Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

iBryte Desktop Removal and other infections [Solved]

Started by Sirius Black , Jun 25 2012 01:23 AM

This topic is locked

#1
Sirius Black

Posted 25 June 2012 - 01:23 AM

Member

Member
77 posts

I have a laptop running Windows Vista and for some reason there is an icon in the taskbar called "iBryte Desktop" and I have no idea how this thing got there, furthermore, there is no listing in the control panel to remove it either.
Along with that there are a number of other infections that my Eset Nod 32 anti-virus keeps detecting but is unable to remove.
I have run a full scan with Eset Nod 32 and Anti-Malware Bytes to help remove some of the problems on here but with limited results.
Thank you ,in advance, for your help.

#2
jeffce

Posted 26 June 2012 - 12:09 PM

Trusted Helper

Malware Removal
216 posts

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Having said that....Let's get going!! :thumbup:
----------

Download OTL to your desktop.
Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------

Please download aswMBR to your desktop.

Right click and Run as Administrator the aswMBR icon to run it.
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Click the image to enlarge it
----------

In your next reply please post the logs made by OTL and aswMBR.

#3
Sirius Black

Posted 26 June 2012 - 08:15 PM

Member

Topic Starter
Member
77 posts

Here are the requested logs

OTL:

OTL logfile created on: 6/26/2012 9:43:25 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Steve Penn Gerrard\Desktop\Incoming
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 45.76% Memory free
8.03 Gb Paging File | 5.83 Gb Available in Paging File | 72.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.44 Gb Total Space | 17.00 Gb Free Space | 15.26% Space Free | Partition Type: NTFS
Drive D: | 111.44 Gb Total Space | 35.04 Gb Free Space | 31.44% Space Free | Partition Type: NTFS
Drive E: | 7.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: STEVEPENNGER-PC | User Name: Steve Penn Gerrard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Steve Penn Gerrard\Desktop\Incoming\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo Wi-Finder.exe (Boingo Wireless)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Boingo\Boingo Wi-Finder\boingoex.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:64bit: - (ETService) -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (o2flash) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (epfw) -- C:\Windows\SysNative\DRIVERS\epfw.sys (ESET)
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\DRIVERS\epfwwfp.sys (ESET)
DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\DRIVERS\EpfwLWF.sys (ESET)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\DRIVERS\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\DRIVERS\ehdrv.sys (ESET)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RMCAST) RMCAST (Pgm) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys (Microsoft Corporation)
DRV:64bit: - (WPN111) -- C:\Windows\SysNative\DRIVERS\WPN111vx.sys (Atheros Communications, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (O2SDRDR) -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys (O2Micro )
DRV:64bit: - (O2MDRDR) -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys (O2Micro )
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8187Se) -- C:\Windows\SysNative\DRIVERS\RTL8187Se.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (UVCFTR) -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\WUSB54GCx64.sys (Ralink Technology Inc.)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (PCAMp50a64) -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\Drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...=1008&m=m-7315u
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...=1008&m=m-7315u
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...15-930D49234B02
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://prodigy.msn.c...MX&dcc=MX&opt=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C A5 B3 FD FC 17 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {5963db80-6910-e734-3d61-9e997c263db5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{4408C5D3-D063-47B7-F412-10B06D154E1C}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{664E8AF9-8F70-463D-BADE-E3B21AF58FBB}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKCU\..\SearchScopes\{85BB23C7-0F67-4250-6758-200ACEDDE7FE}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=26dd9ba9-7b67-44f3-b261-f4126415b79d&query={searchTerms}
IE - HKCU\..\SearchScopes\{D75CCC30-8AE6-4780-80EB-58543F5FD096}: "URL" = http://search.speedb...q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://findgala.com/...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-yma3"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-yma3"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.search.ya...9,16695,0,16,0"
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:9.9.2
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.21
FF - prefs.js..extensions.enabledItems: {e2337727-f9c9-411b-929e-287584341d1a}:3.5.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.00
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.35
FF - prefs.js..extensions.enabledItems: {b9dbe2c0-031f-4cad-911a-f4a7381d79c0}:1.0.31
FF - prefs.js..extensions.enabledItems: {f409caa5-db4f-48aa-a238-ca307c481237}:1.0.0.0
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.3.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: wecarereminder@bryan:5.0.9.5
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.5.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.3.7

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/06/24 19:25:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/11 15:40:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/11 15:38:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/25 03:35:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/11 15:39:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/06/24 19:25:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\FriendsChecker\Firefox\ [2012/06/16 23:28:55 | 000,000,000 | ---D | M]

[2008/12/21 23:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Extensions
[2012/06/26 21:43:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions
[2012/01/30 15:03:55 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/11/30 00:56:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/06 13:03:16 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2012/05/24 22:41:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/24 18:11:14 | 000,000,000 | ---D | M] (Fast Search by Surf Canyon) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2010/08/06 13:03:16 | 000,000,000 | ---D | M] (Answers) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2011/11/30 00:56:55 | 000,000,000 | ---D | M] (LinkedIn Companion for Firefox) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{e2337727-f9c9-411b-929e-287584341d1a}
[2010/05/01 22:04:36 | 000,000,000 | ---D | M] (US Job Search Toolbar) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}
[2010/06/16 18:03:45 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\[email protected]
[2010/08/29 08:50:22 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\[email protected]
[2010/08/29 08:50:00 | 000,000,000 | ---D | M] (BetterLinks) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\[email protected]
[2012/06/26 21:43:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\staged
[2012/06/15 21:39:08 | 000,000,000 | ---D | M] (We-Care App) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\wecarereminder@bryan
[2010/05/16 01:22:51 | 000,001,945 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\searchplugins\bing-zugo.xml
[2012/06/26 21:37:34 | 000,002,030 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\searchplugins\search-here.xml
[2012/06/25 01:10:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/25 01:10:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/06/25 00:53:10 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\STEVE PENN GERRARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2WKCS4Z0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/15 21:39:06 | 000,020,228 | ---- | M] () (No name found) -- C:\USERS\STEVE PENN GERRARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2WKCS4Z0.DEFAULT\EXTENSIONS\[email protected]
[2012/05/18 00:42:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/03/31 08:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\mozilla firefox\components\coFFPlgn.dll
[2009/01/20 19:29:32 | 000,024,683 | ---- | M] (Ask.com) -- C:\Program Files (x86)\mozilla firefox\plugins\NPAskSBr.dll
[2010/10/06 20:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/06 20:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/11 15:39:41 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/05/18 00:42:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/18 00:42:21 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Ask Toolbar Plugin Stub (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPAskSBr.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Steve Penn Gerrard\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Steve Penn Gerrard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: We-Care Reminder Lite = C:\Users\Steve Penn Gerrard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.3_0\

O1 HOSTS File: ([2001/08/24 07:00:00 | 000,000,792 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - Reg Error: Value error. File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (FriendsChecker) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\FriendsChecker\IE\common.dll (FriendsChecker)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SBCONVERT Class) - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files (x86)\SpeedBit Video Converter\Toolbar\SpeedBit_Video_Converter.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - Reg Error: Value error. File not found
O2 - BHO: (US Job Search Toolbar) - {f409caa5-db4f-48aa-a238-ca307c481237} - C:\Program Files (x86)\usjobsearchtoolbar\vmntemplateX.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Converter\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Converter) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Converter\Toolbar\SpeedBit_Video_Converter.dll ()
O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (US Job Search Toolbar) - {f409caa5-db4f-48aa-a238-ca307c481237} - C:\Program Files (x86)\usjobsearchtoolbar\vmntemplateX.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Converter) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Converter\Toolbar\SpeedBit_Video_Converter.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - Reg Error: Value error. File not found
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Boingo Wi-Finder] C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk ()
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - Startup: C:\Users\Steve Penn Gerrard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...7/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38B017D3-68AF-42B4-86E2-7F250B99FCFD}: DhcpNameServer = 172.26.38.1 172.26.38.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D705A8F-4DF8-46A6-8C8A-140AE72FA2F5}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB929EA8-D58E-4BF8-A08C-1C71420CAAAF}: DhcpNameServer = 200.63.56.3 200.63.56.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{019d59e6-b826-11dd-ae45-00e0b8e97967}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe
O33 - MountPoints2\{019d59e6-b826-11dd-ae45-00e0b8e97967}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe
O33 - MountPoints2\{2307503e-94c2-11df-aded-00e0b8e97967}\Shell - "" = AutoRun
O33 - MountPoints2\{23075051-94c2-11df-aded-00e0b8e97967}\Shell - "" = AutoRun
O33 - MountPoints2\{5f0ee8d0-a163-11de-b290-00e0b8e97967}\Shell - "" = AutoRun
O33 - MountPoints2\{5f0ee8d0-a163-11de-b290-00e0b8e97967}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{76c3437f-4bd7-11df-b67f-00e0b8e97967}\Shell - "" = AutoRun
O33 - MountPoints2\{76c3437f-4bd7-11df-b67f-00e0b8e97967}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{ad515ec4-9a17-11df-a117-00e0b8e97967}\Shell - "" = AutoRun
O33 - MountPoints2\{ba24ef74-79b7-11de-bc3f-00e0b8e97967}\Shell - "" = AutoRun
O33 - MountPoints2\{ba24ef74-79b7-11de-bc3f-00e0b8e97967}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{d5b8e884-9b03-11df-823c-001e101f859f}\Shell - "" = AutoRun
O33 - MountPoints2\{d5b8e890-9b03-11df-823c-001e101f859f}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/25 05:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/25 05:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/25 05:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/25 05:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/25 05:32:59 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\Apple Computer
[2012/06/25 05:30:25 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\Apple
[2012/06/25 05:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/06/25 05:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/06/25 05:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/06/25 05:28:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/25 05:17:44 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Media Player Classic
[2012/06/25 05:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/06/25 05:11:42 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2012/06/25 05:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012/06/25 05:07:11 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012/06/25 05:07:11 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012/06/25 05:07:11 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012/06/25 05:07:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012/06/25 05:07:10 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012/06/25 05:07:10 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012/06/25 05:07:09 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012/06/25 05:07:09 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012/06/25 05:07:08 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012/06/25 05:07:08 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012/06/25 05:07:08 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012/06/25 05:07:08 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012/06/25 05:07:07 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012/06/25 05:07:07 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012/06/25 05:07:06 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012/06/25 05:07:06 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012/06/25 05:07:05 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012/06/25 05:07:05 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012/06/25 05:07:05 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012/06/25 05:07:05 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012/06/25 05:07:02 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012/06/25 05:07:02 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012/06/25 05:07:01 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012/06/25 05:07:01 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012/06/25 05:06:59 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2012/06/25 05:06:58 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012/06/25 05:06:58 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012/06/25 05:06:58 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012/06/25 05:06:58 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2012/06/25 05:06:48 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2012/06/25 05:06:48 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012/06/25 05:06:47 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2012/06/25 05:06:47 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012/06/25 05:06:46 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2012/06/25 05:06:46 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2012/06/25 05:06:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012/06/25 05:06:46 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2012/06/25 05:06:44 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2012/06/25 05:06:44 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2012/06/25 05:06:43 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2012/06/25 05:06:43 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012/06/25 05:06:43 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012/06/25 05:06:42 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2012/06/25 05:06:42 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2012/06/25 05:06:41 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012/06/25 05:06:41 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012/06/25 05:06:41 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2012/06/25 05:06:41 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012/06/25 05:06:41 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2012/06/25 05:06:41 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012/06/25 05:06:40 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2012/06/25 05:06:40 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012/06/25 05:06:39 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012/06/25 05:06:39 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012/06/25 05:06:39 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012/06/25 05:06:39 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012/06/25 05:06:37 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012/06/25 05:06:37 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012/06/25 05:06:37 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012/06/25 05:06:37 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012/06/25 05:06:36 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012/06/25 05:06:36 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012/06/25 05:06:36 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012/06/25 05:06:36 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012/06/25 05:06:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012/06/25 05:06:35 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012/06/25 05:06:34 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012/06/25 05:06:34 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012/06/25 05:06:34 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012/06/25 05:06:34 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012/06/25 05:06:33 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012/06/25 05:06:33 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012/06/25 05:06:32 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2012/06/25 05:06:32 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012/06/25 05:06:32 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2012/06/25 05:06:32 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012/06/25 05:06:31 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012/06/25 05:06:31 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2012/06/25 05:06:30 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2012/06/25 05:06:30 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012/06/25 05:06:29 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2012/06/25 05:06:29 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012/06/25 05:06:29 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2012/06/25 05:06:29 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012/06/25 05:06:27 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2012/06/25 05:06:27 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2012/06/25 05:06:26 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2012/06/25 05:06:26 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012/06/25 05:06:25 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012/06/25 05:06:25 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2012/06/25 05:06:24 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2012/06/25 05:06:24 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012/06/25 05:06:23 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2012/06/25 05:06:23 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012/06/25 05:06:23 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2012/06/25 05:06:23 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012/06/25 05:06:21 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2012/06/25 05:06:21 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2012/06/25 05:06:18 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2012/06/25 05:06:18 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012/06/25 05:06:15 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2012/06/25 05:06:15 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2012/06/25 05:06:15 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2012/06/25 05:06:15 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012/06/25 05:06:14 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2012/06/25 05:06:14 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012/06/25 05:06:12 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2012/06/25 05:06:12 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012/06/25 05:06:10 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012/06/25 05:06:10 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012/06/25 05:06:10 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2012/06/25 05:06:10 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012/06/25 05:06:08 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2012/06/25 05:06:08 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012/06/25 05:06:03 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2012/06/25 05:06:03 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012/06/25 05:06:03 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2012/06/25 05:06:03 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2012/06/25 05:06:02 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012/06/25 05:06:02 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012/06/25 05:06:02 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2012/06/25 05:06:02 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012/06/25 05:06:01 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2012/06/25 05:06:01 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012/06/25 05:06:00 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2012/06/25 05:06:00 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012/06/25 05:05:58 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012/06/25 05:05:58 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012/06/25 05:05:58 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2012/06/25 05:05:58 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012/06/25 05:05:58 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2012/06/25 05:05:58 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012/06/25 05:05:57 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2012/06/25 05:05:57 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012/06/25 05:05:55 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2012/06/25 05:05:55 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012/06/25 05:05:52 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2012/06/25 05:05:52 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012/06/25 05:05:52 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2012/06/25 05:05:52 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012/06/25 05:05:32 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2012/06/25 05:05:32 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012/06/25 05:05:32 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2012/06/25 05:05:32 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012/06/25 05:05:30 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012/06/25 05:05:30 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012/06/25 05:05:29 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2012/06/25 05:05:29 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012/06/25 05:05:27 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2012/06/25 05:05:27 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012/06/25 05:05:25 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2012/06/25 05:05:25 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012/06/25 05:05:25 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2012/06/25 05:05:25 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012/06/25 05:05:18 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2012/06/25 05:05:18 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012/06/25 05:05:13 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2012/06/25 05:05:13 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2012/06/25 05:05:10 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2012/06/25 05:05:10 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012/06/25 05:05:10 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2012/06/25 05:05:10 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012/06/25 05:05:08 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012/06/25 05:05:08 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012/06/25 05:05:07 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2012/06/25 05:05:07 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012/06/25 05:05:06 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2012/06/25 05:05:06 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012/06/25 05:05:05 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2012/06/25 05:05:05 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012/06/25 05:05:03 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2012/06/25 05:05:03 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012/06/25 05:05:02 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2012/06/25 05:05:02 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012/06/25 04:57:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/06/25 04:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2012/06/25 04:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012/06/25 04:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2012/06/25 04:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2012/06/25 04:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Cached Installations
[2012/06/25 03:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\One Click Privacy
[2012/06/25 03:33:54 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\Adobe
[2012/06/25 03:28:51 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/06/25 03:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/06/25 03:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/06/25 02:42:31 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/06/25 02:37:23 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{83E9B2FF-8111-42C3-8A27-E18967A63979}
[2012/06/25 01:10:07 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/06/25 01:10:07 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/06/25 01:10:07 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/06/25 01:02:04 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/25 01:02:04 | 000,839,096 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/06/25 01:02:04 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/06/25 01:01:41 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/06/25 01:01:41 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/06/25 01:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/25 00:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012/06/24 19:30:52 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\ESET
[2012/06/24 19:30:52 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\ESET
[2012/06/24 19:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/06/24 19:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/24 19:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/06/24 19:20:47 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\Desktop\Incoming
[2012/06/24 18:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/24 18:50:59 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\Macromedia
[2012/06/24 10:16:46 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{A216D63F-E4C4-47FB-9844-FD41DC7BD0FE}
[2012/06/24 10:16:14 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{29473B53-FDD0-4BE9-8336-374E35AA3DD9}
[2012/06/24 02:11:12 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{CF985310-8A79-4162-A76E-2635EC08A1A5}
[2012/06/24 02:08:58 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{726B777B-2B50-41A1-B3FB-F042AADB2255}
[2012/06/24 02:08:15 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{49AAF78C-49AA-4D66-A5FA-E09613AB42ED}
[2012/06/24 02:03:43 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{A130A523-2842-49C1-8D7E-A12A3DC6BA0A}
[2012/06/24 02:00:52 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{E5F452E8-868D-4D1B-A5BF-5D6CC04287A5}
[2012/06/22 12:39:26 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/22 12:39:26 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/22 12:39:26 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/22 12:38:50 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/22 12:38:50 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012/06/22 12:38:50 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/22 12:38:50 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012/06/22 12:38:50 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/22 12:38:50 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012/06/22 12:38:33 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/22 12:38:33 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012/06/22 12:38:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/22 12:38:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012/06/20 22:32:52 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{C2777247-6F69-44A6-AC72-DE9331B1BB12}
[2012/06/20 22:32:30 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{A4677517-BF4E-4025-B1DC-6E2AFA22ABEA}
[2012/06/20 22:30:23 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/20 11:38:59 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/20 11:36:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/06/20 11:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/06/20 11:27:11 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012/06/20 11:27:11 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012/06/20 11:27:09 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012/06/20 11:27:09 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012/06/20 11:25:54 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012/06/20 11:25:54 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012/06/16 23:28:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FriendsChecker
[2012/06/14 03:26:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/14 03:26:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/14 03:26:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/14 03:26:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/14 03:26:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/14 03:26:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/14 03:26:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/14 03:26:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 03:26:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/14 03:26:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 03:26:00 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/14 03:25:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 03:25:57 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 13:27:27 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 13:27:27 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/11 15:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/06/11 15:39:51 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/06/11 15:39:35 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/06/11 15:39:35 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/06/11 15:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/06/11 15:39:32 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/06/11 12:06:38 | 000,000,000 | R--D | C] -- C:\Users\Steve Penn Gerrard\Videos
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/26 21:45:18 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/26 21:35:08 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/26 21:35:06 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2012/06/26 21:35:05 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012/06/26 21:34:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2012/06/26 21:34:23 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 21:34:23 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 21:34:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/25 05:44:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/25 05:39:14 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2012/06/25 05:39:13 | 000,000,492 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/06/25 05:30:14 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2012/06/25 05:18:20 | 000,756,378 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/25 05:18:20 | 000,640,886 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/25 05:18:20 | 000,119,106 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/25 05:10:04 | 000,000,224 | ---- | M] () -- C:\Windows\SysWow64\9B13A86D.plf
[2012/06/25 04:58:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/25 01:01:08 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/25 01:01:08 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/06/25 01:01:08 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/06/25 01:01:08 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/06/25 01:01:07 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/06/24 19:18:22 | 000,110,592 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/24 18:34:28 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2012/06/24 18:11:59 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2012/06/24 02:09:46 | 000,000,297 | ---- | M] () -- C:\Windows\FreeAgent GoFlex Drive (F) - Shortcut.lnk
[2012/06/23 01:45:41 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 01:45:41 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/22 11:19:54 | 000,009,920 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\wklnhst.dat
[2012/06/20 22:24:57 | 000,000,680 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Local\d3d9caps.dat
[2012/06/20 22:19:34 | 002,342,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/20 22:15:06 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\One Click Privacy Scan.job
[2012/06/18 14:00:00 | 000,079,872 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/06/11 15:39:51 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/06/11 15:39:35 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/06/11 15:39:35 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/06/11 15:39:32 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/06/09 13:21:56 | 000,178,688 | ---- | M] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/02 18:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 18:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 18:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012/06/02 18:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012/06/02 18:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 18:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012/05/31 18:38:35 | 000,114,018 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\wlan-list.xml
[2012/05/31 18:38:33 | 000,001,892 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\providers.xml
[2012/05/28 11:31:34 | 000,000,938 | ---- | M] () -- C:\Users\Steve Penn Gerrard\Desktop\magicJack.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/25 05:30:23 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/06/25 05:11:46 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/06/25 05:11:46 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/06/25 05:11:42 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/25 05:11:39 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/06/25 05:10:04 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\9B13A86D.plf
[2012/06/25 04:21:02 | 000,000,492 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/06/25 04:20:49 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2012/06/25 03:35:09 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/24 18:34:28 | 000,000,000 | ---- | C] () -- C:\install.rdf
[2012/06/24 18:11:58 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/06/24 02:09:46 | 000,000,297 | ---- | C] () -- C:\Windows\FreeAgent GoFlex Drive (F) - Shortcut.lnk
[2012/06/20 22:30:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/20 11:36:21 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/06/20 11:35:27 | 000,001,243 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/06/20 11:33:56 | 000,001,053 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/06/20 11:32:40 | 000,002,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/05/15 14:35:20 | 000,001,892 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\providers.xml
[2012/03/30 08:49:57 | 000,751,784 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/27 19:54:08 | 000,114,018 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\wlan-list.xml
[2012/03/11 18:35:27 | 000,000,211 | ---- | C] () -- C:\Users\Steve Penn Gerrard\CD Drive - Shortcut.lnk
[2012/01/15 16:13:16 | 000,000,000 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Local\{2ED6336F-2A32-403E-B77D-DA546F10AE98}
[2011/07/01 23:49:14 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Image Manipulation
[2011/07/01 23:49:14 | 000,000,268 | RH-- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Hybrid Morph
[2011/07/01 23:49:14 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2011/07/01 23:49:14 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Sample Delay
[2010/08/29 19:31:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010/08/29 02:11:49 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Core Data Application
[2010/08/29 02:11:49 | 000,000,268 | RH-- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Configure Folder Actions
[2010/08/29 02:11:48 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/08/29 02:11:48 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Devices
[2010/08/29 02:09:19 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Contents
[2010/08/29 02:09:19 | 000,000,268 | RH-- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Compressor
[2010/08/29 02:09:19 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/08/29 02:09:19 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Database
[2010/08/25 08:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 08:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 08:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 07:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 07:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/06 17:09:36 | 000,156,522 | ---- | C] () -- C:\Users\Steve Penn Gerrard\PA140007.jpg
[2010/06/28 08:35:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\Hybrid Morph
[2010/06/28 08:35:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\ColorTable
[2010/06/28 08:35:12 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Image Units
[2010/06/28 08:35:12 | 000,000,268 | RH-- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Hybrid Synthesizers
[2010/06/28 08:35:12 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Sampler Files
[2010/05/11 04:45:25 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2009/09/02 05:34:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/09 23:56:43 | 000,009,920 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\wklnhst.dat
[2009/05/31 13:23:16 | 000,000,680 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Local\d3d9caps.dat
[2008/12/26 21:21:34 | 000,024,786 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\UserTile.png
[2008/11/21 09:32:08 | 000,110,592 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2008/11/21 21:00:33 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/01 14:31:48 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\deskPDF
[2010/07/29 23:59:19 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Dropbox
[2012/06/24 19:30:52 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\ESET
[2012/06/24 18:33:59 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Fighters
[2010/08/23 04:05:17 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Freelance Software
[2010/05/09 21:12:01 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\FUJIFILM
[2010/04/30 21:19:56 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\GARMIN
[2009/03/09 13:20:50 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\GetRightToGo
[2009/03/22 03:11:46 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Ludia
[2010/05/16 00:42:40 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\MI
[2012/05/28 11:31:39 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\mjusbsp
[2010/08/14 21:16:37 | 000,000,000 | -HSD | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\My Security Shield
[2009/09/16 06:53:14 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Nik Software
[2011/07/01 23:49:34 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Nikon
[2012/06/24 19:14:59 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Nuance
[2009/08/18 01:37:22 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\onOne Software
[2009/03/05 12:46:12 | 000,000,000 | R--D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\PeerNetworking
[2009/09/08 05:29:46 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Template
[2009/03/20 01:23:58 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Thunderbird
[2010/08/29 08:51:17 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\WeatherBug
[2009/03/11 12:14:42 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\WildTangent
[2011/11/30 00:49:45 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Zeon
[2012/06/25 01:42:31 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\ZumoDrive
[2012/06/20 22:15:06 | 000,000,450 | ---- | M] () -- C:\Windows\Tasks\One Click Privacy Scan.job
[2012/06/25 05:39:13 | 000,000,492 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2012/06/25 05:39:14 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2012/06/26 21:35:05 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job
[2012/06/25 05:44:55 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/26 21:35:06 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\SpeedUpMyPC.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0

< End of report >

OTL Extras:

OTL Extras logfile created on: 6/26/2012 9:43:25 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Steve Penn Gerrard\Desktop\Incoming
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 45.76% Memory free
8.03 Gb Paging File | 5.83 Gb Available in Paging File | 72.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.44 Gb Total Space | 17.00 Gb Free Space | 15.26% Space Free | Partition Type: NTFS
Drive D: | 111.44 Gb Total Space | 35.04 Gb Free Space | 31.44% Space Free | Partition Type: NTFS
Drive E: | 7.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: STEVEPENNGER-PC | User Name: Steve Penn Gerrard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = F9 B8 D7 57 4D 74 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe" = C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe:*:Enabled:iBryteDesktop
"C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe" = C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe:*:Enabled:iBryteDesktop

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{074A2C83-6272-4BE2-8C7D-81F980DAC619}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{09E1EB2D-11D4-4F8D-AF2B-B3EA0BC5560F}" = lport=138 | protocol=17 | dir=in | app=system |
"{0CBBB057-0255-48D9-82E5-68A61991F54E}" = rport=138 | protocol=17 | dir=out | app=system |
"{0D3767CD-5E51-444B-B17A-B3D85F9EA8C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0E1BFE9E-A016-450F-AA40-1C6B17C1B21B}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{10749E27-EFFB-439A-9DE8-5508156C83BC}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{114D08D1-0D48-4F06-A4C3-CFA4EFB820CF}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{17E5F687-BD38-4427-B962-742F063C4469}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{26DD1ACA-3F03-41F6-9C04-AFCF628AF693}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{2FFE0721-6CEA-491A-90AB-0EE785112291}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39F861A7-4480-4B2E-A7C3-84E4DC00A1FA}" = rport=139 | protocol=6 | dir=out | app=system |
"{3B3363CB-7F2D-4932-BEF3-F98DA7618DC1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DF62ACE-81B7-495F-A867-9AF17BE40ED3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{477E9BF9-F0E2-4A9E-B074-C77662C092AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4D8C577E-7D0B-45D2-A64F-0F1C81CD8B95}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54C366B2-BB39-4E81-BDEA-D939396F15B8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{58D24024-A35E-4AB5-AD3D-96D66BDB062E}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{5A7FF9BB-767D-4E07-9329-E7CE85DD6FA5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5FEF5D54-88D7-493D-9F61-C24F4418DF87}" = rport=445 | protocol=6 | dir=out | app=system |
"{6448A022-1B46-4A83-8781-3D37083DC515}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A7A3B14-D7ED-4C53-9221-4DD1DF82849E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6E08F0E3-ACFB-4C16-85A2-45F237BB2365}" = lport=445 | protocol=6 | dir=in | app=system |
"{77126692-9038-4DC0-8B3B-9B9EBB7A4B9E}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
"{7D701685-2082-4762-BF7E-A16785352099}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{895E9A97-AB84-40D2-81F9-5A3AD8378113}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{952DBAD3-3765-4E1A-AF12-8A01BABA5962}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A32677D8-CE47-4A6F-8F38-70B042ABCD70}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A3DD6CA1-DEB0-483E-9B5F-A65C9C0E1D7B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD25F71A-1E3A-44DC-A990-9274065B4705}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AF260CE9-DBDA-474A-8D3D-2F2B0E1A6A44}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B10E88BC-29D0-4D8F-BBE6-CCA6E67D8957}" = lport=139 | protocol=6 | dir=in | app=system |
"{B14CD099-3A52-41F6-A4EF-5DE4F31953EF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BE9FF73B-C5A4-4FEF-8216-59B4C669AE5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF960D6E-DE51-4BF5-A5B0-9CE3B27ED1D2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C554AC54-3680-48BC-B679-D13ADEF114E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D2D85FFE-B847-403B-9B00-1E4726E32BEF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D483FF79-4BC8-4827-AC53-044EA999D128}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
"{DECDE539-F1D7-4218-A57A-DB80C92320B5}" = lport=137 | protocol=17 | dir=in | app=system |
"{DFFC7973-5715-423F-81CC-8DE7D268C21A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{E76DCD2F-3834-4624-A4D1-7549DF8E2257}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F3AE5342-BC05-4C32-AF80-75B975462B4E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA4D941A-FE7B-4D3A-A31E-C85C43DA4073}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{FE91958A-6E8C-45BC-8F93-64CD465A66D2}" = rport=137 | protocol=17 | dir=out | app=system |
"{FF5AAFCC-2CE5-412F-9114-519BE55CE8BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{FFA74945-1D73-47FD-861A-D8DC9525D103}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050E829E-48E2-4CDA-BD7B-F96F32BF5B73}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{151FB8D0-1005-49F9-92DA-C47FD1BE7303}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{15E20570-7C2F-4895-A1FB-1C4C0E334671}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{181E43C1-28FD-4C4A-AC09-AB759DECCA2A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1A2A7495-60B5-4A08-BCC7-D5DF2C2DC225}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1FA653F0-9577-4041-8B30-39ADF3548F7A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{289F9C83-397E-4499-B42C-AC02AA9F94D0}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe |
"{2E372174-AF59-4284-A5D3-E4CE55B9F33A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3226BB2F-FF8D-4232-A2BB-E1AEF53BDC11}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{34707132-1146-46B1-82F8-91DD0E70F5B5}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe |
"{3597F118-B907-449B-8BD8-57FDD821BE3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3FC13261-ADF4-46C7-84D1-1ADB40895E73}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{40C2E602-6C16-4C88-882B-EC731779E388}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{441C8574-DFC4-4DE7-9339-BA5B41FAA83D}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{4DFA0CEC-E446-4316-AC66-F2620D159EAF}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{55F198CA-7FF8-44AE-A534-396997E70450}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{561E1691-1219-429C-9574-CDCC42942E4D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{58327B9A-F087-4F6F-845C-826170D5617E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5D2732E5-B4D3-4AAE-AFA4-67D7E06A12F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5DD38C6C-3071-4AB2-809E-57B6FAC1022A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{667ECAA1-DE3B-49D1-9261-04EB6DAE17F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68E8BD6D-FA57-403C-A8FF-82AD8FAD7E9B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B2B6202-BC2F-41FC-940F-E94284161F7A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6DD2CF23-E5E6-47B3-8CC5-BDD15CDB12A4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6E33B85F-AB79-4059-AAAA-5394B9F9D734}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E693D81-72E5-42C9-B2E7-FCC2F1FF4093}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{703695D1-8822-4D91-8CF8-408E4523AA54}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{713E37EA-75A0-4E18-8BD1-DB9BC23D167F}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{9EF8BAC8-9A15-4A26-A2E5-C94558FB5B8A}" = protocol=1 | dir=in | [email protected],-28543 |
"{A56B47B4-C5C1-4342-8893-F34C64B4D9F7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A92A5615-9B09-447F-9B73-64AABFF2D442}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AE63B031-405A-49DB-9897-B8586BA2F398}" = protocol=58 | dir=in | [email protected],-28545 |
"{B180B4BF-4747-48A8-A0E0-47082C8CB0BE}" = protocol=6 | dir=out | app=system |
"{B2FCB467-D754-4078-AAA8-96308AE48394}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B783E61E-083B-48BA-987A-0090C7B855DB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BA3B283C-4D89-4FA9-83C3-60DA543C6FB6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CC9E9D50-05C1-4E61-B496-43E4ED1211FC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D4CFC8FB-B383-471D-A13E-FA9D9049A0C2}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{D8DD9141-7A1B-43F1-A84F-0A30B20D735E}" = protocol=58 | dir=out | [email protected],-28546 |
"{DB4DEA03-11E2-4314-A22E-871AAB5AD935}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DDF9EB09-22CF-4B9D-AAE6-43055C952ACE}" = protocol=1 | dir=out | [email protected],-28544 |
"{E3157F65-EFD9-452B-9B3C-DF0FFDB03198}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E5E03945-CDF6-4D2F-A72E-86F64D8DF5CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6FD4694-C49D-4EC0-8072-25AADD43C09B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F50B51B0-B2FC-48DB-908E-DC6EAC5EF2BC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{5AFA0FE0-CBA4-41D4-AC35-7ED4340075A8}C:\users\steve penn gerrard\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\steve penn gerrard\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{A17862B2-0220-41AB-AA3C-6B9AFF468D76}C:\users\steve penn gerrard\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\steve penn gerrard\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{0838EB9A-9FBD-4A51-8BB7-C8AE3B25B60D}C:\users\steve penn gerrard\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\steve penn gerrard\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{4589A732-EE1F-4723-AB4F-DFB2B4B261E8}C:\users\steve penn gerrard\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\steve penn gerrard\appdata\roaming\mjusbsp\magicjack.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B059BBA1-D29C-4EFC-83CE-1FBAFA0021F2}" = O2Micro Flash Memory Card Reader Driver (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7274D82-C857-4C20-AB1A-D701D64BFD90}" = ESET Smart Security
"{FB555BCF-9202-4886-9203-88C9A210D727}" = HP Deskjet 3050A J611 series Basic Device Software
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 33
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3007B36D-AB7C-4CA4-83A2-89D69A4C4094}" = Mailinfo
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3B55590C-8A9B-4BD6-B489-744B63026A2A}" = Adobe Photoshop Elements Digital Home
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8674DA43-CE5D-48EB-94E8-E0DC5B59AF88}_is1" = Satellite Direct v9.25.1.1
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B01DD5B7-9862-43D7-BCA3-7882A17E4328}" = PhotoTools 1.0 Professional Edition
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1C2398C-6FAB-46D1-806C-5942F0829994}" = ParetoLogic Data Recovery
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CC5E14BC-6D65-4DA4-A0CE-08863C5CD0C0}" = Boingo Wi-Finder
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AskSBar Uninstall" = Ask Toolbar
"Banda Ancha Movil" = Banda Ancha Movil
"Capture NX 2" = Capture NX 2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"fbDownloader" = fbDownloader 1.0.2.0
"FileHippo.com" = FileHippo.com Update Checker
"FriendsChecker" = FriendsChecker
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iBryte_playbryte" = PlayBryte
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.9.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Master-3rd Unlimited4.5" = Master-3rd Unlimited
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PIXresizer_is1" = PIXresizer 2.0.4
"RealPlayer 15.0" = RealPlayer
"Silver Efex Pro" = Silver Efex Pro
"ST6UNST #1" = Deck License Program - 2009 Ed
"The Weather Channel App" = The Weather Channel App
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TurboTax 2010" = TurboTax 2010
"usjobsearchtoolbar" = US Job Search Toolbar
"Vex Connector_is1" = Vex Connector
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"magicJack" = magicJack

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/25/2012 5:31:06 AM | Computer Name = StevePennGer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 6/25/2012 5:34:07 AM | Computer Name = StevePennGer-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/25/2012 5:34:07 AM | Computer Name = StevePennGer-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/25/2012 5:40:19 AM | Computer Name = StevePennGer-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/25/2012 5:43:08 AM | Computer Name = StevePennGer-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/25/2012 5:43:08 AM | Computer Name = StevePennGer-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/26/2012 9:35:46 PM | Computer Name = StevePennGer-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/26/2012 9:36:18 PM | Computer Name = StevePennGer-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/26/2012 9:36:18 PM | Computer Name = StevePennGer-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/26/2012 9:42:50 PM | Computer Name = StevePennGer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

[ Media Center Events ]
Error - 4/22/2009 11:43:41 PM | Computer Name = StevePennGer-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/29/2009 9:58:48 PM | Computer Name = StevePennGer-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/22/2009 7:28:38 PM | Computer Name = StevePennGer-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 9:56:28 PM | Computer Name = StevePennGer-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/9/2010 11:37:14 PM | Computer Name = StevePennGer-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 4/8/2009 7:56:26 AM | Computer Name = StevePennGer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 239 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/25/2012 3:07:29 AM | Computer Name = StevePennGer-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.47 for the Network Card with network
address 00E0B8E97967 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/25/2012 3:34:14 AM | Computer Name = StevePennGer-PC | Source = DCOM | ID = 10005
Description =

Error - 6/25/2012 3:34:14 AM | Computer Name = StevePennGer-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/25/2012 3:34:14 AM | Computer Name = StevePennGer-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/25/2012 5:31:57 AM | Computer Name = StevePennGer-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 6/25/2012 5:32:03 AM | Computer Name = StevePennGer-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 6/25/2012 5:32:10 AM | Computer Name = StevePennGer-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 6/25/2012 5:35:49 AM | Computer Name = StevePennGer-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 6/25/2012 5:39:01 AM | Computer Name = StevePennGer-PC | Source = volsnap | ID = 393241

Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.

Error - 6/25/2012 5:44:57 AM | Computer Name = StevePennGer-PC | Source = WMPNetworkSvc | ID = 866314
Description =

< End of report >

aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-26 22:02:24
-----------------------------
22:02:24.010 OS Version: Windows x64 6.0.6002 Service Pack 2
22:02:24.010 Number of processors: 2 586 0xF0D
22:02:24.011 ComputerName: STEVEPENNGER-PC UserName:
22:02:25.305 Initialize success
22:02:35.055 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:02:35.071 Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 3
22:02:35.094 Disk 0 MBR read successfully
22:02:35.096 Disk 0 MBR scan
22:02:35.099 Disk 0 unknown MBR code
22:02:35.120 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
22:02:35.139 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114116 MB offset 20973568
22:02:35.163 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 114117 MB offset 254683136
22:02:35.186 Disk 0 scanning C:\Windows\system32\drivers
22:02:43.664 Service scanning
22:03:08.488 Modules scanning
22:03:08.497 Disk 0 trace - called modules:
22:03:08.525 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
22:03:08.530 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f34400]
22:03:08.535 3 CLASSPNP.SYS[fffffa6000fc7c33] -> nt!IofCallDriver -> [0xfffffa8004bc2a80]
22:03:08.778 5 acpi.sys[fffffa60008f8fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c0a050]
22:03:08.785 Scan finished successfully
22:12:33.973 Disk 0 MBR has been saved successfully to "C:\Users\Steve Penn Gerrard\Pictures\Documents\MBR.dat"
22:12:33.980 The log file has been saved successfully to "C:\Users\Steve Penn Gerrard\Pictures\Documents\aswMBR.txt"

#4
jeffce

Posted 27 June 2012 - 06:18 AM

Trusted Helper

Malware Removal
216 posts

Hi,

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

If you are running Malwarebytes 1.6 or better, please disable it for the duration of this run.

To disable Malwarebytes

Open the scanner and select the Protection tab
Remove the tick from "Start Protection Module with Windows" as seen below

Once complete continue with the instructions...
----------

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:Services

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...15-930D49234B02
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://prodigy.msn.c...MX&dcc=MX&opt=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C A5 B3 FD FC 17 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {5963db80-6910-e734-3d61-9e997c263db5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=26dd9ba9-7b67-44f3-b261-f4126415b79d&query={searchTerms}
IE - HKCU\..\SearchScopes\{D75CCC30-8AE6-4780-80EB-58543F5FD096}: "URL" = http://search.speedb...q={searchTerms}
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-yma3"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-yma3"
FF - prefs.js..browser.startup.homepage: "http://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20111149,16695,0,16,0"
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.3.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\FriendsChecker\Firefox\ [2012/06/16 23:28:55 | 000,000,000 | ---D | M]
[2010/05/01 22:04:36 | 000,000,000 | ---D | M] (US Job Search Toolbar) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}
[2010/06/16 18:03:45 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\[email protected]
[2010/05/16 01:22:51 | 000,001,945 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\searchplugins\bing-zugo.xml
[2012/06/26 21:37:34 | 000,002,030 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\searchplugins\search-here.xml
[2009/01/20 19:29:32 | 000,024,683 | ---- | M] (Ask.com) -- C:\Program Files (x86)\mozilla firefox\plugins\NPAskSBr.dll
[2012/05/18 00:42:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - Reg Error: Value error. File not found
O2 - BHO: (FriendsChecker) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\FriendsChecker\IE\common.dll (FriendsChecker)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - Reg Error: Value error. File not found
O2 - BHO: (US Job Search Toolbar) - {f409caa5-db4f-48aa-a238-ca307c481237} - C:\Program Files (x86)\usjobsearchtoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (US Job Search Toolbar) - {f409caa5-db4f-48aa-a238-ca307c481237} - C:\Program Files (x86)\usjobsearchtoolbar\vmntemplateX.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O33 - MountPoints2\{019d59e6-b826-11dd-ae45-00e0b8e97967}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe
O33 - MountPoints2\{019d59e6-b826-11dd-ae45-00e0b8e97967}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe
O33 - MountPoints2\{2307503e-94c2-11df-aded-00e0b8e97967}\Shell - "" = AutoRun
O33 - MountPoints2\{23075051-94c2-11df-aded-00e0b8e97967}\Shell - "" = AutoRun
O33 - MountPoints2\{5f0ee8d0-a163-11de-b290-00e0b8e97967}\Shell - "" = AutoRun
O33 - MountPoints2\{5f0ee8d0-a163-11de-b290-00e0b8e97967}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{76c3437f-4bd7-11df-b67f-00e0b8e97967}\Shell - "" = AutoRun
O33 - MountPoints2\{76c3437f-4bd7-11df-b67f-00e0b8e97967}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{ad515ec4-9a17-11df-a117-00e0b8e97967}\Shell - "" = AutoRun
O33 - MountPoints2\{ba24ef74-79b7-11de-bc3f-00e0b8e97967}\Shell - "" = AutoRun
O33 - MountPoints2\{ba24ef74-79b7-11de-bc3f-00e0b8e97967}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{d5b8e884-9b03-11df-823c-001e101f859f}\Shell - "" = AutoRun
O33 - MountPoints2\{d5b8e890-9b03-11df-823c-001e101f859f}\Shell - "" = AutoRun
[2012/06/16 23:28:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FriendsChecker
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2012/06/24 19:18:22 | 000,110,592 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/09 13:20:50 | 000,000,000 | ---D | M] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\GetRightToGo

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[createrestorepoint]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

#5
Sirius Black

Posted 28 June 2012 - 02:32 AM

Member

Topic Starter
Member
77 posts

Ok, new OTL logs

OTL: OTL logfile created on: 6/28/2012 4:23:45 AM - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Steve Penn Gerrard\Desktop\Incoming
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 48.40% Memory free
8.06 Gb Paging File | 6.17 Gb Available in Paging File | 76.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.44 Gb Total Space | 11.62 Gb Free Space | 10.43% Space Free | Partition Type: NTFS
Drive D: | 111.44 Gb Total Space | 35.04 Gb Free Space | 31.44% Space Free | Partition Type: NTFS
Drive E: | 7.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: STEVEPENNGER-PC | User Name: Steve Penn Gerrard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Steve Penn Gerrard\Desktop\Incoming\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo Wi-Finder.exe (Boingo Wireless)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Boingo\Boingo Wi-Finder\boingoex.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:64bit: - (ETService) -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (o2flash) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (epfw) -- C:\Windows\SysNative\DRIVERS\epfw.sys (ESET)
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\DRIVERS\epfwwfp.sys (ESET)
DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\DRIVERS\EpfwLWF.sys (ESET)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\DRIVERS\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\DRIVERS\ehdrv.sys (ESET)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RMCAST) RMCAST (Pgm) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys (Microsoft Corporation)
DRV:64bit: - (WPN111) -- C:\Windows\SysNative\DRIVERS\WPN111vx.sys (Atheros Communications, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (O2SDRDR) -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys (O2Micro )
DRV:64bit: - (O2MDRDR) -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys (O2Micro )
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8187Se) -- C:\Windows\SysNative\DRIVERS\RTL8187Se.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (UVCFTR) -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\WUSB54GCx64.sys (Ralink Technology Inc.)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (PCAMp50a64) -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\Drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...=1008&m=m-7315u
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...=1008&m=m-7315u
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...15-930D49234B02
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://prodigy.msn.c...MX&dcc=MX&opt=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C A5 B3 FD FC 17 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {5963db80-6910-e734-3d61-9e997c263db5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{4408C5D3-D063-47B7-F412-10B06D154E1C}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{664E8AF9-8F70-463D-BADE-E3B21AF58FBB}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKCU\..\SearchScopes\{85BB23C7-0F67-4250-6758-200ACEDDE7FE}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=26dd9ba9-7b67-44f3-b261-f4126415b79d&query={searchTerms}
IE - HKCU\..\SearchScopes\{D75CCC30-8AE6-4780-80EB-58543F5FD096}: "URL" = http://search.speedb...q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://findgala.com/...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-yma3"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-yma3"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.search.ya...9,16695,0,16,0"
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:9.9.2
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.21
FF - prefs.js..extensions.enabledItems: {e2337727-f9c9-411b-929e-287584341d1a}:3.5.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.00
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.35
FF - prefs.js..extensions.enabledItems: {b9dbe2c0-031f-4cad-911a-f4a7381d79c0}:1.0.31
FF - prefs.js..extensions.enabledItems: {f409caa5-db4f-48aa-a238-ca307c481237}:1.0.0.0
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.3.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: wecarereminder@bryan:5.0.9.5
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.5.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.3.7

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/06/24 19:25:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/11 15:40:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/11 15:38:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/25 03:35:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/11 15:39:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/06/24 19:25:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\FriendsChecker\Firefox\ [2012/06/16 23:28:55 | 000,000,000 | ---D | M]

[2008/12/21 23:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Extensions
[2012/06/27 21:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions
[2012/01/30 15:03:55 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/11/30 00:56:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/06 13:03:16 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2012/05/24 22:41:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/24 18:11:14 | 000,000,000 | ---D | M] (Fast Search by Surf Canyon) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2010/08/06 13:03:16 | 000,000,000 | ---D | M] (Answers) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2011/11/30 00:56:55 | 000,000,000 | ---D | M] (LinkedIn Companion for Firefox) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{e2337727-f9c9-411b-929e-287584341d1a}
[2010/05/01 22:04:36 | 000,000,000 | ---D | M] (US Job Search Toolbar) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}
[2010/06/16 18:03:45 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\[email protected]
[2010/08/29 08:50:22 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\[email protected]
[2010/08/29 08:50:00 | 000,000,000 | ---D | M] (BetterLinks) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\[email protected]
[2012/06/27 21:38:27 | 000,000,000 | ---D | M] (We-Care App) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\wecarereminder@bryan
[2010/05/16 01:22:51 | 000,001,945 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\searchplugins\bing-zugo.xml
[2012/06/28 04:22:08 | 000,001,982 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\searchplugins\search-here.xml
[2012/06/25 01:10:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/25 01:10:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/06/25 00:53:10 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\STEVE PENN GERRARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2WKCS4Z0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/15 21:39:06 | 000,020,228 | ---- | M] () (No name found) -- C:\USERS\STEVE PENN GERRARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2WKCS4Z0.DEFAULT\EXTENSIONS\[email protected]
[2012/05/18 00:42:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/03/31 08:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\mozilla firefox\components\coFFPlgn.dll
[2009/01/20 19:29:32 | 000,024,683 | ---- | M] (Ask.com) -- C:\Program Files (x86)\mozilla firefox\plugins\NPAskSBr.dll
[2010/10/06 20:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/06 20:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/11 15:39:41 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/05/18 00:42:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/18 00:42:21 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Ask Toolbar Plugin Stub (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPAskSBr.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Steve Penn Gerrard\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Steve Penn Gerrard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: We-Care Reminder Lite = C:\Users\Steve Penn Gerrard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.3_0\

O1 HOSTS File: ([2001/08/24 07:00:00 | 000,000,792 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - Reg Error: Value error. File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (FriendsChecker) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\FriendsChecker\IE\common.dll (FriendsChecker)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SBCONVERT Class) - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files (x86)\SpeedBit Video Converter\Toolbar\SpeedBit_Video_Converter.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - Reg Error: Value error. File not found
O2 - BHO: (US Job Search Toolbar) - {f409caa5-db4f-48aa-a238-ca307c481237} - C:\Program Files (x86)\usjobsearchtoolbar\vmntemplateX.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Converter\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Converter) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Converter\Toolbar\SpeedBit_Video_Converter.dll ()
O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (US Job Search Toolbar) - {f409caa5-db4f-48aa-a238-ca307c481237} - C:\Program Files (x86)\usjobsearchtoolbar\vmntemplateX.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Converter) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Converter\Toolbar\SpeedBit_Video_Converter.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - Reg Error: Value error. File not found
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Boingo Wi-Finder] C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk ()
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - Startup: C:\Users\Steve Penn Gerrard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...7/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38B017D3-68AF-42B4-86E2-7F250B99FCFD}: DhcpNameServer = 172.26.38.1 172.26.38.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D705A8F-4DF8-46A6-8C8A-140AE72FA2F5}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB929EA8-D58E-4BF8-A08C-1C71420CAAAF}: DhcpNameServer = 200.63.56.3 200.63.56.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{019d59e6-b826-11dd-ae45-00e0b8e97967}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe
O33 - MountPoints2\{019d59e6-b826-11dd-ae45-00e0b8e97967}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe
O33 - MountPoints2\{2307503e-94c2-11df-aded-00e0b8e97967}\Shell - "" = AutoRun
O33 - MountPoints2\{23075051-94c2-11df-aded-00e0b8e97967}\Shell - "" = AutoRun
O33 - MountPoints2\{5f0ee8d0-a163-11de-b290-00e0b8e97967}\Shell - "" = AutoRun
O33 - MountPoints2\{5f0ee8d0-a163-11de-b290-00e0b8e97967}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{76c3437f-4bd7-11df-b67f-00e0b8e97967}\Shell - "" = AutoRun
O33 - MountPoints2\{76c3437f-4bd7-11df-b67f-00e0b8e97967}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{ad515ec4-9a17-11df-a117-00e0b8e97967}\Shell - "" = AutoRun
O33 - MountPoints2\{ba24ef74-79b7-11de-bc3f-00e0b8e97967}\Shell - "" = AutoRun
O33 - MountPoints2\{ba24ef74-79b7-11de-bc3f-00e0b8e97967}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{d5b8e884-9b03-11df-823c-001e101f859f}\Shell - "" = AutoRun
O33 - MountPoints2\{d5b8e890-9b03-11df-823c-001e101f859f}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/27 21:57:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/27 21:43:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/27 21:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/06/27 21:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/06/25 05:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/25 05:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/25 05:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/25 05:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/25 05:32:59 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\Apple Computer
[2012/06/25 05:30:25 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\Apple
[2012/06/25 05:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/06/25 05:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/06/25 05:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/06/25 05:28:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/25 05:17:44 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Media Player Classic
[2012/06/25 05:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/06/25 05:11:42 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2012/06/25 05:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012/06/25 05:07:11 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012/06/25 05:07:11 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012/06/25 05:07:11 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012/06/25 05:07:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012/06/25 05:07:10 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012/06/25 05:07:10 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012/06/25 05:07:09 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012/06/25 05:07:09 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012/06/25 05:07:08 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012/06/25 05:07:08 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012/06/25 05:07:08 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012/06/25 05:07:08 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012/06/25 05:07:07 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012/06/25 05:07:07 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012/06/25 05:07:06 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012/06/25 05:07:06 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012/06/25 05:07:05 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012/06/25 05:07:05 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012/06/25 05:07:05 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012/06/25 05:07:05 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012/06/25 05:07:02 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012/06/25 05:07:02 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012/06/25 05:07:01 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012/06/25 05:07:01 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012/06/25 05:06:59 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2012/06/25 05:06:58 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012/06/25 05:06:58 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012/06/25 05:06:58 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012/06/25 05:06:58 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2012/06/25 05:06:48 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2012/06/25 05:06:48 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012/06/25 05:06:47 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2012/06/25 05:06:47 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012/06/25 05:06:46 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2012/06/25 05:06:46 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2012/06/25 05:06:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012/06/25 05:06:46 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2012/06/25 05:06:44 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2012/06/25 05:06:44 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2012/06/25 05:06:43 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2012/06/25 05:06:43 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012/06/25 05:06:43 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012/06/25 05:06:42 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2012/06/25 05:06:42 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2012/06/25 05:06:41 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012/06/25 05:06:41 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012/06/25 05:06:41 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2012/06/25 05:06:41 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012/06/25 05:06:41 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2012/06/25 05:06:41 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012/06/25 05:06:40 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2012/06/25 05:06:40 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012/06/25 05:06:39 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012/06/25 05:06:39 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012/06/25 05:06:39 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012/06/25 05:06:39 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012/06/25 05:06:37 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012/06/25 05:06:37 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012/06/25 05:06:37 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012/06/25 05:06:37 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012/06/25 05:06:36 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012/06/25 05:06:36 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012/06/25 05:06:36 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012/06/25 05:06:36 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012/06/25 05:06:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012/06/25 05:06:35 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012/06/25 05:06:34 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012/06/25 05:06:34 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012/06/25 05:06:34 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012/06/25 05:06:34 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012/06/25 05:06:33 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012/06/25 05:06:33 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012/06/25 05:06:32 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2012/06/25 05:06:32 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012/06/25 05:06:32 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2012/06/25 05:06:32 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012/06/25 05:06:31 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012/06/25 05:06:31 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2012/06/25 05:06:30 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2012/06/25 05:06:30 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012/06/25 05:06:29 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2012/06/25 05:06:29 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012/06/25 05:06:29 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2012/06/25 05:06:29 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012/06/25 05:06:27 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2012/06/25 05:06:27 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2012/06/25 05:06:26 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2012/06/25 05:06:26 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012/06/25 05:06:25 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012/06/25 05:06:25 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2012/06/25 05:06:24 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2012/06/25 05:06:24 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012/06/25 05:06:23 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2012/06/25 05:06:23 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012/06/25 05:06:23 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2012/06/25 05:06:23 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012/06/25 05:06:21 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2012/06/25 05:06:21 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2012/06/25 05:06:18 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2012/06/25 05:06:18 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012/06/25 05:06:15 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2012/06/25 05:06:15 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2012/06/25 05:06:15 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2012/06/25 05:06:15 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012/06/25 05:06:14 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2012/06/25 05:06:14 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012/06/25 05:06:12 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2012/06/25 05:06:12 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012/06/25 05:06:10 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012/06/25 05:06:10 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012/06/25 05:06:10 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2012/06/25 05:06:10 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012/06/25 05:06:08 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2012/06/25 05:06:08 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012/06/25 05:06:03 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2012/06/25 05:06:03 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012/06/25 05:06:03 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2012/06/25 05:06:03 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2012/06/25 05:06:02 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012/06/25 05:06:02 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012/06/25 05:06:02 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2012/06/25 05:06:02 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012/06/25 05:06:01 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2012/06/25 05:06:01 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012/06/25 05:06:00 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2012/06/25 05:06:00 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012/06/25 05:05:58 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012/06/25 05:05:58 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012/06/25 05:05:58 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2012/06/25 05:05:58 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012/06/25 05:05:58 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2012/06/25 05:05:58 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012/06/25 05:05:57 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2012/06/25 05:05:57 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012/06/25 05:05:55 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2012/06/25 05:05:55 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012/06/25 05:05:52 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2012/06/25 05:05:52 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012/06/25 05:05:52 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2012/06/25 05:05:52 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012/06/25 05:05:32 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2012/06/25 05:05:32 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012/06/25 05:05:32 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2012/06/25 05:05:32 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012/06/25 05:05:30 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012/06/25 05:05:30 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012/06/25 05:05:29 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2012/06/25 05:05:29 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012/06/25 05:05:27 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2012/06/25 05:05:27 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012/06/25 05:05:25 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2012/06/25 05:05:25 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012/06/25 05:05:25 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2012/06/25 05:05:25 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012/06/25 05:05:18 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2012/06/25 05:05:18 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012/06/25 05:05:13 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2012/06/25 05:05:13 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2012/06/25 05:05:10 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2012/06/25 05:05:10 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012/06/25 05:05:10 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2012/06/25 05:05:10 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012/06/25 05:05:08 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012/06/25 05:05:08 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012/06/25 05:05:07 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2012/06/25 05:05:07 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012/06/25 05:05:06 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2012/06/25 05:05:06 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012/06/25 05:05:05 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2012/06/25 05:05:05 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012/06/25 05:05:03 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2012/06/25 05:05:03 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012/06/25 05:05:02 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2012/06/25 05:05:02 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012/06/25 04:57:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/06/25 04:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2012/06/25 04:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012/06/25 04:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2012/06/25 04:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2012/06/25 04:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Cached Installations
[2012/06/25 03:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\One Click Privacy
[2012/06/25 03:33:54 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\Adobe
[2012/06/25 03:28:51 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/06/25 03:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/06/25 03:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/06/25 02:42:31 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/06/25 02:37:23 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{83E9B2FF-8111-42C3-8A27-E18967A63979}
[2012/06/25 01:10:07 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/06/25 01:10:07 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/06/25 01:10:07 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/06/25 01:02:04 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/25 01:02:04 | 000,839,096 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/06/25 01:02:04 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/06/25 01:01:41 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/06/25 01:01:41 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/06/25 01:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/25 00:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012/06/24 19:30:52 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\ESET
[2012/06/24 19:30:52 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\ESET
[2012/06/24 19:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/06/24 19:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/24 19:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/06/24 19:20:47 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\Desktop\Incoming
[2012/06/24 18:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/24 18:50:59 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\Macromedia
[2012/06/24 10:16:46 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{A216D63F-E4C4-47FB-9844-FD41DC7BD0FE}
[2012/06/24 10:16:14 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{29473B53-FDD0-4BE9-8336-374E35AA3DD9}
[2012/06/24 02:11:12 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{CF985310-8A79-4162-A76E-2635EC08A1A5}
[2012/06/24 02:08:58 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{726B777B-2B50-41A1-B3FB-F042AADB2255}
[2012/06/24 02:08:15 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{49AAF78C-49AA-4D66-A5FA-E09613AB42ED}
[2012/06/24 02:03:43 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{A130A523-2842-49C1-8D7E-A12A3DC6BA0A}
[2012/06/24 02:00:52 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{E5F452E8-868D-4D1B-A5BF-5D6CC04287A5}
[2012/06/22 12:39:26 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/22 12:39:26 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/22 12:39:26 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/22 12:38:50 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/22 12:38:50 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012/06/22 12:38:50 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/22 12:38:50 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012/06/22 12:38:50 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/22 12:38:50 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012/06/22 12:38:33 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/22 12:38:33 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012/06/22 12:38:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/22 12:38:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012/06/20 22:32:52 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{C2777247-6F69-44A6-AC72-DE9331B1BB12}
[2012/06/20 22:32:30 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{A4677517-BF4E-4025-B1DC-6E2AFA22ABEA}
[2012/06/20 22:30:23 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/20 11:38:59 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/20 11:36:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/06/20 11:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/06/20 11:27:11 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012/06/20 11:27:11 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012/06/20 11:27:09 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012/06/20 11:27:09 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012/06/20 11:25:54 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012/06/20 11:25:54 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012/06/16 23:28:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FriendsChecker
[2012/06/14 03:26:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/14 03:26:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/14 03:26:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/14 03:26:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/14 03:26:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/14 03:26:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/14 03:26:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/14 03:26:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 03:26:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/14 03:26:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 03:26:00 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/14 03:25:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 03:25:57 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 13:27:27 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 13:27:27 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/11 15:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/06/11 15:39:51 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/06/11 15:39:35 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/06/11 15:39:35 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/06/11 15:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/06/11 15:39:32 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/06/11 12:06:38 | 000,000,000 | R--D | C] -- C:\Users\Steve Penn Gerrard\Videos
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/28 04:00:01 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 04:00:01 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 03:58:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/28 03:44:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/28 00:33:01 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2012/06/27 22:02:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/27 22:02:53 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012/06/27 22:02:53 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2012/06/27 22:00:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2012/06/27 21:59:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/27 21:57:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/27 21:43:16 | 000,000,725 | ---- | M] () -- C:\Users\Steve Penn Gerrard\Desktop\NTREGOPT.lnk
[2012/06/27 21:43:16 | 000,000,706 | ---- | M] () -- C:\Users\Steve Penn Gerrard\Desktop\ERUNT.lnk
[2012/06/26 22:12:33 | 000,000,512 | ---- | M] () -- C:\Users\Steve Penn Gerrard\Pictures\Documents\MBR.dat
[2012/06/25 05:39:13 | 000,000,492 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/06/25 05:30:14 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2012/06/25 05:18:20 | 000,756,378 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/25 05:18:20 | 000,640,886 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/25 05:18:20 | 000,119,106 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/25 05:10:04 | 000,000,224 | ---- | M] () -- C:\Windows\SysWow64\9B13A86D.plf
[2012/06/25 01:01:08 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/25 01:01:08 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/06/25 01:01:08 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/06/25 01:01:08 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/06/25 01:01:07 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/06/24 19:18:22 | 000,110,592 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/24 18:34:28 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2012/06/24 18:11:59 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2012/06/24 02:09:46 | 000,000,297 | ---- | M] () -- C:\Windows\FreeAgent GoFlex Drive (F) - Shortcut.lnk
[2012/06/23 01:45:41 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 01:45:41 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/22 11:19:54 | 000,009,920 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\wklnhst.dat
[2012/06/20 22:24:57 | 000,000,680 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Local\d3d9caps.dat
[2012/06/20 22:19:34 | 002,342,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/20 22:15:06 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\One Click Privacy Scan.job
[2012/06/18 14:00:00 | 000,079,872 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/06/11 15:39:51 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/06/11 15:39:35 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/06/11 15:39:35 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/06/11 15:39:32 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/06/09 13:21:56 | 000,178,688 | ---- | M] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/02 18:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 18:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 18:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012/06/02 18:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012/06/02 18:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 18:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012/05/31 18:38:35 | 000,114,018 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\wlan-list.xml
[2012/05/31 18:38:33 | 000,001,892 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\providers.xml
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/27 21:43:16 | 000,000,725 | ---- | C] () -- C:\Users\Steve Penn Gerrard\Desktop\NTREGOPT.lnk
[2012/06/27 21:43:16 | 000,000,706 | ---- | C] () -- C:\Users\Steve Penn Gerrard\Desktop\ERUNT.lnk
[2012/06/26 22:12:33 | 000,000,512 | ---- | C] () -- C:\Users\Steve Penn Gerrard\Pictures\Documents\MBR.dat
[2012/06/25 05:30:23 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/06/25 05:11:46 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/06/25 05:11:46 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/06/25 05:11:42 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/25 05:11:39 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/06/25 05:10:04 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\9B13A86D.plf
[2012/06/25 04:21:02 | 000,000,492 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/06/25 04:20:49 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2012/06/25 03:35:09 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/24 18:34:28 | 000,000,000 | ---- | C] () -- C:\install.rdf
[2012/06/24 18:11:58 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/06/24 02:09:46 | 000,000,297 | ---- | C] () -- C:\Windows\FreeAgent GoFlex Drive (F) - Shortcut.lnk
[2012/06/20 22:30:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/20 11:36:21 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/06/20 11:35:27 | 000,001,243 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/06/20 11:33:56 | 000,001,053 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/06/20 11:32:40 | 000,002,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/05/15 14:35:20 | 000,001,892 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\providers.xml
[2012/03/30 08:49:57 | 000,751,784 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/27 19:54:08 | 000,114,018 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\wlan-list.xml
[2012/03/11 18:35:27 | 000,000,211 | ---- | C] () -- C:\Users\Steve Penn Gerrard\CD Drive - Shortcut.lnk
[2012/01/15 16:13:16 | 000,000,000 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Local\{2ED6336F-2A32-403E-B77D-DA546F10AE98}
[2011/07/01 23:49:14 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Image Manipulation
[2011/07/01 23:49:14 | 000,000,268 | RH-- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Hybrid Morph
[2011/07/01 23:49:14 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2011/07/01 23:49:14 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Sample Delay
[2010/08/29 19:31:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010/08/29 02:11:49 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Core Data Application
[2010/08/29 02:11:49 | 000,000,268 | RH-- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Configure Folder Actions
[2010/08/29 02:11:48 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/08/29 02:11:48 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Devices
[2010/08/29 02:09:19 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Contents
[2010/08/29 02:09:19 | 000,000,268 | RH-- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Compressor
[2010/08/29 02:09:19 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/08/29 02:09:19 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Database
[2010/08/25 08:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 08:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 08:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 07:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 07:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/06 17:09:36 | 000,156,522 | ---- | C] () -- C:\Users\Steve Penn Gerrard\PA140007.jpg
[2010/06/28 08:35:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\Hybrid Morph
[2010/06/28 08:35:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\ColorTable
[2010/06/28 08:35:12 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Image Units
[2010/06/28 08:35:12 | 000,000,268 | RH-- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Hybrid Synthesizers
[2010/06/28 08:35:12 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Sampler Files
[2010/05/11 04:45:25 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2009/09/02 05:34:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/09 23:56:43 | 000,009,920 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\wklnhst.dat
[2009/05/31 13:23:16 | 000,000,680 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Local\d3d9caps.dat
[2008/12/26 21:21:34 | 000,024,786 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\UserTile.png
[2008/11/21 09:32:08 | 000,110,592 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0

< End of report >

#6
jeffce

Posted 28 June 2012 - 05:50 AM

Trusted Helper

Malware Removal
216 posts

Hmmmmm....looks like the fix did not take. Please follow the instructions that I had provided earlier for OTL and post the new logs created after running the fix.

#7
Sirius Black

Posted 29 June 2012 - 10:37 AM

Member

Topic Starter
Member
77 posts

Here is the log from the new OTL scan.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5963db80-6910-e734-3d61-9e997c263db5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5963db80-6910-e734-3d61-9e997c263db5}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D75CCC30-8AE6-4780-80EB-58543F5FD096}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D75CCC30-8AE6-4780-80EB-58543F5FD096}\ not found.
Prefs.js: "http://search.yahoo....-8&fr=ytff-&p=" removed from browser.search.defaulturl
Prefs.js: "moz2-ytff-yma3" removed from browser.search.param.yahoo-fr
Prefs.js: "moz2-ytff-yma3" removed from browser.search.param.yahoo-fr-cjkt
Prefs.js: "http://www.search.ya...9,16695,0,16,0" removed from browser.startup.homepage
Prefs.js: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.3.0 removed from extensions.enabledItems
Prefs.js: [email protected]:1.0 removed from extensions.enabledItems
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\FriendsChecker\Firefox\ not found.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\components folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\searchbar folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\options folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\lib\radio folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\lib\debugbar folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin\lib folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\skin folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\data\weather folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\data\search folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\data\rss folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\data\dynamicElements folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\data folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\widgets folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\newtab\images folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\newtab folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\modules folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content\lib folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome\content folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237}\chrome folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{f409caa5-db4f-48aa-a238-ca307c481237} folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\[email protected]\chrome\content\inline folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\[email protected]\chrome\content\images folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\[email protected] folder moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\searchplugins\bing-zugo.xml moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\searchplugins\search-here.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\NPAskSBr.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\ deleted successfully.
C:\Program Files (x86)\FriendsChecker\IE\common.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f409caa5-db4f-48aa-a238-ca307c481237}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f409caa5-db4f-48aa-a238-ca307c481237}\ deleted successfully.
C:\Program Files (x86)\usjobsearchtoolbar\vmntemplateX.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b278d9f8-0fa9-465e-9938-0c392605d8e3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b278d9f8-0fa9-465e-9938-0c392605d8e3}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f409caa5-db4f-48aa-a238-ca307c481237} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f409caa5-db4f-48aa-a238-ca307c481237}\ not found.
File C:\Program Files (x86)\usjobsearchtoolbar\vmntemplateX.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{019d59e6-b826-11dd-ae45-00e0b8e97967}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{019d59e6-b826-11dd-ae45-00e0b8e97967}\ not found.
File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{019d59e6-b826-11dd-ae45-00e0b8e97967}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{019d59e6-b826-11dd-ae45-00e0b8e97967}\ not found.
File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2307503e-94c2-11df-aded-00e0b8e97967}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2307503e-94c2-11df-aded-00e0b8e97967}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23075051-94c2-11df-aded-00e0b8e97967}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23075051-94c2-11df-aded-00e0b8e97967}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f0ee8d0-a163-11de-b290-00e0b8e97967}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f0ee8d0-a163-11de-b290-00e0b8e97967}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f0ee8d0-a163-11de-b290-00e0b8e97967}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f0ee8d0-a163-11de-b290-00e0b8e97967}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76c3437f-4bd7-11df-b67f-00e0b8e97967}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76c3437f-4bd7-11df-b67f-00e0b8e97967}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76c3437f-4bd7-11df-b67f-00e0b8e97967}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76c3437f-4bd7-11df-b67f-00e0b8e97967}\ not found.
File "G:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad515ec4-9a17-11df-a117-00e0b8e97967}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad515ec4-9a17-11df-a117-00e0b8e97967}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba24ef74-79b7-11de-bc3f-00e0b8e97967}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba24ef74-79b7-11de-bc3f-00e0b8e97967}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba24ef74-79b7-11de-bc3f-00e0b8e97967}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba24ef74-79b7-11de-bc3f-00e0b8e97967}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5b8e884-9b03-11df-823c-001e101f859f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5b8e884-9b03-11df-823c-001e101f859f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5b8e890-9b03-11df-823c-001e101f859f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5b8e890-9b03-11df-823c-001e101f859f}\ not found.
C:\Program Files (x86)\FriendsChecker\IE folder moved successfully.
C:\Program Files (x86)\FriendsChecker\Firefox\chrome\content folder moved successfully.
C:\Program Files (x86)\FriendsChecker\Firefox\chrome folder moved successfully.
C:\Program Files (x86)\FriendsChecker\Firefox folder moved successfully.
C:\Program Files (x86)\FriendsChecker\Chrome\plugin folder moved successfully.
C:\Program Files (x86)\FriendsChecker\Chrome folder moved successfully.
C:\Program Files (x86)\FriendsChecker folder moved successfully.
C:\Windows\55A6283C638A4EE0B49151118554BDA2.TMP\WiseCustomCall.B664EDEE_333B_4F9C_A292_543773E07EFC.dll deleted successfully.
C:\Windows\55A6283C638A4EE0B49151118554BDA2.TMP\WiseCustomCall.DC36AC9D_A1D6_443F_974F_88211123A187.dll deleted successfully.
C:\Windows\55A6283C638A4EE0B49151118554BDA2.TMP\WiseCustomCalla.DC36AC9D_A1D6_443F_974F_88211123A187.dll deleted successfully.
C:\Windows\55A6283C638A4EE0B49151118554BDA2.TMP\WiseData.ini deleted successfully.
C:\Windows\55A6283C638A4EE0B49151118554BDA2.TMP folder deleted successfully.
C:\Users\Steve Penn Gerrard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\GetRightToGo folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Steve Penn Gerrard\Desktop\Incoming\cmd.bat deleted successfully.
C:\Users\Steve Penn Gerrard\Desktop\Incoming\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

User: Public

User: Steve Penn Gerrard
->Temp folder emptied: 80055361 bytes
->Temporary Internet Files folder emptied: 12053717 bytes
->Java cache emptied: 54479 bytes
->FireFox cache emptied: 26557480 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 38641 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 75140653 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 5495518 bytes

Total Files Cleaned = 190.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06292012_115617

Files\Folders moved on Reboot...
C:\Windows\temp\{68AA54C2-E2A6-4DC2-9DE4-8BB5712AC346}\{7F811A54-5A09-4579-90E1-C93498E230D9}\isrt.dll moved successfully.
C:\Windows\temp\{68AA54C2-E2A6-4DC2-9DE4-8BB5712AC346}\{7F811A54-5A09-4579-90E1-C93498E230D9}\_IsRes.dll moved successfully.
C:\Windows\temp\{68AA54C2-E2A6-4DC2-9DE4-8BB5712AC346}\{7F811A54-5A09-4579-90E1-C93498E230D9}\_ISUser.dll moved successfully.
C:\Windows\temp\{68AA54C2-E2A6-4DC2-9DE4-8BB5712AC346}\ISBEW64.exe moved successfully.
C:\Windows\temp\{28E3CDC2-2D73-4E47-9BC6-C6906073A46F}\_Setup.dll moved successfully.
C:\Windows\temp\acc2.rra moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Windows\temp\{68AA54C2-E2A6-4DC2-9DE4-8BB5712AC346}\{7F811A54-5A09-4579-90E1-C93498E230D9}\isrt.dll not found!
File C:\Windows\temp\{68AA54C2-E2A6-4DC2-9DE4-8BB5712AC346}\{7F811A54-5A09-4579-90E1-C93498E230D9}\_IsRes.dll not found!
File C:\Windows\temp\{68AA54C2-E2A6-4DC2-9DE4-8BB5712AC346}\{7F811A54-5A09-4579-90E1-C93498E230D9}\_ISUser.dll not found!
File C:\Windows\temp\{68AA54C2-E2A6-4DC2-9DE4-8BB5712AC346}\ISBEW64.exe not found!
File C:\Windows\temp\{28E3CDC2-2D73-4E47-9BC6-C6906073A46F}\_Setup.dll not found!
File C:\Windows\temp\acc2.rra not found!
[2012/06/29 12:11:17 | 000,000,098 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F

Registry entries deleted on Reboot...

#8
jeffce

Posted 29 June 2012 - 11:08 AM

Trusted Helper

Malware Removal
216 posts

Very nice!

Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

When you get the new OTL scan done be sure to post that please.

#9
Sirius Black

Posted 29 June 2012 - 01:09 PM

Member

Topic Starter
Member
77 posts

Here is the latest OTL scan.

OTL logfile created on: 6/29/2012 2:16:37 PM - Run 3
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Steve Penn Gerrard\Desktop\Incoming
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 50.10% Memory free
8.06 Gb Paging File | 6.08 Gb Available in Paging File | 75.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.44 Gb Total Space | 16.96 Gb Free Space | 15.22% Space Free | Partition Type: NTFS
Drive D: | 111.44 Gb Total Space | 35.04 Gb Free Space | 31.44% Space Free | Partition Type: NTFS
Drive E: | 7.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: STEVEPENNGER-PC | User Name: Steve Penn Gerrard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Steve Penn Gerrard\Desktop\Incoming\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo Wi-Finder.exe (Boingo Wireless)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Boingo\Boingo Wi-Finder\boingoex.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:64bit: - (ETService) -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (o2flash) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (epfw) -- C:\Windows\SysNative\DRIVERS\epfw.sys (ESET)
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\DRIVERS\epfwwfp.sys (ESET)
DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\DRIVERS\EpfwLWF.sys (ESET)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\DRIVERS\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\DRIVERS\ehdrv.sys (ESET)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RMCAST) RMCAST (Pgm) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys (Microsoft Corporation)
DRV:64bit: - (WPN111) -- C:\Windows\SysNative\DRIVERS\WPN111vx.sys (Atheros Communications, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (O2SDRDR) -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys (O2Micro )
DRV:64bit: - (O2MDRDR) -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys (O2Micro )
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8187Se) -- C:\Windows\SysNative\DRIVERS\RTL8187Se.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (UVCFTR) -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\WUSB54GCx64.sys (Ralink Technology Inc.)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (PCAMp50a64) -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\Drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...=1008&m=m-7315u
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...=1008&m=m-7315u
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{4408C5D3-D063-47B7-F412-10B06D154E1C}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{664E8AF9-8F70-463D-BADE-E3B21AF58FBB}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKCU\..\SearchScopes\{85BB23C7-0F67-4250-6758-200ACEDDE7FE}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://findgala.com/...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/06/24 19:25:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/11 15:40:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/11 15:38:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/29 11:56:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/11 15:39:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/06/24 19:25:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\FriendsChecker\Firefox\

[2008/12/21 23:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Extensions
[2012/06/29 12:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions
[2012/01/30 15:03:55 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/11/30 00:56:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/06 13:03:16 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2012/05/24 22:41:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/24 18:11:14 | 000,000,000 | ---D | M] (Fast Search by Surf Canyon) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2010/08/06 13:03:16 | 000,000,000 | ---D | M] (Answers) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2011/11/30 00:56:55 | 000,000,000 | ---D | M] (LinkedIn Companion for Firefox) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\{e2337727-f9c9-411b-929e-287584341d1a}
[2010/08/29 08:50:22 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\[email protected]
[2010/08/29 08:50:00 | 000,000,000 | ---D | M] (BetterLinks) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\[email protected]
[2012/06/29 12:42:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\staged
[2012/06/27 21:38:27 | 000,000,000 | ---D | M] (We-Care App) -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\extensions\wecarereminder@bryan
[2012/06/29 12:36:49 | 000,002,030 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Mozilla\Firefox\Profiles\2wkcs4z0.default\searchplugins\search-here.xml
[2012/06/25 01:10:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/25 01:10:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/06/25 00:53:10 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\STEVE PENN GERRARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2WKCS4Z0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/15 21:39:06 | 000,020,228 | ---- | M] () (No name found) -- C:\USERS\STEVE PENN GERRARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2WKCS4Z0.DEFAULT\EXTENSIONS\[email protected]
[2012/05/18 00:42:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/03/31 08:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\mozilla firefox\components\coFFPlgn.dll
[2010/10/06 20:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/06 20:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/11 15:39:41 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/05/18 00:42:21 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Ask Toolbar Plugin Stub (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPAskSBr.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Steve Penn Gerrard\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Steve Penn Gerrard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: We-Care Reminder Lite = C:\Users\Steve Penn Gerrard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.3_0\

O1 HOSTS File: ([2012/06/29 12:11:17 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SBCONVERT Class) - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files (x86)\SpeedBit Video Converter\Toolbar\SpeedBit_Video_Converter.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Converter\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Converter) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Converter\Toolbar\SpeedBit_Video_Converter.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Converter) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Converter\Toolbar\SpeedBit_Video_Converter.dll ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Boingo Wi-Finder] C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk ()
O4 - Startup: C:\Users\Steve Penn Gerrard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...7/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38B017D3-68AF-42B4-86E2-7F250B99FCFD}: DhcpNameServer = 172.26.38.1 172.26.38.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D705A8F-4DF8-46A6-8C8A-140AE72FA2F5}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB929EA8-D58E-4BF8-A08C-1C71420CAAAF}: DhcpNameServer = 200.63.56.3 200.63.56.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/27 21:57:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/27 21:43:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/27 21:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/06/27 21:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/06/25 05:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/25 05:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/25 05:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/25 05:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/25 05:32:59 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\Apple Computer
[2012/06/25 05:30:25 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\Apple
[2012/06/25 05:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/06/25 05:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/06/25 05:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/06/25 05:28:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/25 05:17:44 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Media Player Classic
[2012/06/25 05:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/06/25 05:11:42 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2012/06/25 05:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012/06/25 05:07:11 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012/06/25 05:07:11 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012/06/25 05:07:11 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012/06/25 05:07:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012/06/25 05:07:10 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012/06/25 05:07:10 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012/06/25 05:07:09 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012/06/25 05:07:09 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012/06/25 05:07:08 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012/06/25 05:07:08 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012/06/25 05:07:08 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012/06/25 05:07:08 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012/06/25 05:07:07 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012/06/25 05:07:07 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012/06/25 05:07:06 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012/06/25 05:07:06 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012/06/25 05:07:05 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012/06/25 05:07:05 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012/06/25 05:07:05 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012/06/25 05:07:05 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012/06/25 05:07:02 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012/06/25 05:07:02 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012/06/25 05:07:01 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012/06/25 05:07:01 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012/06/25 05:06:59 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2012/06/25 05:06:58 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012/06/25 05:06:58 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012/06/25 05:06:58 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012/06/25 05:06:58 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2012/06/25 05:06:48 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2012/06/25 05:06:48 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012/06/25 05:06:47 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2012/06/25 05:06:47 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012/06/25 05:06:46 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2012/06/25 05:06:46 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2012/06/25 05:06:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012/06/25 05:06:46 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2012/06/25 05:06:44 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2012/06/25 05:06:44 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2012/06/25 05:06:43 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2012/06/25 05:06:43 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012/06/25 05:06:43 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012/06/25 05:06:42 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2012/06/25 05:06:42 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2012/06/25 05:06:41 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012/06/25 05:06:41 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012/06/25 05:06:41 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2012/06/25 05:06:41 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012/06/25 05:06:41 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2012/06/25 05:06:41 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012/06/25 05:06:40 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2012/06/25 05:06:40 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012/06/25 05:06:39 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012/06/25 05:06:39 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012/06/25 05:06:39 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012/06/25 05:06:39 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012/06/25 05:06:37 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012/06/25 05:06:37 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012/06/25 05:06:37 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012/06/25 05:06:37 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012/06/25 05:06:36 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012/06/25 05:06:36 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012/06/25 05:06:36 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012/06/25 05:06:36 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012/06/25 05:06:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012/06/25 05:06:35 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012/06/25 05:06:34 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012/06/25 05:06:34 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012/06/25 05:06:34 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012/06/25 05:06:34 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012/06/25 05:06:33 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012/06/25 05:06:33 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012/06/25 05:06:32 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2012/06/25 05:06:32 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012/06/25 05:06:32 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2012/06/25 05:06:32 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012/06/25 05:06:31 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012/06/25 05:06:31 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2012/06/25 05:06:30 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2012/06/25 05:06:30 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012/06/25 05:06:29 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2012/06/25 05:06:29 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012/06/25 05:06:29 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2012/06/25 05:06:29 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012/06/25 05:06:27 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2012/06/25 05:06:27 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2012/06/25 05:06:26 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2012/06/25 05:06:26 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012/06/25 05:06:25 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012/06/25 05:06:25 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2012/06/25 05:06:24 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2012/06/25 05:06:24 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012/06/25 05:06:23 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2012/06/25 05:06:23 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012/06/25 05:06:23 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2012/06/25 05:06:23 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012/06/25 05:06:21 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2012/06/25 05:06:21 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2012/06/25 05:06:18 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2012/06/25 05:06:18 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012/06/25 05:06:15 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2012/06/25 05:06:15 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2012/06/25 05:06:15 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2012/06/25 05:06:15 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012/06/25 05:06:14 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2012/06/25 05:06:14 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012/06/25 05:06:12 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2012/06/25 05:06:12 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012/06/25 05:06:10 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012/06/25 05:06:10 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012/06/25 05:06:10 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2012/06/25 05:06:10 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012/06/25 05:06:08 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2012/06/25 05:06:08 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012/06/25 05:06:03 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2012/06/25 05:06:03 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012/06/25 05:06:03 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2012/06/25 05:06:03 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2012/06/25 05:06:02 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012/06/25 05:06:02 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012/06/25 05:06:02 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2012/06/25 05:06:02 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012/06/25 05:06:01 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2012/06/25 05:06:01 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012/06/25 05:06:00 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2012/06/25 05:06:00 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012/06/25 05:05:58 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012/06/25 05:05:58 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012/06/25 05:05:58 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2012/06/25 05:05:58 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012/06/25 05:05:58 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2012/06/25 05:05:58 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012/06/25 05:05:57 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2012/06/25 05:05:57 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012/06/25 05:05:55 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2012/06/25 05:05:55 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012/06/25 05:05:52 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2012/06/25 05:05:52 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012/06/25 05:05:52 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2012/06/25 05:05:52 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012/06/25 05:05:32 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2012/06/25 05:05:32 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012/06/25 05:05:32 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2012/06/25 05:05:32 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012/06/25 05:05:30 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012/06/25 05:05:30 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012/06/25 05:05:29 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2012/06/25 05:05:29 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012/06/25 05:05:27 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2012/06/25 05:05:27 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012/06/25 05:05:25 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2012/06/25 05:05:25 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012/06/25 05:05:25 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2012/06/25 05:05:25 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012/06/25 05:05:18 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2012/06/25 05:05:18 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012/06/25 05:05:13 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2012/06/25 05:05:13 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2012/06/25 05:05:10 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2012/06/25 05:05:10 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012/06/25 05:05:10 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2012/06/25 05:05:10 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012/06/25 05:05:08 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012/06/25 05:05:08 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012/06/25 05:05:07 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2012/06/25 05:05:07 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012/06/25 05:05:06 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2012/06/25 05:05:06 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012/06/25 05:05:05 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2012/06/25 05:05:05 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012/06/25 05:05:03 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2012/06/25 05:05:03 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012/06/25 05:05:02 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2012/06/25 05:05:02 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012/06/25 04:57:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/06/25 04:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2012/06/25 04:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012/06/25 04:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2012/06/25 04:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2012/06/25 04:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Cached Installations
[2012/06/25 03:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\One Click Privacy
[2012/06/25 03:33:54 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\Adobe
[2012/06/25 03:28:51 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/06/25 03:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/06/25 03:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/06/25 02:42:31 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/06/25 02:37:23 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{83E9B2FF-8111-42C3-8A27-E18967A63979}
[2012/06/25 01:10:07 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/06/25 01:10:07 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/06/25 01:10:07 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/06/25 01:02:04 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/25 01:02:04 | 000,839,096 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/06/25 01:02:04 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/06/25 01:01:41 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/06/25 01:01:41 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/06/25 01:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/25 00:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012/06/24 19:30:52 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Roaming\ESET
[2012/06/24 19:30:52 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\ESET
[2012/06/24 19:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/06/24 19:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/24 19:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/06/24 19:20:47 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\Desktop\Incoming
[2012/06/24 18:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/24 18:50:59 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\Macromedia
[2012/06/24 10:16:46 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{A216D63F-E4C4-47FB-9844-FD41DC7BD0FE}
[2012/06/24 10:16:14 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{29473B53-FDD0-4BE9-8336-374E35AA3DD9}
[2012/06/24 02:11:12 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{CF985310-8A79-4162-A76E-2635EC08A1A5}
[2012/06/24 02:08:58 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{726B777B-2B50-41A1-B3FB-F042AADB2255}
[2012/06/24 02:08:15 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{49AAF78C-49AA-4D66-A5FA-E09613AB42ED}
[2012/06/24 02:03:43 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{A130A523-2842-49C1-8D7E-A12A3DC6BA0A}
[2012/06/24 02:00:52 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{E5F452E8-868D-4D1B-A5BF-5D6CC04287A5}
[2012/06/22 12:39:26 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/22 12:39:26 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/22 12:39:26 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/22 12:38:50 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/22 12:38:50 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012/06/22 12:38:50 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/22 12:38:50 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012/06/22 12:38:50 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/22 12:38:50 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012/06/22 12:38:33 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/22 12:38:33 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012/06/22 12:38:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/22 12:38:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012/06/20 22:32:52 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{C2777247-6F69-44A6-AC72-DE9331B1BB12}
[2012/06/20 22:32:30 | 000,000,000 | ---D | C] -- C:\Users\Steve Penn Gerrard\AppData\Local\{A4677517-BF4E-4025-B1DC-6E2AFA22ABEA}
[2012/06/20 22:30:23 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/20 11:38:59 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/20 11:36:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/06/20 11:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/06/20 11:27:11 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012/06/20 11:27:11 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012/06/20 11:27:09 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012/06/20 11:27:09 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012/06/20 11:25:54 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012/06/20 11:25:54 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012/06/14 03:26:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/14 03:26:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/14 03:26:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/14 03:26:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/14 03:26:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/14 03:26:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/14 03:26:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/14 03:26:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 03:26:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/14 03:26:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 03:26:00 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/14 03:25:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 03:25:57 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 13:27:27 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 13:27:27 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/11 15:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/06/11 15:39:51 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/06/11 15:39:35 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/06/11 15:39:35 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/06/11 15:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/06/11 15:39:32 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/06/11 12:06:38 | 000,000,000 | R--D | C] -- C:\Users\Steve Penn Gerrard\Videos

========== Files - Modified Within 30 Days ==========

[2012/06/29 13:58:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/29 13:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/29 12:35:34 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/29 12:35:33 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012/06/29 12:35:33 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2012/06/29 12:24:19 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 12:24:19 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 12:23:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2012/06/29 12:23:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/29 12:12:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/29 12:11:17 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/28 00:33:01 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2012/06/27 21:43:16 | 000,000,725 | ---- | M] () -- C:\Users\Steve Penn Gerrard\Desktop\NTREGOPT.lnk
[2012/06/27 21:43:16 | 000,000,706 | ---- | M] () -- C:\Users\Steve Penn Gerrard\Desktop\ERUNT.lnk
[2012/06/26 22:12:33 | 000,000,512 | ---- | M] () -- C:\Users\Steve Penn Gerrard\Pictures\Documents\MBR.dat
[2012/06/25 05:39:13 | 000,000,492 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/06/25 05:30:14 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2012/06/25 05:18:20 | 000,756,378 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/25 05:18:20 | 000,640,886 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/25 05:18:20 | 000,119,106 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/25 05:10:04 | 000,000,224 | ---- | M] () -- C:\Windows\SysWow64\9B13A86D.plf
[2012/06/25 01:01:08 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/25 01:01:08 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/06/25 01:01:08 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/06/25 01:01:08 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/06/25 01:01:07 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/06/24 18:34:28 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2012/06/24 18:11:59 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2012/06/24 02:09:46 | 000,000,297 | ---- | M] () -- C:\Windows\FreeAgent GoFlex Drive (F) - Shortcut.lnk
[2012/06/23 01:45:41 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 01:45:41 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/22 11:19:54 | 000,009,920 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\wklnhst.dat
[2012/06/20 22:24:57 | 000,000,680 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Local\d3d9caps.dat
[2012/06/20 22:19:34 | 002,342,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/20 22:15:06 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\One Click Privacy Scan.job
[2012/06/18 14:00:00 | 000,079,872 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/06/11 15:39:51 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/06/11 15:39:35 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/06/11 15:39:35 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/06/11 15:39:32 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/06/09 13:21:56 | 000,178,688 | ---- | M] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/02 18:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 18:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 18:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012/06/02 18:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012/06/02 18:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 18:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012/05/31 18:38:35 | 000,114,018 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\wlan-list.xml
[2012/05/31 18:38:33 | 000,001,892 | ---- | M] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\providers.xml

========== Files Created - No Company Name ==========

[2012/06/27 21:43:16 | 000,000,725 | ---- | C] () -- C:\Users\Steve Penn Gerrard\Desktop\NTREGOPT.lnk
[2012/06/27 21:43:16 | 000,000,706 | ---- | C] () -- C:\Users\Steve Penn Gerrard\Desktop\ERUNT.lnk
[2012/06/26 22:12:33 | 000,000,512 | ---- | C] () -- C:\Users\Steve Penn Gerrard\Pictures\Documents\MBR.dat
[2012/06/25 05:30:23 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/06/25 05:11:46 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/06/25 05:11:46 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/06/25 05:11:42 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/25 05:11:39 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/06/25 05:10:04 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\9B13A86D.plf
[2012/06/25 04:21:02 | 000,000,492 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/06/25 04:20:49 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2012/06/25 03:35:09 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/24 18:34:28 | 000,000,000 | ---- | C] () -- C:\install.rdf
[2012/06/24 18:11:58 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/06/24 02:09:46 | 000,000,297 | ---- | C] () -- C:\Windows\FreeAgent GoFlex Drive (F) - Shortcut.lnk
[2012/06/20 22:30:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/20 11:36:21 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/06/20 11:35:27 | 000,001,243 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/06/20 11:33:56 | 000,001,053 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/06/20 11:32:40 | 000,002,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/05/15 14:35:20 | 000,001,892 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\providers.xml
[2012/03/30 08:49:57 | 000,751,784 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/27 19:54:08 | 000,114,018 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\wlan-list.xml
[2012/03/11 18:35:27 | 000,000,211 | ---- | C] () -- C:\Users\Steve Penn Gerrard\CD Drive - Shortcut.lnk
[2012/01/15 16:13:16 | 000,000,000 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Local\{2ED6336F-2A32-403E-B77D-DA546F10AE98}
[2011/07/01 23:49:14 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Image Manipulation
[2011/07/01 23:49:14 | 000,000,268 | RH-- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Hybrid Morph
[2011/07/01 23:49:14 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2011/07/01 23:49:14 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Sample Delay
[2010/08/29 19:31:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010/08/29 02:11:49 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Core Data Application
[2010/08/29 02:11:49 | 000,000,268 | RH-- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Configure Folder Actions
[2010/08/29 02:11:48 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/08/29 02:11:48 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Devices
[2010/08/29 02:09:19 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Contents
[2010/08/29 02:09:19 | 000,000,268 | RH-- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Compressor
[2010/08/29 02:09:19 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/08/29 02:09:19 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Database
[2010/08/25 08:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 08:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 08:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 07:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 07:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/06 17:09:36 | 000,156,522 | ---- | C] () -- C:\Users\Steve Penn Gerrard\PA140007.jpg
[2010/06/28 08:35:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\Hybrid Morph
[2010/06/28 08:35:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\ColorTable
[2010/06/28 08:35:12 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Image Units
[2010/06/28 08:35:12 | 000,000,268 | RH-- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\Hybrid Synthesizers
[2010/06/28 08:35:12 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Sampler Files
[2010/05/11 04:45:25 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2009/09/02 05:34:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/09 23:56:43 | 000,009,920 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\wklnhst.dat
[2009/05/31 13:23:16 | 000,000,680 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Local\d3d9caps.dat
[2008/12/26 21:21:34 | 000,024,786 | ---- | C] () -- C:\Users\Steve Penn Gerrard\AppData\Roaming\UserTile.png

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0

< End of report >

#10
jeffce

Posted 29 June 2012 - 01:11 PM

Trusted Helper

Malware Removal
216 posts

Thanks...I will look it over as quick as I can. I am leaving to go close on the purchase of my new house.

#11
jeffce

Posted 01 July 2012 - 06:58 AM

Trusted Helper

Malware Removal
216 posts

Hi,

I apologize for any delay.

Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

----------

Please post the logs made by Malwarebytes and ESET to your next reply.

#12
Sirius Black

Posted 01 July 2012 - 12:39 PM

Member

Topic Starter
Member
77 posts

Here is the Malwarebytes log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.01.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Steve Penn Gerrard :: STEVEPENNGER-PC [administrator]

7/1/2012 12:08:54 PM
mbam-log-2012-07-01 (12-12-33)new

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216291
Time elapsed: 3 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Steve Penn Gerrard\AppData\Roaming\My Security Shield (Rogue.MySecurityShield) -> No action taken.

Files Detected: 2
C:\Users\Steve Penn Gerrard\AppData\Roaming\My Security Shield\cookies.sqlite (Rogue.MySecurityShield) -> No action taken.
C:\Users\Steve Penn Gerrard\AppData\Roaming\My Security Shield\Instructions.ini (Rogue.MySecurityShield) -> No action taken.

(end)

I ran the Eset Online Scanner but there wasn't a log produced.
Did I miss something?

#13
Sirius Black

Posted 01 July 2012 - 12:44 PM

Member

Topic Starter
Member
77 posts

Sorry, I just realized what I missed.
I did find the log file but it's very small.
It is the only log in the folder.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

#14
jeffce

Posted 01 July 2012 - 12:49 PM

Trusted Helper

Malware Removal
216 posts

Hi,

No, if there were no infections found by ESET there is not a log created.

Please run Malwarebytes again and remove the entries that are found and then post the new log. Also let me know how your system is running when you are done.

#15
Sirius Black

Posted 02 July 2012 - 10:04 AM

Member

Topic Starter
Member
77 posts

Ok, here is the log from the Malwarebytes scan.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.01.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Steve Penn Gerrard :: STEVEPENNGER-PC [administrator]

7/2/2012 11:55:36 AM
mbam-log-2012-07-02 (11-55-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216311
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Steve Penn Gerrard\AppData\Roaming\My Security Shield (Rogue.MySecurityShield) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\Steve Penn Gerrard\AppData\Roaming\My Security Shield\cookies.sqlite (Rogue.MySecurityShield) -> Quarantined and deleted successfully.
C:\Users\Steve Penn Gerrard\AppData\Roaming\My Security Shield\Instructions.ini (Rogue.MySecurityShield) -> Quarantined and deleted successfully.

(end)

Computer is a lot more stable and appears to be running fine.