81-587AA8A08E7D}
[2012/01/19 05:51:20 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{15BADAF5-2B3D-46C7-A835-D64521803E02}
[2012/01/18 15:11:59 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8B0CD43E-BEBE-43B1-A18A-A3E9F773B9FA}
[2012/01/18 15:11:48 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{336176BA-4D0C-4CF4-8DBA-27B733FCCE1B}
[2012/01/18 15:11:36 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{EA833AAB-CEC5-41E0-BA73-AA0A6F827E56}
[2012/01/18 15:10:54 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{5A9E184D-5689-42E0-AE24-EBF7F7745717}
[2012/01/18 10:26:41 | 052,128,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/01/18 00:31:47 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{083E7825-1AB9-43C4-A0DC-2181B5728BE3}
[2012/01/18 00:31:36 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{BD75FF6A-AE4C-4364-BD27-2306950E4F2E}
[2012/01/18 00:31:23 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{BE85EDD2-2E49-49E0-9996-C780CE4FF678}
[2012/01/18 00:31:10 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{363FF360-973F-4CAF-B1EC-12DDB8D98C87}
[2012/01/17 12:30:52 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{E12B92B7-F656-422A-A99F-576DEAD33C36}
[2012/01/17 12:30:42 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{E7298D41-86BB-4E8A-934A-31C9E3935B1B}
[2012/01/17 12:30:31 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{3F7A12F8-E1F4-4E02-904C-33C6B4D48081}
[2012/01/17 12:30:19 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{AA39FE2A-8FE1-4E99-932E-A8DD74BDE663}
[2012/01/16 21:29:50 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/01/16 21:29:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/01/16 21:29:49 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/01/16 21:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/01/16 21:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/01/16 21:29:25 | 000,912,504 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.sys
[2012/01/16 21:29:25 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys
[2012/01/16 21:29:25 | 000,450,680 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.sys
[2012/01/16 21:29:25 | 000,386,168 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys
[2012/01/16 21:29:25 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.sys
[2012/01/16 21:29:25 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys
[2012/01/16 21:29:20 | 000,125,872 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/01/16 21:29:20 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/01/16 21:29:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2012/01/16 21:29:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D
[2012/01/16 21:29:08 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012/01/16 21:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2012/01/16 21:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/01/16 21:28:37 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{B7C80D24-F25B-46BC-B224-E26782216818}
[2012/01/16 21:28:24 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{DA6C7390-D9F7-4955-8612-F38660AAFC47}
[2012/01/16 20:53:37 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/01/16 17:56:26 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{B7FF8338-7FE3-46F9-8685-71DB7F515B1F}
[2012/01/16 17:52:55 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{673CC780-D0F9-4018-B7E3-C6C5032F9495}
[2012/01/16 05:51:32 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8565B07C-FE9E-4174-A1C4-EFFA2536B31C}
[2012/01/16 05:51:23 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{244478D9-6C69-41AF-A64B-2451736BBE5C}
[2012/01/16 05:51:13 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{CD10534B-61BF-4CCA-B3AC-1A27F7D31963}
[2012/01/16 05:51:04 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{F7E89A48-E2A0-4FF4-BD2F-79F899BA1718}
[2012/01/15 17:20:44 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\Desktop\Adobe CS5
[2012/01/15 15:09:18 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{18618CF1-E35B-4324-845F-F76BB1FB2728}
[2012/01/15 15:09:08 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{57E74B04-C36E-424C-B2AA-A601D9422A2E}
[2012/01/15 15:08:59 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{B19DA077-B86C-443E-98B6-D18666478466}
[2012/01/15 15:08:49 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{5E976350-4C85-48F0-B7B1-43D855F52F2A}
[2012/01/15 01:06:04 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{A6379DA4-0BAA-4299-8E46-8C267B909E47}
[2012/01/15 01:05:58 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{716CBECC-2F45-42C2-A41A-306C435362BC}
[2012/01/15 01:05:49 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{00D8E566-7E89-405A-889A-3C6DAFF3CCFC}
[2012/01/15 01:05:39 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{4749C195-8C01-4868-AF33-DEFC1B4C9338}
[2012/01/14 11:01:32 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{7A1509C8-6930-4C90-AE41-7CF2C755C7CF}
[2012/01/14 11:01:23 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{F4058790-C534-4E7F-AE26-EE0F507A9D33}
[2012/01/14 07:32:42 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{7C6DDE23-DBDD-48E1-BD4C-7704F33A8CBC}
[2012/01/13 19:25:14 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{9E5B3A08-3780-4C6D-B968-19EE62B0B3EE}
[2012/01/13 19:25:05 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{588D2960-A5A8-4750-9DEE-77F89C4B04BB}
[2012/01/13 19:24:55 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8DA92441-ED4F-41DC-B240-E513D51BD9E5}
[2012/01/13 19:24:42 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{37602813-6CE9-44AE-ACAD-9A7EA656BF8E}
[2012/01/13 07:24:17 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{E81818B4-F915-48C2-BE66-C476CC3483D0}
[2012/01/13 07:24:08 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{C539CDE8-42B1-4CA4-A944-F622A2D7C386}
[2012/01/13 07:23:58 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{3F5CDD3F-74D6-4351-8494-F6F7BDBC7A06}
[2012/01/13 07:23:48 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{357D6723-0C34-42FA-8B09-416253A7B3DE}
[2012/01/12 19:25:23 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/12 19:25:23 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/12 19:25:23 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/12 19:25:22 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/12 19:25:22 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/12 19:25:22 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/12 19:23:37 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{B01B7CD3-B1E2-46BB-A4F9-8097BA8A4CB6}
[2012/01/12 19:23:27 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{2BE8F2A4-7C13-4AE0-9BEA-97A26E812927}
[2012/01/12 19:23:18 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{5D940CCC-F172-45E9-A981-1424926ED1BE}
[2012/01/12 19:23:08 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{4D36A88D-78DB-4A0A-960E-111879CECA62}
[2012/01/12 06:03:42 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{2471AD36-A2C9-4541-9F54-9C7E01912084}
[2012/01/12 06:03:26 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{266AB5C9-83C0-4FCA-9B31-551194081916}
[2012/01/12 06:03:17 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{1ADCAE6D-0017-4FB4-B1A8-B67AFCBCC7C0}
[2012/01/12 06:03:05 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{42137214-4742-42E8-866B-423A4B2FE047}
[2012/01/11 18:01:55 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{FF94A7FE-F68C-4C4F-8AF8-6925537AA13A}
[2012/01/11 18:01:45 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{A6799041-CFF0-4665-AC48-33FBDB3F168F}
[2012/01/11 18:01:36 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{B190F32A-6B69-4C85-93E1-832DE2841BA6}
[2012/01/11 18:01:26 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{1C8AC511-8E31-4125-A465-CA8E381DB13A}
[2012/01/11 10:41:11 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 10:41:11 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 10:41:10 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 10:41:10 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 10:41:09 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/11 10:41:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/11 10:41:07 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 10:41:06 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 10:41:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/11 06:01:14 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{32FA9ED8-728C-41E7-A743-7B81075164CE}
[2012/01/11 06:01:05 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{65C719DE-135C-43CD-9EC0-A4D1EBEC38A0}
[2012/01/11 06:00:55 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{DF8599D1-3ADE-40E0-8D5E-D27F9C8A58EE}
[2012/01/11 06:00:46 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{ECEB5641-6022-47C3-9C4D-E03C97B3B906}
[2012/01/10 18:00:20 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{9E9652C0-0EB2-489E-993C-692E38E7396C}
[2012/01/10 18:00:11 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{0B08CF85-04DA-47DA-B25F-09AA6A819463}
[2012/01/10 18:00:01 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{D968CD9C-82FE-4F03-9A0F-E3769E9A9711}
[2012/01/10 17:59:51 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{BBA16C30-7C13-4D15-9FE4-4C26FB942C3D}
[2012/01/10 05:59:36 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{A358294C-4786-4ED1-A4A0-48D363081C33}
[2012/01/10 05:59:24 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{13C00C55-A25E-4047-8256-F9CD97F24EFB}
[2012/01/10 05:59:12 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{D0FFEE39-18BA-4A08-90CF-69BB175FCC23}
[2012/01/10 05:59:00 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{5124F01F-46B0-450D-B370-9A34AE248488}
[2012/01/09 17:58:48 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{1535031E-B3D8-4C36-91C7-C37B32563C1A}
[2012/01/09 17:58:38 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{C02BCE44-76BC-4272-8166-5335BEF7AD08}
[2012/01/09 17:58:29 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8F974016-5E84-4949-BC08-8BB2520EA504}
[2012/01/09 17:58:18 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{CE704C82-5F35-42B7-B730-F132B4CEC6BC}
[2012/01/09 06:26:05 | 000,052,736 | ---- | C] (Motorola Solutions, Inc.) -- C:\Windows\SysNative\drivers\btmcom.sys
[2012/01/09 06:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth
[2012/01/09 06:25:52 | 000,009,048 | ---- | C] (Motorola Solutions, Inc.) -- C:\Windows\SysNative\btmsstverschk.dll
[2012/01/09 06:24:37 | 000,326,736 | ---- | C] (Motorola Solutions, Inc.) -- C:\Windows\SysNative\btmcls.dll
[2012/01/09 06:24:29 | 000,663,936 | ---- | C] (Motorola Solutions, Inc.) -- C:\Windows\SysNative\drivers\btmusb.sys
[2012/01/09 06:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2012/01/09 06:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/01/09 06:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012/01/09 05:57:54 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{3D1063BB-0D25-414C-BFA0-69FA383B6998}
[2012/01/09 05:57:45 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{48B166B8-5B7F-4C9E-A1A6-DE78A0D0A8FA}
[2012/01/09 05:57:35 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{DDD6DD53-9CFB-46A6-95CC-6C13F2952999}
[2012/01/09 05:57:25 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{1421C940-F105-429D-85B7-97556B6552C1}
[2012/01/08 14:50:49 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{68CEBF68-98F5-4253-AA9A-6B485CC42F53}
[2012/01/08 14:50:38 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{EF60585F-5068-4889-93D1-B0BEA5DEDCE2}
[2012/01/08 13:14:18 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{409928E6-0D18-4320-805F-AADB64587BDC}
[2012/01/08 01:25:57 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\Plogue
[2012/01/08 01:12:48 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8F4D2777-A5C3-4CD0-B37E-F30E01B529F9}
[2012/01/08 01:12:38 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{9AE430C8-7808-4B98-B29A-F2673542740F}
[2012/01/07 22:17:13 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\Nitro PDF
[2012/01/07 22:15:05 | 000,028,960 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2012/01/07 22:15:05 | 000,017,184 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2012/01/07 22:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2012/01/07 22:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2012/01/07 22:14:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2012/01/07 22:14:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2012/01/07 22:12:04 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\Downloaded Installations
[2012/01/07 21:45:34 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\Documents\Myriad Documents
[2012/01/07 21:45:34 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\ACAMPREF
[2012/01/07 13:12:26 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8025983E-66CC-4603-8091-2CA17F2E9F89}
[2012/01/07 13:12:17 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{615D123F-68C0-4E9A-A7F2-2FD8F90C83D9}
[2012/01/07 13:12:07 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{D654DDC0-3FBB-4DB1-885A-D5C448F121F5}
[2012/01/07 13:11:57 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{2B24B140-0F57-477E-9BC0-1D8D502FDAF6}
[2012/01/07 00:11:53 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{75A75793-55FE-4619-836F-E10456AA0B4A}
[2012/01/07 00:11:43 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{F46CF0D1-3B97-41AD-A78D-51C10ED52E86}
[2012/01/07 00:11:34 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{5666C870-F61C-468F-9A3A-611514827643}
[2012/01/07 00:11:21 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{9E2EAFB4-3FFA-40EB-A3E4-C2559D85D76E}
[2012/01/06 12:11:08 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{DC8B5D24-ACD9-49EA-9DCA-6B59711FE263}
[2012/01/06 12:10:59 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{E71E8452-1A0C-4710-A1A2-AAEF9F1679E4}
[2012/01/06 12:10:49 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{DADC8F23-3D87-44E0-AB51-A1F28CDEFFE9}
[2012/01/06 12:10:40 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{64EFB6E7-C8CA-4AA2-AFA7-ED534C8C0939}
[2012/01/06 00:10:27 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{62D98456-392E-4334-AF07-866129332F83}
[2012/01/06 00:10:18 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{B4B957BF-8623-4A5B-91B4-0156B541469B}
[2012/01/06 00:10:08 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{38F0CD1B-7EB7-4B4E-93E8-D3EB4EE6BCE3}
[2012/01/06 00:09:57 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{F0A94017-F866-430C-AF67-7071D5B417D1}
[2012/01/05 21:25:07 | 000,000,000 | --SD | C] -- C:\Users\Charlie Henderson\Documents\My Data Sources
[2012/01/05 12:09:46 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{16C15E91-4C78-4054-9788-A6E7B3EE8738}
[2012/01/05 12:09:37 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{1ED0D95F-9389-4FC2-9FE6-08D45B36A79F}
[2012/01/05 12:09:27 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{DFA2D8D1-7DF4-4428-A525-C114833C4346}
[2012/01/05 12:09:17 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{CDF3CE60-97AC-48D4-A484-A250B293B99C}
[2012/01/04 23:47:47 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{37459E1E-B38E-4FB9-A890-C63D161939A2}
[2012/01/04 23:47:37 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{0B6051C7-6C2A-48A1-8E4E-0FC134FC5D56}
[2012/01/04 23:47:28 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{6EC114C4-37A3-4F2C-8E5A-20B4EEB3BDAC}
[2012/01/04 23:47:18 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{77E308B4-1DB0-4928-A6A4-D56A3EB5B5BC}
[2012/01/04 11:47:03 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{F515DD10-1C32-4C10-8781-5156100A03DD}
[2012/01/04 11:46:52 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{2F864900-F296-4FFE-A65A-7E6D2740E95B}
[2012/01/04 11:46:39 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{7075F742-CAF9-43F3-A545-8B0F8A54E870}
[2012/01/04 11:46:25 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{3B4C4D6F-9292-43FB-871F-58DFBC658126}
[2012/01/03 23:46:13 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{B8E0611C-E60B-4AA8-B820-A79C1C353BAF}
[2012/01/03 23:46:02 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{EF5346DD-732F-4E54-ADA5-D4567014BC71}
[2012/01/03 23:45:51 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8E85E2B3-2BCF-4773-ACDD-058D08FFA006}
[2012/01/03 23:45:38 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{27E1FB35-ECCC-49F4-B0F2-EF269904D75A}
[2012/01/03 11:39:23 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{2A5D2ADB-E814-4BB4-8098-DAF26CCE3495}
[2012/01/03 11:39:13 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{7AD39BD9-2F4B-4B44-A53D-07B466966CF1}
[2012/01/03 11:39:04 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{674D7A1F-9A6D-4C26-91C6-0DB9ED85B6B0}
[2012/01/03 11:38:54 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8CF5AA06-4221-463E-B6EA-6777BE855B0B}
[2012/01/02 00:34:51 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{71362C8B-16AB-4E33-937C-B7223AB425A4}
[2012/01/02 00:34:49 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{AF2A31D8-642D-40E7-BFBE-3C6A31605043}
[2012/01/02 00:34:41 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{21748183-18B2-4443-AC33-3B2441F0D617}
[2012/01/02 00:34:31 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{06061D79-815F-4E53-A603-3D80276A87DC}
[2011/12/29 10:32:02 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{4D6DE8AD-F4AC-482C-BE0F-34A3C5639C87}
[2011/12/29 10:31:53 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{BFFC94C8-CDF5-4EDF-AE74-C6E61CA3EEE7}
[2011/12/29 10:31:42 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{A1113C2F-BFC2-4761-9842-98895206EFD3}
[2011/12/28 22:11:42 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\Documents\Finale Files
[2011/12/28 19:55:19 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{4CACAFC7-71C7-43AC-AA6A-FC0CF241AB4F}
[2011/12/28 19:55:09 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8AFE4B2F-558F-4E02-B050-6142F978ACF5}
[2011/12/28 19:55:00 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{93334617-85D4-4BA6-A5AB-C5A67731DF7C}
[2011/12/28 19:54:48 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{3F8C0CA1-EDA8-44B1-BE04-15F0DB585632}
[2010/11/18 23:27:00 | 000,587,776 | ---- | C] (Igor Pavlov) -- C:\Users\Charlie Henderson\AppData\Roaming\7za.exe

========== Files - Modified Within 30 Days ==========

[2012/01/27 12:11:01 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-174769313-1577546451-3502020474-1001UA.job
[2012/01/27 12:03:01 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-174769313-1577546451-3502020474-1001UA.job
[2012/01/27 11:49:43 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 11:49:43 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 11:41:33 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCharlie Henderson.job
[2012/01/27 11:41:33 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\Xpxstzutf.job
[2012/01/27 11:41:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/27 11:41:17 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/27 11:36:18 | 263,797,158 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\registry ja 27.reg
[2012/01/27 11:33:00 | 000,001,115 | ---- | M] () -- C:\Users\Charlie Henderson\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/01/27 11:32:59 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/01/27 00:13:34 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2012/01/25 23:43:11 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/25 23:43:11 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/25 23:43:11 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/25 18:11:00 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-174769313-1577546451-3502020474-1001Core.job
[2012/01/25 18:03:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-174769313-1577546451-3502020474-1001Core.job
[2012/01/23 13:02:13 | 000,267,516 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\img011.pdf
[2012/01/23 12:58:28 | 000,588,552 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\img010.jpg
[2012/01/22 20:35:59 | 001,897,292 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2012/01/22 20:34:38 | 000,002,280 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SMART Board Tools.lnk
[2012/01/22 19:32:12 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Notebook Software 10.lnk
[2012/01/22 01:21:26 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/01/16 21:56:22 | 001,455,477 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\agony2.xml
[2012/01/16 21:53:17 | 000,197,796 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\agony2.pdf
[2012/01/16 21:51:39 | 000,210,177 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\agony.pdf
[2012/01/16 21:29:49 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/01/16 21:29:49 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/01/16 21:29:49 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/01/16 21:29:41 | 000,002,460 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/01/16 21:27:16 | 000,001,314 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\Norton Installation Files.lnk
[2012/01/16 21:26:48 | 005,231,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/15 17:42:36 | 000,094,720 | RHS- | M] () -- C:\Windows\SysWow64\helps.dll
[2012/01/10 09:35:06 | 000,023,390 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\charlie headshot.jpg
[2012/01/08 12:24:49 | 000,228,457 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\love's a bond.wav.asd
[2012/01/08 01:33:53 | 000,004,972 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\mighty morphin power rangers wrist communicator sound.mp3.asd
[2012/01/07 22:14:54 | 000,002,059 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Pro 7.lnk
[2012/01/07 21:50:43 | 000,892,769 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\Love's a Bond.xml
[2012/01/04 17:15:16 | 052,128,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/01/02 15:33:12 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCHARLIE-LAPTOP$.job

========== Files Created - No Company Name ==========

[2012/01/27 11:34:54 | 263,797,158 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\registry ja 27.reg
[2012/01/27 11:33:00 | 000,001,115 | ---- | C] () -- C:\Users\Charlie Henderson\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/01/27 11:32:59 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/01/22 20:34:38 | 000,002,280 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SMART Board Tools.lnk
[2012/01/22 19:32:12 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Notebook Software 10.lnk
[2012/01/16 21:56:22 | 001,455,477 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\agony2.xml
[2012/01/16 21:53:09 | 000,197,796 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\agony2.pdf
[2012/01/16 21:51:17 | 000,210,177 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\agony.pdf
[2012/01/16 21:30:57 | 001,897,292 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2012/01/16 21:29:49 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/01/16 21:29:49 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/01/16 21:29:41 | 000,002,460 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/01/16 21:29:25 | 000,000,000 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.cat
[2012/01/16 21:29:12 | 000,003,373 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA.inf
[2012/01/16 21:29:12 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS.inf
[2012/01/16 21:29:12 | 000,001,446 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymNet.inf
[2012/01/16 21:29:12 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf
[2012/01/16 21:29:12 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf
[2012/01/16 21:29:12 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Iron.inf
[2012/01/16 21:29:11 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat
[2012/01/16 21:29:11 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat
[2012/01/16 21:29:11 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.cat
[2012/01/16 21:29:11 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat
[2012/01/16 21:29:11 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat
[2012/01/16 21:29:11 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2012/01/16 20:53:37 | 000,001,314 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\Norton Installation Files.lnk
[2012/01/15 17:42:37 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\Xpxstzutf.job
[2012/01/15 17:42:36 | 000,094,720 | RHS- | C] () -- C:\Windows\SysWow64\helps.dll
[2012/01/15 17:37:06 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2012/01/15 17:36:19 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2012/01/15 17:33:52 | 000,001,262 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012/01/10 09:35:06 | 000,023,390 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\charlie headshot.jpg
[2012/01/08 12:24:49 | 000,228,457 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\love's a bond.wav.asd
[2012/01/08 01:33:53 | 000,004,972 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\mighty morphin power rangers wrist communicator sound.mp3.asd
[2012/01/07 22:14:51 | 000,002,059 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Pro 7.lnk
[2012/01/07 22:14:50 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 7.lnk
[2012/01/07 21:50:42 | 000,892,769 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\Love's a Bond.xml
[2012/01/07 21:44:36 | 000,000,724 | ---- | C] () -- C:\Windows\wacam.ini
[2011/09/29 19:03:55 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2011/09/29 19:02:03 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/09/29 19:02:02 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2011/09/28 16:51:19 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/09/25 12:57:03 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/09/18 22:23:58 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/08/14 00:24:19 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/08/11 12:42:50 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/08/11 12:42:50 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/08/11 12:42:50 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/08/11 12:42:50 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/08/11 12:42:50 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/08/11 12:42:50 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/08/11 12:42:50 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/08/11 12:42:50 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/08/11 12:42:50 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/08/11 12:42:50 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/08/11 12:42:50 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/08/11 12:42:50 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/08/11 12:42:50 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/08/11 12:42:50 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/08/11 12:42:50 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/08/11 12:42:50 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/08/11 12:39:00 | 000,000,071 | ---- | C] () -- C:\Windows\ENX420.ini
[2011/08/08 18:41:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\88d6ed877f07c7fe8017c8e69186cb26_c
[2011/08/02 19:30:46 | 000,002,048 | ---- | C] () -- C:\Users\Charlie Henderson\AppData\Roaming\Photobook Designer Prefs
[2011/08/02 15:54:58 | 000,009,256 | ---- | C] () -- C:\Users\Charlie Henderson\AppData\Roaming\a.7z
[2011/07/16 15:31:43 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\wuappp.exe
[2011/07/15 00:04:58 | 000,380,701 | ---- | C] () -- C:\Users\Charlie Henderson\AppData\Roaming\file_2.exe
[2011/01/07 14:58:58 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/12/16 21:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/12/07 16:05:32 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/12/07 16:05:28 | 000,105,408 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/12/07 16:05:24 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/09/24 17:41:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2002/09/17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

< End of report >

Attached Files

  • Attached File  OTL.Txt   168.5KB   29 downloads

  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, Charles Fredrick! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.




Step 1.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 2.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 3.

Please Post:

aswMBR log
OTL.txt
Extras.txt



How is your computer doing?
  • 0

#3
Charles Frederick

Charles Frederick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
aswMBR log:
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-29 22:18:40
-----------------------------
22:18:40.889 OS Version: Windows x64 6.1.7601 Service Pack 1
22:18:40.889 Number of processors: 2 586 0x2505
22:18:40.905 ComputerName: CHARLIE-LAPTOP UserName:
22:18:47.213 Initialize success
22:22:13.786 AVAST engine defs: 12012901
22:22:31.850 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:22:31.855 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
22:22:31.881 Disk 0 MBR read successfully
22:22:31.887 Disk 0 MBR scan
22:22:31.897 Disk 0 Windows 7 default MBR code
22:22:31.903 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:22:31.926 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 699400 MB offset 409600
22:22:31.969 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15701 MB offset 1432780800
22:22:31.989 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448
22:22:32.001 Service scanning
22:22:36.687 Modules scanning
22:22:36.698 Disk 0 trace - called modules:
22:22:36.710
22:22:38.587 AVAST engine scan C:\Windows
22:22:44.609 AVAST engine scan C:\Windows\system32
22:28:42.353 AVAST engine scan C:\Windows\system32\drivers
22:29:07.609 AVAST engine scan C:\Users\Charlie Henderson
22:40:57.837 Disk 0 MBR has been saved successfully to "C:\Users\Charlie Henderson\Desktop\MBR.dat"
22:40:57.856 The log file has been saved successfully to "C:\Users\Charlie Henderson\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-29 22:55:56
-----------------------------
22:55:56.001 OS Version: Windows x64 6.1.7601 Service Pack 1
22:55:56.002 Number of processors: 2 586 0x2505
22:55:56.003 ComputerName: CHARLIE-LAPTOP UserName:
22:56:47.525 Initialize success
22:57:00.598 AVAST engine defs: 12012901
23:13:36.972 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:13:36.972 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
23:13:37.019 Disk 0 MBR read successfully
23:13:37.019 Disk 0 MBR scan
23:13:37.035 Disk 0 Windows 7 default MBR code
23:13:37.113 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
23:13:37.144 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 699400 MB offset 409600
23:13:37.503 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15701 MB offset 1432780800
23:13:37.550 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448
23:13:37.550 Service scanning
23:13:41.730 Modules scanning
23:13:41.730 Disk 0 trace - called modules:
23:13:41.793 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:13:42.308 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800514b6d0]
23:13:42.308 3 CLASSPNP.SYS[fffff88001ba143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fbf050]
23:14:18.547 AVAST engine scan C:\Windows
23:14:39.154 AVAST engine scan C:\Windows\system32
23:19:52.694 AVAST engine scan C:\Windows\system32\drivers
23:20:23.769 AVAST engine scan C:\Users\Charlie Henderson
23:49:52.094 AVAST engine scan C:\ProgramData
00:04:25.132 Scan finished successfully
00:09:04.157 Disk 0 MBR has been saved successfully to "C:\Users\Charlie Henderson\Desktop\MBR.dat"
00:09:04.187 The log file has been saved successfully to "C:\Users\Charlie Henderson\Desktop\aswMBR.txt"


OTL.txt
OTL logfile created on: 1/30/2012 12:11:13 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Charlie Henderson\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 35.91% Memory free
7.60 Gb Paging File | 4.86 Gb Available in Paging File | 63.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.01 Gb Total Space | 485.57 Gb Free Space | 71.09% Space Free | Partition Type: NTFS
Drive D: | 15.33 Gb Total Space | 1.90 Gb Free Space | 12.36% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 84.74 Mb Free Space | 85.71% Space Free | Partition Type: FAT32
Unable to calculate disk information.

Computer Name: CHARLIE-LAPTOP | User Name: Charlie Henderson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/30 00:09:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Charlie Henderson\Downloads\OTL.exe
PRC - [2012/01/24 22:06:39 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/11/02 08:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011/10/20 10:40:57 | 000,641,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/03/17 17:54:30 | 001,832,016 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2011/01/27 11:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/12/11 01:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/11/09 18:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/09/16 12:13:14 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/09/16 12:13:06 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 20:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/12/03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/08/12 16:04:04 | 009,618,728 | ---- | M] (SMART Technologies ULC) -- C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
PRC - [2008/08/08 08:30:02 | 002,123,048 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
PRC - [2008/07/31 02:51:38 | 001,037,608 | ---- | M] (SMART Technologies ULC) -- C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
PRC - [2008/07/31 02:48:36 | 005,571,880 | ---- | M] (SMART Technologies ULC) -- C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\Marker.exe
PRC - [2008/07/31 02:48:16 | 002,323,752 | ---- | M] (SMART Technologies ULC) -- C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\Aware.exe
PRC - [2007/08/06 19:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/24 22:06:38 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/01/11 01:47:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/12/14 23:57:08 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/13 10:44:49 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 10:44:32 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 10:44:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 10:44:04 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 10:43:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 10:43:56 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 10:43:46 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/11/22 16:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/11/22 16:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/11/22 16:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008/02/27 09:09:18 | 001,536,000 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\QtCore4.dll
MOD - [2008/02/19 13:37:32 | 000,561,152 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\QtNetwork4.dll
MOD - [2008/02/19 13:36:06 | 006,230,016 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\QtGui4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/09 06:24:21 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/11/02 08:23:46 | 000,341,280 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2)
SRV:64bit: - [2011/07/27 22:10:24 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/05/04 17:54:40 | 000,783,704 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV:64bit: - [2011/04/15 17:21:46 | 004,180,824 | ---- | M] (Motorola Solutions, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV:64bit: - [2011/03/17 17:52:42 | 001,193,040 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 17:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/09/13 17:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV:64bit: - [2009/09/13 17:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/01/09 06:24:17 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/11/02 08:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/07/27 22:09:07 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/09/16 12:13:14 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/09/16 12:13:06 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/06/18 20:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/16 21:29:49 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/27 22:10:29 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/07/27 22:09:08 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/07/27 22:07:31 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/07/19 09:19:16 | 001,492,992 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/23 12:08:24 | 000,663,936 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 18:33:16 | 000,052,736 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/12/16 21:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/11 01:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/07 16:05:36 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/12/07 16:05:36 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/12/07 16:05:26 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/13 20:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/07/30 23:08:34 | 000,015,784 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTVHidMiniVistaAmd64.sys -- (SMARTVHidMiniVistaAmd64)
DRV:64bit: - [2008/07/30 23:08:26 | 000,012,584 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTMouseFilterx64.sys -- (SMARTMouseFilterx64)
DRV:64bit: - [2008/07/30 23:08:24 | 000,017,832 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTVTabletPCx64.sys -- (SMARTVTabletPCx64)
DRV:64bit: - [2008/03/08 20:11:00 | 000,031,320 | ---- | M] (KORG Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KORGUM64.SYS -- (KORGUMDS)
DRV:64bit: - [2007/08/06 19:21:32 | 000,057,776 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/01/16 01:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120129.008\EX64.SYS -- (NAVEX15)
DRV - [2012/01/16 01:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/01/16 01:00:00 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/01/16 01:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120129.008\ENG64.SYS -- (NAVENG)
DRV - [2011/12/23 22:17:32 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/12/15 18:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120126.003\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/02 10:13:12 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2011/05/19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-174769313-1577546451-3502020474-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKU\S-1-5-21-174769313-1577546451-3502020474-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://www.questscan...anPB&keywords="

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Charlie Henderson\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Charlie Henderson\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Charlie Henderson\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Charlie Henderson\AppData\Local\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Charlie Henderson\AppData\Local\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/01/29 22:54:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_2_3 [2012/01/29 22:54:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/24 22:06:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/17 18:35:59 | 000,000,000 | ---D | M]

[2011/07/14 22:35:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlie Henderson\AppData\Roaming\Mozilla\Extensions
[2012/01/27 12:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlie Henderson\AppData\Roaming\Mozilla\Firefox\Profiles\tgm0dvrw.default\extensions
[2012/01/27 12:04:00 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Charlie Henderson\AppData\Roaming\Mozilla\Firefox\Profiles\tgm0dvrw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/01/22 19:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/03 05:40:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/22 19:31:22 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2011/08/08 18:41:43 | 000,000,000 | ---D | M] (QuestScan) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
[2012/01/24 22:06:40 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll
[2010/04/08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2012/01/24 22:06:36 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/24 22:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/24 22:06:36 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/01/24 22:06:36 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/24 22:06:36 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/01/27 14:34:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Notebook Software\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {7863175D-410D-6845-1331-73BA140629AA} - C:\Windows\SysWOW64\ReAgennt.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files (x86)\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-174769313-1577546451-3502020474-1001..\Run: [Facebook Update] C:\Users\Charlie Henderson\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-174769313-1577546451-3502020474-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-174769313-1577546451-3502020474-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-174769313-1577546451-3502020474-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B74ACA8-4D20-4A24-B408-6C16452C6B48}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F2B8DF0-F251-41C4-9556-AE134CDDA27D}: DhcpNameServer = 24.25.5.60 24.25.5.61
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/29 21:44:52 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{9A63DF6B-67E9-4AE0-B99F-0B0D4F3EE11B}
[2012/01/29 17:53:50 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{85CF07B3-FED8-4160-A7ED-5C8E80BE3FD4}
[2012/01/29 17:53:40 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{51525179-29E9-435E-A198-3BB97995BA71}
[2012/01/29 17:53:30 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{3D5DA6EA-DB0B-4E42-A8C9-A6C1CB0AC37B}
[2012/01/29 05:28:13 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{14056E9C-74C4-4138-A1A3-43599E3B8F54}
[2012/01/29 05:28:03 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{6B6EA39D-F58B-42F3-9770-248FF6BFFA28}
[2012/01/29 05:27:42 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8D143C0A-3C2B-4B27-9F42-7AD4E1041019}
[2012/01/29 05:27:26 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{C2727C44-EF12-466E-8D46-2034898C7C96}
[2012/01/28 15:35:03 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{6B90E477-439E-4B43-8C8E-7E3B0C13D48B}
[2012/01/28 15:34:54 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{9F34E05A-CF9E-4A94-BCC2-EFA15FFDC97D}
[2012/01/28 15:34:44 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{792E58B7-5F7D-4652-9E2C-1911E88A9A5F}
[2012/01/28 15:34:08 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{C65C8128-E91B-444C-BD97-16BE251ACB85}
[2012/01/28 02:14:11 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{78D6F90B-A6A3-42C1-AD51-82149444F204}
[2012/01/28 02:13:48 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8728FD0A-BFF7-44F3-B776-ADF095057C90}
[2012/01/27 23:24:45 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{9C2AD167-AB3B-41CF-89EF-63BC509C9BA0}
[2012/01/27 14:35:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/27 14:14:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/27 14:14:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/27 14:14:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/27 14:14:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/27 14:14:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/27 12:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid
[2012/01/27 12:41:44 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\Documents\Scores
[2012/01/27 12:39:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sibelius Example Scores
[2012/01/27 12:39:37 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\Avid
[2012/01/27 12:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Avid
[2012/01/27 12:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Avid
[2012/01/27 12:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avid
[2012/01/27 11:48:05 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\Desktop\GooredFix Backups
[2012/01/27 11:37:11 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/01/27 11:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012/01/27 11:32:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012/01/27 11:32:28 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\Documents\Anti-Malware
[2012/01/27 09:32:02 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{F35A4D53-2FBB-4891-8466-BDE768FFA324}
[2012/01/27 09:31:50 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{EC5037BA-C9EA-4E81-97DF-47CDFCC3C1DC}
[2012/01/27 09:31:37 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{42C481D6-63A8-4748-89CA-0E18C2525603}
[2012/01/27 09:31:24 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{30B4117A-9B6D-44A1-86AE-0C658C6C006A}
[2012/01/27 00:27:20 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDFtoMusic Pro
[2012/01/27 00:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFtoMusic Pro
[2012/01/26 21:31:12 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{E3F1DE63-A468-4DF3-BC5D-D0DE61BD7ACF}
[2012/01/26 21:31:02 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{C7BCF6F8-B0E3-4B4F-9C2F-DD6074BEEC74}
[2012/01/26 21:30:52 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{F926462E-3D6B-4DBB-B099-53F700212F07}
[2012/01/26 21:30:42 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{126DDD59-37BC-4675-92CA-FAE78BD19FED}
[2012/01/26 09:30:28 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{23AA4267-4CF3-434E-9A3F-A996C3BE3F9B}
[2012/01/26 09:30:16 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{BF626E65-4F71-48C7-BC2B-3DBB38B54AC9}
[2012/01/26 09:30:02 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{16309230-A949-47A7-943B-AC9EF30BDE24}
[2012/01/26 09:29:47 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{F76CD0AF-093C-4ECE-AE05-9ECC7B69F536}
[2012/01/25 21:29:33 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{5F9B51DC-930E-4B7A-BADD-33C98B2C0BDB}
[2012/01/25 21:29:21 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{88DF5A95-C62B-486C-838E-D6AE554F2D50}
[2012/01/25 21:29:08 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{4A947D42-837F-4A2D-B1FE-1A3174389AF6}
[2012/01/25 21:28:52 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{E285BD9C-6553-40A8-A4C2-3BA09DC3FE86}
[2012/01/25 09:27:57 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{44367332-18F0-4C2A-B4B9-D2022543C7C5}
[2012/01/25 08:10:24 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{CA464092-E31E-4551-BEBA-8DE287023B0E}
[2012/01/25 08:09:38 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{87AD258E-BFD1-4F66-B1F8-A460319D95B9}
[2012/01/24 17:54:35 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{C12334D4-8B2B-4C1D-ABCD-EEECAAA7A601}
[2012/01/24 17:54:25 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{DF8FD4C4-0848-45F9-B273-89A70801C4CB}
[2012/01/24 17:54:16 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{2F661518-93E4-4BAD-BB2C-2FA2E4DE29DF}
[2012/01/24 17:54:06 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{C09A9EED-BAFA-4144-9DAE-3F7293DEAC4A}
[2012/01/24 05:53:54 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{0DB0C5F1-4920-436F-8F8E-E789645BA874}
[2012/01/24 05:53:45 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8FCA6D91-F478-425B-89F5-9E0E607A07A8}
[2012/01/24 05:53:35 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{6227B1EB-498D-43B9-9993-8CC539E314C8}
[2012/01/24 05:52:57 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{2C13765C-2BA5-41B9-BB94-0A24E6C5F05E}
[2012/01/23 22:34:28 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\Documents\Teaching Resources
[2012/01/23 13:24:41 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{5AD018DA-E83C-43B6-A80F-8A589EF53102}
[2012/01/23 13:24:31 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{D846BD7C-DDE7-461A-AAFA-1E7DE4EC591E}
[2012/01/23 13:24:22 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{939E9925-9A16-49D5-9A71-E2A68FB665D3}
[2012/01/23 13:24:11 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{DC6303CF-A943-4ACF-823C-DEDE44E1638B}
[2012/01/23 01:23:57 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{01E8799B-F222-4EF6-95E8-77149DA840A8}
[2012/01/23 01:23:47 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{73AB85A4-4DFB-42E9-9E4A-39E83D2A86D3}
[2012/01/23 01:23:33 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{08451277-AD3A-4518-AA69-3C9BE11BD47B}
[2012/01/23 01:23:19 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{DF276E5D-E7BB-463F-974C-0F31740B3E94}
[2012/01/22 21:29:40 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\Documents\My Notebook Content
[2012/01/22 21:29:29 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\SMART Technologies Inc
[2012/01/22 20:36:09 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\SMART Technologies
[2012/01/22 20:32:47 | 000,033,064 | ---- | C] (SMART Technologies) -- C:\Windows\SysNative\smrtlocalmon.dll
[2012/01/22 20:32:47 | 000,022,312 | ---- | C] (SMART Technologies Inc.) -- C:\Windows\SysNative\smrtlocalui.dll
[2012/01/22 19:32:28 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\SMART Technologies Inc
[2012/01/22 19:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMART Technologies
[2012/01/22 19:31:52 | 000,110,592 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2012/01/22 19:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SMART Technologies
[2012/01/22 19:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SMART Technologies
[2012/01/22 19:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SMART Technologies
[2012/01/22 19:30:49 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\Downloaded Installations
[2012/01/22 13:23:05 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8117C766-8D53-421B-B767-BFBD9609F379}
[2012/01/22 13:22:55 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{FEB4EC84-4D39-4FF1-89FE-7FF198E56B12}
[2012/01/22 13:22:42 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{7235CB0B-B848-4777-8D9C-931F190FD45A}
[2012/01/22 13:22:29 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{9D98D931-0236-4E36-B05C-09BFB1791350}
[2012/01/22 01:22:17 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{C4DB70A8-88AE-47A3-8B0E-32759BCFA0BD}
[2012/01/22 01:22:08 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{04546B27-88C5-4DE1-A829-1592C3900D2A}
[2012/01/22 01:21:59 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{3B90FDB7-4E1C-4887-AD68-9D2AE399E8F6}
[2012/01/22 01:21:23 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{7C6BF1B7-67D0-4309-A1AA-CBBC1A7FA623}
[2012/01/21 10:35:20 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{029A6C94-61B5-448B-B6FC-BC0EAD3A8F7D}
[2012/01/21 10:35:00 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{F60A2FFE-5EAF-474C-A0D0-97D006F65357}
[2012/01/21 06:46:25 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{B74EA57D-A5E8-48AE-954C-B9810475F11F}
[2012/01/20 15:46:41 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{627EDBD5-E1F0-43DB-A313-3D06629B4A06}
[2012/01/20 15:45:52 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{61A134D1-ED46-4B4C-93B6-3E34D1E1B3BA}
[2012/01/20 14:01:19 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{7AC67704-3E6A-42D1-BB8E-48B3F6775EFA}
[2012/01/19 23:56:22 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\.pdfsam
[2012/01/19 23:53:09 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge
[2012/01/19 23:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfsam
[2012/01/19 21:17:46 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{90DA5318-193D-44EE-A597-8A151566343B}
[2012/01/19 21:17:36 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{0BA34302-F4F8-474A-8586-703FCCA2BDA3}
[2012/01/19 21:17:27 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{0AA3E26A-06FE-4FF3-93BD-795C3B711AB1}
[2012/01/19 21:17:16 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{15FAD005-38BE-4512-8CC2-3B6299DED807}
[2012/01/19 05:51:49 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{ABD847C4-1113-41AB-BD0E-94CF7BCF6A46}
[2012/01/19 05:51:39 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{2299DB52-733A-4921-A145-7AA36479EE15}
[2012/01/19 05:51:30 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{2A3795AA-D232-4632-AC81-587AA8A08E7D}
[2012/01/19 05:51:20 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{15BADAF5-2B3D-46C7-A835-D64521803E02}
[2012/01/18 15:11:59 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8B0CD43E-BEBE-43B1-A18A-A3E9F773B9FA}
[2012/01/18 15:11:48 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{336176BA-4D0C-4CF4-8DBA-27B733FCCE1B}
[2012/01/18 15:11:36 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{EA833AAB-CEC5-41E0-BA73-AA0A6F827E56}
[2012/01/18 15:10:54 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{5A9E184D-5689-42E0-AE24-EBF7F7745717}
[2012/01/18 00:31:47 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{083E7825-1AB9-43C4-A0DC-2181B5728BE3}
[2012/01/18 00:31:36 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{BD75FF6A-AE4C-4364-BD27-2306950E4F2E}
[2012/01/18 00:31:23 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{BE85EDD2-2E49-49E0-9996-C780CE4FF678}
[2012/01/18 00:31:10 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{363FF360-973F-4CAF-B1EC-12DDB8D98C87}
[2012/01/17 12:30:52 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{E12B92B7-F656-422A-A99F-576DEAD33C36}
[2012/01/17 12:30:42 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{E7298D41-86BB-4E8A-934A-31C9E3935B1B}
[2012/01/17 12:30:31 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{3F7A12F8-E1F4-4E02-904C-33C6B4D48081}
[2012/01/17 12:30:19 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{AA39FE2A-8FE1-4E99-932E-A8DD74BDE663}
[2012/01/16 21:29:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/01/16 21:29:49 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/01/16 21:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/01/16 21:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/01/16 21:29:25 | 000,912,504 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.sys
[2012/01/16 21:29:25 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys
[2012/01/16 21:29:25 | 000,450,680 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.sys
[2012/01/16 21:29:25 | 000,386,168 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys
[2012/01/16 21:29:25 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.sys
[2012/01/16 21:29:25 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys
[2012/01/16 21:29:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2012/01/16 21:29:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D
[2012/01/16 21:29:08 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012/01/16 21:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2012/01/16 21:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/01/16 21:28:37 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{B7C80D24-F25B-46BC-B224-E26782216818}
[2012/01/16 21:28:24 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{DA6C7390-D9F7-4955-8612-F38660AAFC47}
[2012/01/16 20:53:37 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/01/16 17:56:26 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{B7FF8338-7FE3-46F9-8685-71DB7F515B1F}
[2012/01/16 17:52:55 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{673CC780-D0F9-4018-B7E3-C6C5032F9495}
[2012/01/16 05:51:32 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8565B07C-FE9E-4174-A1C4-EFFA2536B31C}
[2012/01/16 05:51:23 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{244478D9-6C69-41AF-A64B-2451736BBE5C}
[2012/01/16 05:51:13 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{CD10534B-61BF-4CCA-B3AC-1A27F7D31963}
[2012/01/16 05:51:04 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{F7E89A48-E2A0-4FF4-BD2F-79F899BA1718}
[2012/01/15 17:20:44 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\Desktop\Adobe CS5
[2012/01/15 15:09:18 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{18618CF1-E35B-4324-845F-F76BB1FB2728}
[2012/01/15 15:09:08 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{57E74B04-C36E-424C-B2AA-A601D9422A2E}
[2012/01/15 15:08:59 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{B19DA077-B86C-443E-98B6-D18666478466}
[2012/01/15 15:08:49 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{5E976350-4C85-48F0-B7B1-43D855F52F2A}
[2012/01/15 01:06:04 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{A6379DA4-0BAA-4299-8E46-8C267B909E47}
[2012/01/15 01:05:58 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{716CBECC-2F45-42C2-A41A-306C435362BC}
[2012/01/15 01:05:49 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{00D8E566-7E89-405A-889A-3C6DAFF3CCFC}
[2012/01/15 01:05:39 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{4749C195-8C01-4868-AF33-DEFC1B4C9338}
[2012/01/14 11:01:32 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{7A1509C8-6930-4C90-AE41-7CF2C755C7CF}
[2012/01/14 11:01:23 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{F4058790-C534-4E7F-AE26-EE0F507A9D33}
[2012/01/14 07:32:42 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{7C6DDE23-DBDD-48E1-BD4C-7704F33A8CBC}
[2012/01/13 19:25:14 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{9E5B3A08-3780-4C6D-B968-19EE62B0B3EE}
[2012/01/13 19:25:05 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{588D2960-A5A8-4750-9DEE-77F89C4B04BB}
[2012/01/13 19:24:55 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8DA92441-ED4F-41DC-B240-E513D51BD9E5}
[2012/01/13 19:24:42 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{37602813-6CE9-44AE-ACAD-9A7EA656BF8E}
[2012/01/13 07:24:17 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{E81818B4-F915-48C2-BE66-C476CC3483D0}
[2012/01/13 07:24:08 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{C539CDE8-42B1-4CA4-A944-F622A2D7C386}
[2012/01/13 07:23:58 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{3F5CDD3F-74D6-4351-8494-F6F7BDBC7A06}
[2012/01/13 07:23:48 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{357D6723-0C34-42FA-8B09-416253A7B3DE}
[2012/01/12 19:23:37 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{B01B7CD3-B1E2-46BB-A4F9-8097BA8A4CB6}
[2012/01/12 19:23:27 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{2BE8F2A4-7C13-4AE0-9BEA-97A26E812927}
[2012/01/12 19:23:18 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{5D940CCC-F172-45E9-A981-1424926ED1BE}
[2012/01/12 19:23:08 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{4D36A88D-78DB-4A0A-960E-111879CECA62}
[2012/01/12 06:03:42 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{2471AD36-A2C9-4541-9F54-9C7E01912084}
[2012/01/12 06:03:26 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{266AB5C9-83C0-4FCA-9B31-551194081916}
[2012/01/12 06:03:17 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{1ADCAE6D-0017-4FB4-B1A8-B67AFCBCC7C0}
[2012/01/12 06:03:05 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{42137214-4742-42E8-866B-423A4B2FE047}
[2012/01/11 18:01:55 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{FF94A7FE-F68C-4C4F-8AF8-6925537AA13A}
[2012/01/11 18:01:45 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{A6799041-CFF0-4665-AC48-33FBDB3F168F}
[2012/01/11 18:01:36 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{B190F32A-6B69-4C85-93E1-832DE2841BA6}
[2012/01/11 18:01:26 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{1C8AC511-8E31-4125-A465-CA8E381DB13A}
[2012/01/11 06:01:14 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{32FA9ED8-728C-41E7-A743-7B81075164CE}
[2012/01/11 06:01:05 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{65C719DE-135C-43CD-9EC0-A4D1EBEC38A0}
[2012/01/11 06:00:55 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{DF8599D1-3ADE-40E0-8D5E-D27F9C8A58EE}
[2012/01/11 06:00:46 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{ECEB5641-6022-47C3-9C4D-E03C97B3B906}
[2012/01/10 18:00:20 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{9E9652C0-0EB2-489E-993C-692E38E7396C}
[2012/01/10 18:00:11 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{0B08CF85-04DA-47DA-B25F-09AA6A819463}
[2012/01/10 18:00:01 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{D968CD9C-82FE-4F03-9A0F-E3769E9A9711}
[2012/01/10 17:59:51 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{BBA16C30-7C13-4D15-9FE4-4C26FB942C3D}
[2012/01/10 05:59:36 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{A358294C-4786-4ED1-A4A0-48D363081C33}
[2012/01/10 05:59:24 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{13C00C55-A25E-4047-8256-F9CD97F24EFB}
[2012/01/10 05:59:12 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{D0FFEE39-18BA-4A08-90CF-69BB175FCC23}
[2012/01/10 05:59:00 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{5124F01F-46B0-450D-B370-9A34AE248488}
[2012/01/09 17:58:48 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{1535031E-B3D8-4C36-91C7-C37B32563C1A}
[2012/01/09 17:58:38 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{C02BCE44-76BC-4272-8166-5335BEF7AD08}
[2012/01/09 17:58:29 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8F974016-5E84-4949-BC08-8BB2520EA504}
[2012/01/09 17:58:18 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{CE704C82-5F35-42B7-B730-F132B4CEC6BC}
[2012/01/09 06:26:05 | 000,052,736 | ---- | C] (Motorola Solutions, Inc.) -- C:\Windows\SysNative\drivers\btmcom.sys
[2012/01/09 06:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth
[2012/01/09 06:25:52 | 000,009,048 | ---- | C] (Motorola Solutions, Inc.) -- C:\Windows\SysNative\btmsstverschk.dll
[2012/01/09 06:24:37 | 000,326,736 | ---- | C] (Motorola Solutions, Inc.) -- C:\Windows\SysNative\btmcls.dll
[2012/01/09 06:24:29 | 000,663,936 | ---- | C] (Motorola Solutions, Inc.) -- C:\Windows\SysNative\drivers\btmusb.sys
[2012/01/09 06:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2012/01/09 06:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/01/09 06:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012/01/09 05:57:54 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{3D1063BB-0D25-414C-BFA0-69FA383B6998}
[2012/01/09 05:57:45 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{48B166B8-5B7F-4C9E-A1A6-DE78A0D0A8FA}
[2012/01/09 05:57:35 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{DDD6DD53-9CFB-46A6-95CC-6C13F2952999}
[2012/01/09 05:57:25 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{1421C940-F105-429D-85B7-97556B6552C1}
[2012/01/08 14:50:49 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{68CEBF68-98F5-4253-AA9A-6B485CC42F53}
[2012/01/08 14:50:38 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{EF60585F-5068-4889-93D1-B0BEA5DEDCE2}
[2012/01/08 13:14:18 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{409928E6-0D18-4320-805F-AADB64587BDC}
[2012/01/08 01:25:57 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\Plogue
[2012/01/08 01:12:48 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8F4D2777-A5C3-4CD0-B37E-F30E01B529F9}
[2012/01/08 01:12:38 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{9AE430C8-7808-4B98-B29A-F2673542740F}
[2012/01/07 22:17:13 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\Nitro PDF
[2012/01/07 22:15:05 | 000,028,960 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2012/01/07 22:15:05 | 000,017,184 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2012/01/07 22:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2012/01/07 22:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2012/01/07 22:14:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2012/01/07 22:14:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2012/01/07 22:12:04 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\Downloaded Installations
[2012/01/07 21:45:34 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\Documents\Myriad Documents
[2012/01/07 21:45:34 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Roaming\ACAMPREF
[2012/01/07 13:12:26 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8025983E-66CC-4603-8091-2CA17F2E9F89}
[2012/01/07 13:12:17 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{615D123F-68C0-4E9A-A7F2-2FD8F90C83D9}
[2012/01/07 13:12:07 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{D654DDC0-3FBB-4DB1-885A-D5C448F121F5}
[2012/01/07 13:11:57 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{2B24B140-0F57-477E-9BC0-1D8D502FDAF6}
[2012/01/07 00:11:53 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{75A75793-55FE-4619-836F-E10456AA0B4A}
[2012/01/07 00:11:43 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{F46CF0D1-3B97-41AD-A78D-51C10ED52E86}
[2012/01/07 00:11:34 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{5666C870-F61C-468F-9A3A-611514827643}
[2012/01/07 00:11:21 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{9E2EAFB4-3FFA-40EB-A3E4-C2559D85D76E}
[2012/01/06 12:11:08 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{DC8B5D24-ACD9-49EA-9DCA-6B59711FE263}
[2012/01/06 12:10:59 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{E71E8452-1A0C-4710-A1A2-AAEF9F1679E4}
[2012/01/06 12:10:49 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{DADC8F23-3D87-44E0-AB51-A1F28CDEFFE9}
[2012/01/06 12:10:40 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{64EFB6E7-C8CA-4AA2-AFA7-ED534C8C0939}
[2012/01/06 00:10:27 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{62D98456-392E-4334-AF07-866129332F83}
[2012/01/06 00:10:18 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{B4B957BF-8623-4A5B-91B4-0156B541469B}
[2012/01/06 00:10:08 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{38F0CD1B-7EB7-4B4E-93E8-D3EB4EE6BCE3}
[2012/01/06 00:09:57 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{F0A94017-F866-430C-AF67-7071D5B417D1}
[2012/01/05 21:25:07 | 000,000,000 | --SD | C] -- C:\Users\Charlie Henderson\Documents\My Data Sources
[2012/01/05 12:09:46 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{16C15E91-4C78-4054-9788-A6E7B3EE8738}
[2012/01/05 12:09:37 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{1ED0D95F-9389-4FC2-9FE6-08D45B36A79F}
[2012/01/05 12:09:27 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{DFA2D8D1-7DF4-4428-A525-C114833C4346}
[2012/01/05 12:09:17 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{CDF3CE60-97AC-48D4-A484-A250B293B99C}
[2012/01/04 23:47:47 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{37459E1E-B38E-4FB9-A890-C63D161939A2}
[2012/01/04 23:47:37 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{0B6051C7-6C2A-48A1-8E4E-0FC134FC5D56}
[2012/01/04 23:47:28 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{6EC114C4-37A3-4F2C-8E5A-20B4EEB3BDAC}
[2012/01/04 23:47:18 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{77E308B4-1DB0-4928-A6A4-D56A3EB5B5BC}
[2012/01/04 11:47:03 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{F515DD10-1C32-4C10-8781-5156100A03DD}
[2012/01/04 11:46:52 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{2F864900-F296-4FFE-A65A-7E6D2740E95B}
[2012/01/04 11:46:39 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{7075F742-CAF9-43F3-A545-8B0F8A54E870}
[2012/01/04 11:46:25 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{3B4C4D6F-9292-43FB-871F-58DFBC658126}
[2012/01/03 23:46:13 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{B8E0611C-E60B-4AA8-B820-A79C1C353BAF}
[2012/01/03 23:46:02 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{EF5346DD-732F-4E54-ADA5-D4567014BC71}
[2012/01/03 23:45:51 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8E85E2B3-2BCF-4773-ACDD-058D08FFA006}
[2012/01/03 23:45:38 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{27E1FB35-ECCC-49F4-B0F2-EF269904D75A}
[2012/01/03 11:39:23 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{2A5D2ADB-E814-4BB4-8098-DAF26CCE3495}
[2012/01/03 11:39:13 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{7AD39BD9-2F4B-4B44-A53D-07B466966CF1}
[2012/01/03 11:39:04 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{674D7A1F-9A6D-4C26-91C6-0DB9ED85B6B0}
[2012/01/03 11:38:54 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{8CF5AA06-4221-463E-B6EA-6777BE855B0B}
[2012/01/02 00:34:51 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{71362C8B-16AB-4E33-937C-B7223AB425A4}
[2012/01/02 00:34:49 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{AF2A31D8-642D-40E7-BFBE-3C6A31605043}
[2012/01/02 00:34:41 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{21748183-18B2-4443-AC33-3B2441F0D617}
[2012/01/02 00:34:31 | 000,000,000 | ---D | C] -- C:\Users\Charlie Henderson\AppData\Local\{06061D79-815F-4E53-A603-3D80276A87DC}

========== Files - Modified Within 30 Days ==========

[2012/01/30 00:11:01 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-174769313-1577546451-3502020474-1001UA.job
[2012/01/30 00:09:04 | 000,000,512 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\MBR.dat
[2012/01/30 00:03:06 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-174769313-1577546451-3502020474-1001UA.job
[2012/01/29 23:19:35 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/29 23:19:35 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/29 23:13:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/29 22:53:49 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\Xpxstzutf.job
[2012/01/29 22:53:18 | 590,111,226 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/29 22:53:18 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/29 21:50:26 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-174769313-1577546451-3502020474-1001Core.job
[2012/01/29 21:45:08 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-174769313-1577546451-3502020474-1001Core.job
[2012/01/29 00:08:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/01/28 02:15:44 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/28 02:15:44 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/28 02:15:44 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/27 14:34:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/27 14:34:04 | 005,323,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/27 12:43:57 | 000,000,604 | -H-- | M] () -- C:\Program Files (x86)\_Z2
[2012/01/27 12:41:45 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\Sibelius 7.lnk
[2012/01/27 11:41:33 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCharlie Henderson.job
[2012/01/27 11:36:18 | 263,797,158 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\registry ja 27.reg
[2012/01/27 11:33:00 | 000,001,115 | ---- | M] () -- C:\Users\Charlie Henderson\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/01/27 11:32:59 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/01/27 10:54:49 | 001,182,286 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\Malcolm Arnold - Fantasy for Tuba.pdf
[2012/01/27 00:13:34 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2012/01/23 13:02:13 | 000,267,516 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\img011.pdf
[2012/01/23 12:58:28 | 000,588,552 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\img010.jpg
[2012/01/22 20:35:59 | 001,897,292 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2012/01/22 20:34:38 | 000,002,280 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SMART Board Tools.lnk
[2012/01/22 19:32:12 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Notebook Software 10.lnk
[2012/01/16 21:56:22 | 001,455,477 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\agony2.xml
[2012/01/16 21:53:17 | 000,197,796 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\agony2.pdf
[2012/01/16 21:51:39 | 000,210,177 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\agony.pdf
[2012/01/16 21:29:49 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/01/16 21:29:49 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/01/16 21:29:49 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/01/16 21:29:41 | 000,002,460 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/01/16 21:27:16 | 000,001,314 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\Norton Installation Files.lnk
[2012/01/10 09:35:06 | 000,023,390 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\charlie headshot.jpg
[2012/01/08 12:24:49 | 000,228,457 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\love's a bond.wav.asd
[2012/01/08 01:33:53 | 000,004,972 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\mighty morphin power rangers wrist communicator sound.mp3.asd
[2012/01/07 22:14:54 | 000,002,059 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Pro 7.lnk
[2012/01/07 21:50:43 | 000,892,769 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\Love's a Bond.xml
[2012/01/04 11:39:41 | 269,080,843 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\Mary Poppins [22 February 2005] [London] - Act I.mp4
[2012/01/04 11:37:54 | 212,574,581 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\Beauty and the Beast 1.mp4
[2012/01/04 11:36:22 | 137,075,277 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\Beauty and the Beast 2.mp4
[2012/01/04 11:35:41 | 123,200,040 | ---- | M] () -- C:\Users\Charlie Henderson\Desktop\Mary Poppins [22 February 2005] [London] - Act II.mp4
[2012/01/02 15:33:12 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCHARLIE-LAPTOP$.job

========== Files Created - No Company Name ==========

[2012/01/29 22:40:57 | 000,000,512 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\MBR.dat
[2012/01/27 14:14:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/27 14:14:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/27 14:14:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/27 14:14:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/27 14:14:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/27 12:43:57 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\_Z2
[2012/01/27 12:41:44 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\Sibelius 7.lnk
[2012/01/27 11:34:54 | 263,797,158 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\registry ja 27.reg
[2012/01/27 11:33:00 | 000,001,115 | ---- | C] () -- C:\Users\Charlie Henderson\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/01/27 11:32:59 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/01/27 10:54:46 | 001,182,286 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\Malcolm Arnold - Fantasy for Tuba.pdf
[2012/01/23 13:02:13 | 000,267,516 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\img011.pdf
[2012/01/23 12:58:28 | 000,588,552 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\img010.jpg
[2012/01/22 20:34:38 | 000,002,280 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SMART Board Tools.lnk
[2012/01/22 19:32:12 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Notebook Software 10.lnk
[2012/01/16 21:56:22 | 001,455,477 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\agony2.xml
[2012/01/16 21:53:09 | 000,197,796 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\agony2.pdf
[2012/01/16 21:51:17 | 000,210,177 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\agony.pdf
[2012/01/16 21:30:57 | 001,897,292 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2012/01/16 21:29:49 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/01/16 21:29:49 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/01/16 21:29:41 | 000,002,460 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/01/16 21:29:25 | 000,000,000 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.cat
[2012/01/16 21:29:12 | 000,003,373 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA.inf
[2012/01/16 21:29:12 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS.inf
[2012/01/16 21:29:12 | 000,001,446 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymNet.inf
[2012/01/16 21:29:12 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf
[2012/01/16 21:29:12 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf
[2012/01/16 21:29:12 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Iron.inf
[2012/01/16 21:29:11 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat
[2012/01/16 21:29:11 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat
[2012/01/16 21:29:11 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.cat
[2012/01/16 21:29:11 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat
[2012/01/16 21:29:11 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat
[2012/01/16 21:29:11 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2012/01/16 20:53:37 | 000,001,314 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\Norton Installation Files.lnk
[2012/01/15 17:42:37 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\Xpxstzutf.job
[2012/01/15 17:37:06 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2012/01/15 17:36:19 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2012/01/15 17:33:52 | 000,001,262 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012/01/10 09:35:06 | 000,023,390 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\charlie headshot.jpg
[2012/01/08 12:24:49 | 000,228,457 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\love's a bond.wav.asd
[2012/01/08 01:33:53 | 000,004,972 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\mighty morphin power rangers wrist communicator sound.mp3.asd
[2012/01/07 22:14:51 | 000,002,059 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Pro 7.lnk
[2012/01/07 22:14:50 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 7.lnk
[2012/01/07 21:50:42 | 000,892,769 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\Love's a Bond.xml
[2012/01/07 21:44:36 | 000,000,724 | ---- | C] () -- C:\Windows\wacam.ini
[2012/01/04 11:28:23 | 123,200,040 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\Mary Poppins [22 February 2005] [London] - Act II.mp4
[2012/01/04 11:27:37 | 269,080,843 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\Mary Poppins [22 February 2005] [London] - Act I.mp4
[2012/01/04 11:26:49 | 137,075,277 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\Beauty and the Beast 2.mp4
[2012/01/04 11:26:00 | 212,574,581 | ---- | C] () -- C:\Users\Charlie Henderson\Desktop\Beauty and the Beast 1.mp4
[2011/09/29 19:03:55 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2011/09/29 19:02:03 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/09/29 19:02:02 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2011/09/28 16:51:19 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/09/25 12:57:03 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/09/18 22:23:58 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/08/14 00:24:19 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/08/11 12:42:50 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/08/11 12:42:50 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/08/11 12:42:50 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/08/11 12:42:50 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/08/11 12:42:50 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/08/11 12:42:50 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/08/11 12:42:50 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/08/11 12:42:50 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/08/11 12:42:50 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/08/11 12:42:50 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/08/11 12:42:50 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/08/11 12:42:50 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/08/11 12:42:50 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/08/11 12:42:50 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/08/11 12:42:50 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/08/11 12:42:50 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/08/11 12:39:00 | 000,000,071 | ---- | C] () -- C:\Windows\ENX420.ini
[2011/08/08 18:41:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\88d6ed877f07c7fe8017c8e69186cb26_c
[2011/08/02 19:30:46 | 000,002,048 | ---- | C] () -- C:\Users\Charlie Henderson\AppData\Roaming\Photobook Designer Prefs
[2011/07/16 15:31:43 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\wuappp.exe
[2011/01/07 14:58:58 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/12/16 21:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/12/07 16:05:32 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/12/07 16:05:28 | 000,105,408 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/12/07 16:05:24 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/09/24 17:41:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2002/09/17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

========== LOP Check ==========

[2011/08/29 11:48:31 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\Ableton
[2012/01/27 00:18:22 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\ACAMPREF
[2011/12/06 19:09:40 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\Audacity
[2012/01/27 12:44:13 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\Avid
[2011/08/24 13:04:50 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/23 23:34:00 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/07 22:12:04 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\Downloaded Installations
[2011/08/29 10:14:57 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\Epson
[2011/09/12 00:04:31 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\FairStars Audio Converter
[2011/12/12 16:45:47 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\Garritan
[2011/07/25 21:53:07 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\KORG
[2011/08/11 14:57:11 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\Leadertech
[2011/12/12 16:45:18 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\MakeMusic
[2012/01/07 22:17:13 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\Nitro PDF
[2011/09/29 19:03:55 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\pdf995
[2011/08/02 19:29:49 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\Photobook Designer
[2011/07/14 22:26:51 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\PictureMover
[2012/01/08 01:25:57 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\Plogue
[2012/01/22 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\SMART Technologies
[2012/01/22 19:32:28 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\SMART Technologies Inc
[2011/07/14 22:25:30 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\Synaptics
[2012/01/30 00:13:17 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\uTorrent
[2011/07/15 18:13:46 | 000,000,000 | ---D | M] -- C:\Users\Charlie Henderson\AppData\Roaming\Windows Live Writer
[2012/01/29 00:08:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/08/14 00:06:53 | 000,000,218 | ---- | M] () -- C:\Windows\Tasks\AutoKMSCustom.job
[2012/01/29 21:50:26 | 000,000,954 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-174769313-1577546451-3502020474-1001Core.job
[2012/01/30 00:11:01 | 000,000,976 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-174769313-1577546451-3502020474-1001UA.job
[2009/07/14 00:08:49 | 000,013,232 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/29 22:53:49 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\Xpxstzutf.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/01/07 14:56:25 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/01/07 14:49:59 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/01/07 14:56:25 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/01/07 14:49:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011/01/07 14:56:25 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/01/07 14:49:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/01/07 14:56:25 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/01/07 14:49:59 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/01/07 14:56:25 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/01/07 14:56:25 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{02A4B06F-B616-4B0B-81AA-83A5CEB6DB87}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{1B74ACA8-4D20-4A24-B408-6C16452C6B48}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{2ADE1002-BA1F-4F0B-8B8C-F1212AEFEC07}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{7F2B8DF0-F251-41C4-9556-AE134CDDA27D}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 0A 01 06 01 03 01 00 01 05 01 0B 01 01 01 08 01 07 01 04 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 11
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >

Extras.txt

OTL Extras logfile created on: 1/27/2012 12:11:38 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Charlie Henderson\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 40.90% Memory free
7.60 Gb Paging File | 5.02 Gb Available in Paging File | 65.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.01 Gb Total Space | 471.03 Gb Free Space | 68.96% Space Free | Partition Type: NTFS
Drive D: | 15.33 Gb Total Space | 1.90 Gb Free Space | 12.36% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 84.74 Mb Free Space | 85.71% Space Free | Partition Type: FAT32
Unable to calculate disk information.

Computer Name: CHARLIE-LAPTOP | User Name: Charlie Henderson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"__ARIA_1012___is1" = Garritan ARIA Player v1.02
"__ARIA_1013___is1" = Garritan Instruments for Finale
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java™ 6 Update 22 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6D3AAA06-F2E1-4AB5-AB64-38B7E64DDAEF}" = Nitro Pro 7
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1" = Ralink Motorola BC8 Bluetooth 3.0+HS Adapter
"ARIA Engine_is1" = ARIA Engine v1.0.9.8
"EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
"{53CD60C7-12F9-420D-A9BF-EC8D815475A9}" = HP Documentation
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions ŕ distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C047A54-D971-478A-83A0-C3F81FE1DB0B}" = KORG M50 Plug-In Editor RTAS
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C27458FA-DC81-4938-83E8-43151DDE1707}" = KORG M50 Plug-In Editor VST
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA73CDD6-26B5-4CC4-9BE3-549E522E22F8}" = KORG M50 External Setup Template
"{DCE7446A-23C1-4CAE-8291-F5611D78A0A1}" = KORG M50 Editor
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E373514C-21E0-4E76-BABD-C7BAF6BFFF45}" = KORG USB-MIDI Driver Tools for Windows
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F581DF68-CAE9-4064-A6CD-705D95D1C756}" = Notebook Software
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF7A64AB-214A-47D1-95E7-742BCBA7F6C9}" = SMART Board Drivers
"35A39AB0-5E9F-4B70-98DA-4B8158C89C4B" = Mandelbulber
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"CDisplay_is1" = CDisplay 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Comical_is1" = Comical 0.8
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"EPSON Scanner" = EPSON Scan
"FairStars Audio Converter_is1" = FairStars Audio Converter 1.71
"Finale 2011" = Finale 2011
"Garritan Personal Orchestra" = Garritan Personal Orchestra
"Graphmatica" = Graphmatica
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Live 8.0.4" = Live 8.0.4
"Morefunc" = Morefunc
"Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)
"My HP Game Console" = HP Game Console
"N360" = Norton 360
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pdf995" = Pdf995
"PDFtoMusic Pro" = PDFtoMusic Pro
"Power DVD Rip Studio_is1" = Power DVD Rip Studio v1.1.7.293
"PowerISO" = PowerISO
"RAR Password Cracker" = RAR Password Cracker 4.12
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087343" = Dora's World Adventure
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT089299" = Mystery P.I. - The London Caper
"WT089300" = World Cup Cricket 20-20
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZumoDrive" = HP CloudDrive

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"pdfsam" = pdfsam
"Photobook Designer" = Photobook Designer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/3/2011 6:18:17 PM | Computer Name = Charlie-Laptop | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 12/13/2011 7:14:03 PM | Computer Name = Charlie-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: finale.exe, version: 2011.0.4.1, time stamp:
0x4bf5c13f Faulting module name: finale.exe, version: 2011.0.4.1, time stamp: 0x4bf5c13f
Exception
code: 0xc0000005 Fault offset: 0x0007e5c5 Faulting process id: 0x1c4c Faulting application
start time: 0x01ccb9175477a24a Faulting application path: C:\Program Files (x86)\Finale
2011\finale.exe Faulting module path: C:\Program Files (x86)\Finale 2011\finale.exe
Report
Id: 25218ec2-25e0-11e1-8a58-78e3b54d8f04

Error - 12/15/2011 12:56:03 AM | Computer Name = Charlie-Laptop | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 810 Start
Time: 01cca6ff3c8cf435 Termination Time: 552 Application Path: C:\Windows\Explorer.EXE

Report
Id: 1385ac3e-26d9-11e1-8a58-78e3b54d8f04

Error - 12/15/2011 12:57:59 AM | Computer Name = Charlie-Laptop | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 4d30 Start
Time: 01ccbae5d8d015b1 Termination Time: 0 Application Path: C:\Windows\explorer.exe

Report
Id: 572dd8ca-26d9-11e1-8a58-78e3b54d8f04

Error - 12/16/2011 1:16:57 AM | Computer Name = Charlie-Laptop | Source = Google Update | ID = 20
Description =

Error - 12/17/2011 10:42:11 AM | Computer Name = Charlie-Laptop | Source = Google Update | ID = 20
Description =

Error - 12/19/2011 5:19:37 PM | Computer Name = Charlie-Laptop | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 12/23/2011 7:11:05 PM | Computer Name = Charlie-Laptop | Source = Google Update | ID = 20
Description =

Error - 12/23/2011 8:02:55 PM | Computer Name = Charlie-Laptop | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 12.0.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 42e0 Start
Time: 01ccc1c7a5b13735 Termination Time: 65 Application Path: C:\Program Files (x86)\Windows
Media Player\wmplayer.exe Report Id: 9e424624-2dc2-11e1-a5c1-78e3b54d8f04

Error - 1/7/2012 2:03:33 AM | Computer Name = Charlie-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: finale.exe, version: 2011.0.4.1, time stamp:
0x4bf5c13f Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp:
0x4ce7ba58 Exception code: 0xc015000f Fault offset: 0x000845c1 Faulting process id:
0xcac Faulting application start time: 0x01ccc5dae4511490 Faulting application path:
C:\Program Files (x86)\Finale 2011\finale.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 5442e450-38f5-11e1-a5c1-78e3b54d8f04

[ Hewlett-Packard Events ]
Error - 7/27/2011 11:36:59 PM | Computer Name = Charlie-Laptop | Source = Hewlett-Packard | ID = 0
Description = en-CA Object reference not set to an instance of an object. HP.ActiveSupportLibrary

at HP.ActiveSupportLibrary.Issues.HPSFSession.?()

Error - 9/10/2011 12:04:33 AM | Computer Name = Charlie-Laptop | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091110120422.xml
File not created by asset agent

Error - 11/2/2011 4:06:39 PM | Computer Name = Charlie-Laptop | Source = HPSF.exe | ID = 4000
Description =

Error - 11/23/2011 6:03:58 PM | Computer Name = Charlie-Laptop | Source = HPSF.exe | ID = 4000
Description =

Error - 11/23/2011 6:04:02 PM | Computer Name = Charlie-Laptop | Source = HPSF.exe | ID = 4000
Description =

Error - 11/24/2011 9:27:14 AM | Computer Name = Charlie-Laptop | Source = HPSF.exe | ID = 4000
Description =

Error - 11/24/2011 9:29:49 AM | Computer Name = Charlie-Laptop | Source = HPSF.exe | ID = 4000
Description =

Error - 12/7/2011 5:54:20 PM | Computer Name = Charlie-Laptop | Source = HPSF.exe | ID = 4000
Description =

Error - 12/21/2011 6:04:18 PM | Computer Name = Charlie-Laptop | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3893 Ram Utilization: 40 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

[ HP Software Framework Events ]
Error - 12/21/2011 6:04:42 PM | Computer Name = Charlie-Laptop | Source = CaslWmi | ID = 5
Description = 2011/12/21 17:04:42.228|00004404|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12/28/2011 9:07:28 PM | Computer Name = Charlie-Laptop | Source = CaslWmi | ID = 5
Description = 2011/12/28 20:07:28.920|000047EC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 1/4/2012 5:12:43 PM | Computer Name = Charlie-Laptop | Source = CaslWmi | ID = 5
Description = 2012/01/04 16:12:43.190|00006870|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 1/10/2012 12:27:58 AM | Computer Name = Charlie-Laptop | Source = CaslWmi | ID = 5
Description = 2012/01/09 23:27:58.488|000035F4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 1/11/2012 5:42:18 PM | Computer Name = Charlie-Laptop | Source = CaslWmi | ID = 5
Description = 2012/01/11 16:42:18.046|00002738|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 1/18/2012 5:05:32 PM | Computer Name = Charlie-Laptop | Source = CaslWmi | ID = 5
Description = 2012/01/18 16:05:32.511|000012B0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 1/18/2012 5:07:42 PM | Computer Name = Charlie-Laptop | Source = CaslWmi | ID = 5
Description = 2012/01/18 16:07:42.311|00003C90|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 1/18/2012 5:07:52 PM | Computer Name = Charlie-Laptop | Source = CaslWmi | ID = 5
Description = 2012/01/18 16:07:52.614|0000227C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 1/18/2012 5:08:11 PM | Computer Name = Charlie-Laptop | Source = CaslWmi | ID = 5
Description = 2012/01/18 16:08:11.674|00004018|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 1/25/2012 6:02:36 PM | Computer Name = Charlie-Laptop | Source = CaslWmi | ID = 5
Description = 2012/01/25 17:02:36.351|00003764|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ HP Wireless Assistant Events ]
Error - 7/14/2011 11:22:46 PM | Computer Name = Charlie-Laptop | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 7/14/2011 11:22:51 PM | Computer Name = Charlie-Laptop | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 7/14/2011 11:23:56 PM | Computer Name = Charlie-Laptop | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 7/14/2011 11:24:02 PM | Computer Name = Charlie-Laptop | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 7/14/2011 11:25:07 PM | Computer Name = Charlie-Laptop | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 7/14/2011 11:25:12 PM | Computer Name = Charlie-Laptop | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 7/14/2011 11:26:17 PM | Computer Name = Charlie-Laptop | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 7/14/2011 11:26:23 PM | Computer Name = Charlie-Laptop | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 10/15/2011 10:10:50 PM | Computer Name = Charlie-Laptop | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
radios) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 11/3/2011 2:43:30 PM | Computer Name = Charlie-Laptop | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ System Events ]
Error - 1/17/2012 3:37:22 PM | Computer Name = Charlie-Laptop | Source = bowser | ID = 8003
Description =

Error - 1/17/2012 3:49:22 PM | Computer Name = Charlie-Laptop | Source = bowser | ID = 8003
Description =

Error - 1/17/2012 4:01:20 PM | Computer Name = Charlie-Laptop | Source = bowser | ID = 8003
Description =

Error - 1/17/2012 4:13:19 PM | Computer Name = Charlie-Laptop | Source = bowser | ID = 8003
Description =

Error - 1/17/2012 4:25:20 PM | Computer Name = Charlie-Laptop | Source = bowser | ID = 8003
Description =

Error - 1/17/2012 4:37:21 PM | Computer Name = Charlie-Laptop | Source = bowser | ID = 8003
Description =

Error - 1/17/2012 4:49:19 PM | Computer Name = Charlie-Laptop | Source = bowser | ID = 8003
Description =

Error - 1/17/2012 5:01:19 PM | Computer Name = Charlie-Laptop | Source = bowser | ID = 8003
Description =

Error - 1/17/2012 5:13:16 PM | Computer Name = Charlie-Laptop | Source = bowser | ID = 8003
Description =

Error - 1/17/2012 5:49:17 PM | Computer Name = Charlie-Laptop | Source = bowser | ID = 8003
Description =


< End of report >
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
The use of Keygens and Cracks inevitably leads to infection. Further, it is contrary to this sites Terms of Use. If you persist in their use you will no-longer receive help from this site in the future.

Go here to read Geekstogo Terms of Use and note in particular article 4 the items Illegal and Infringing of intellectual property rights (such as copyright and trademark rights).

The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.



The use of keygens means you have obtained your software illegally, and we will not help you. If you want help with installing any legal versions of software, we'd be happy to help you, but not with illegal copies. I will also warn you that the use of cracks/keygens is a very good way to infect your computer with malware, leading you to need our services in the malware forum.


To identify what needs to be corrected please do the following:


Please run the MGA Diagnostic Tool and post the report it produces:

  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program.
  • Click Continue.
  • Ensure that the Windows tab is selected. (It should be by default.)
  • Click the Copy button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report into your next reply.



---------------------------------------------------------------------------------------



  • Please download WVCheck by Artellos from one of the mirrors below;
    Artellos.com (exe)
  • After the download, run WVCheck.exe
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP