quoting:
The site's security certificate is signed using a weak signature algorithm!
You attempted to reach mail.google.com, but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged, and the server may not be the server you expected (you may be communicating with an attacker).
You cannot proceed because the website operator has requested heightened security for this domain. /end quote
The https: in the address bar is crossed out with a red slash, and he padlock icon beside https: has a red X through it as well.
Here are OTL results:
OTL logfile created on: 7/30/2012 4:23:35 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\TROY\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.99 Gb Total Physical Memory | 4.85 Gb Available Physical Memory | 80.95% Memory free
11.98 Gb Paging File | 10.81 Gb Available in Paging File | 90.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.17 Gb Total Space | 461.42 Gb Free Space | 78.99% Space Free | Partition Type: NTFS
Drive D: | 11.90 Gb Total Space | 2.17 Gb Free Space | 18.21% Space Free | Partition Type: NTFS
Drive E: | 643.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: TROY-PC | User Name: TROY | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/30 16:23:12 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\TROY\Desktop\OTL.exe
PRC - [2012/06/24 10:58:44 | 000,013,824 | ---- | M] (Smartbar) -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.exe
========== Modules (No Company Name) ==========
MOD - [2012/07/09 23:09:00 | 000,438,296 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/09 23:08:59 | 003,972,120 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/09 23:07:22 | 000,140,328 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/09 23:07:21 | 000,262,184 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/09 23:07:19 | 002,386,984 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/09 21:17:27 | 009,255,112 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2012/06/24 10:58:42 | 000,022,528 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2012/06/24 10:58:38 | 000,028,672 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2012/06/24 10:58:36 | 001,282,560 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2012/06/24 10:57:50 | 000,007,168 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2012/06/24 10:57:46 | 000,536,064 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2012/06/24 10:57:26 | 000,048,640 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2012/06/24 10:57:18 | 000,072,704 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2012/06/24 10:57:08 | 000,013,312 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2012/06/24 10:57:06 | 000,325,632 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Resources.FilesManager.dll
MOD - [2012/06/24 10:57:06 | 000,061,952 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2012/06/24 10:57:06 | 000,018,944 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2012/06/24 10:57:06 | 000,010,240 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2012/06/24 10:57:06 | 000,007,168 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2012/06/24 10:57:04 | 000,012,288 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2012/06/24 10:57:00 | 000,074,752 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2012/06/24 10:57:00 | 000,040,960 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2012/06/24 10:57:00 | 000,009,728 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2012/06/24 10:57:00 | 000,006,144 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2012/06/24 10:57:00 | 000,005,632 | ---- | M] () -- C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2012/06/14 07:08:04 | 000,254,976 | ---- | M] () -- C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\plugins\npDefaultTabSearch.dll
MOD - [2012/06/14 07:06:18 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
MOD - [2012/06/14 07:06:17 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 07:05:52 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 07:05:46 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/10 21:21:06 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2012/06/10 21:21:05 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2012/05/09 03:39:21 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll
MOD - [2012/05/09 03:36:29 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/09 03:36:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/09 03:36:25 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 03:36:18 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/11/04 20:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/05/04 14:55:28 | 000,300,920 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\GManager.exe -- (GManager)
SRV - [2012/07/29 17:42:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 20:40:16 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/11 12:08:36 | 000,114,240 | ---- | M] (TODO: <Company name>) [Auto | Stopped] -- C:\Users\TROY\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/05/18 04:00:24 | 000,563,200 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012/01/04 23:24:50 | 000,793,048 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/05/03 19:13:18 | 000,199,296 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe -- (MCTDesktopSvr)
SRV - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Stopped] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe -- (NSL)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/03 15:06:52 | 000,168,192 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t1pusb64.sys -- (t1pusb64)
DRV:64bit: - [2011/04/22 13:09:06 | 000,117,376 | ---- | M] (Magic Control Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mctkmd64.sys -- (mctkmd)
DRV:64bit: - [2011/04/08 17:38:58 | 000,019,584 | ---- | M] (Magic Control Technology Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mctKmdldr64.sys -- (mctkmdldr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 09:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/16 06:32:14 | 006,112,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 13:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/11/22 10:25:12 | 000,055,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys -- (X5XSEx)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{CB31321C-0B65-4ADB-A88C-F8EDA6E38071}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{D0481FD4-3B82-4B1F-B972-70C1B257F67F}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\URLSearchHook: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{CB31321C-0B65-4ADB-A88C-F8EDA6E38071}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{D0481FD4-3B82-4B1F-B972-70C1B257F67F}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.genieo.com/?v=w3i8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.facebook....home.php?ref=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...q={searchTerms}
IE - HKCU\..\URLSearchHook: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...q={searchTerms}
IE - HKCU\..\SearchScopes\{4DA50A75-6112-4F1A-A553-9725D17E613A}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{7ABD5EFD-88A6-E9CE-80AE-DBCA8C52F41C}: "URL" = http://indy.startnow...eferrer:source}
IE - HKCU\..\SearchScopes\{8057843E-F848-4DC1-A428-025BBF32EA53}: "URL" = http://us.yhs4.searc...p={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{CB31321C-0B65-4ADB-A88C-F8EDA6E38071}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D0481FD4-3B82-4B1F-B972-70C1B257F67F}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....&fr=chr-offrhap
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files (x86)\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\TROY\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\TROY\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TROY\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TROY\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\TROY\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/09/26 04:19:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.7\coFFNST\ [2012/01/28 00:59:58 | 000,000,000 | ---D | M]
[2012/06/10 21:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TROY\AppData\Roaming\Mozilla\Extensions
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\TROY\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files (x86)\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\TROY\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: RivalGaming = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\adhmhclafdhfabmmglbcngpddpdeijgd\
CHR - Extension: Community Smartbar = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: Surf Canyon = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem\3.4.2_0\
CHR - Extension: YouTube = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: We-Care Reminder = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.25_0\
CHR - Extension: DefaultTab = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\
CHR - Extension: My Personal Homepage = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdibpcceojcijhomkdgiffflkgngmapf\2.6.430_0\
CHR - Extension: Gmail = C:\Users\TROY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (RivalGaming Games) - {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - C:\Users\TROY\AppData\Local\RivalGaming\RivalGaming.dll (RivalGaming)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\TROY\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll ()
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Produtools Manuals 2.1 Toolbar) - {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (Produtools Manuals 2.1 Toolbar) - {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [FDispPos] C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MCTDUtil] C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [Starter] C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\TROY\AppData\Local\Smartbar\Application\Smartbar.exe (Smartbar)
O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [FDPRO-501] C:\Program Files (x86)\Fighters\FighterLauncher.exe FDPRO File not found
O4 - HKCU..\Run: [GenieoSystemTray] C:\Users\TROY\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe ()
O4 - HKCU..\Run: [GenieoUpdaterService] C:\Users\TROY\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files (x86)\Registry Mechanic\RMTray.exe /H File not found
O4 - HKCU..\Run: [SansaDispatch] C:\Users\TROY\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [Smart PC Cleaner] C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe (Avanquest Software)
O4 - HKCU..\Run: [Start WingMan Profiler] File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.4.4 8.8.8.8 204.127.203.135 216.148.225.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D946C227-0260-468D-B37A-3777880DC02A}: DhcpNameServer = 8.8.4.4 8.8.8.8 204.127.203.135 216.148.225.135
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/03/20 15:35:58 | 000,184,414 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/09/26 12:32:24 | 000,000,037 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{58c1e7ef-a355-11de-aaa2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{58c1e7ef-a355-11de-aaa2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2001/03/20 15:35:58 | 000,184,414 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2001/03/20 15:35:58 | 000,184,414 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/30 16:23:15 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\TROY\Desktop\OTL.exe
[2012/07/30 16:08:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/30 13:57:47 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\TROY\Desktop\aswMBR.exe
[2012/07/30 13:39:23 | 000,000,000 | ---D | C] -- C:\Users\TROY\AppData\Roaming\Malwarebytes
[2012/07/30 13:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/30 13:39:16 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/30 13:39:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/30 13:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/14 08:43:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/08 20:15:56 | 000,000,000 | ---D | C] -- C:\Users\TROY\AppData\Local\Geckofx
[2012/07/08 20:15:49 | 000,000,000 | ---D | C] -- C:\Users\TROY\AppData\Roaming\Firefly Studios
[2012/07/08 20:15:47 | 000,000,000 | ---D | C] -- C:\Users\TROY\Documents\Stronghold Kingdoms
[2012/07/08 12:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/07/08 12:21:27 | 000,000,000 | ---D | C] -- C:\Users\TROY\AppData\Local\Conduit
[2012/07/08 12:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Produtools_Manuals_2.1
========== Files - Modified Within 30 Days ==========
[2012/07/30 16:23:12 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\TROY\Desktop\OTL.exe
[2012/07/30 16:10:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/30 16:10:07 | 529,182,719 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/30 16:09:33 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 16:09:33 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 16:02:52 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\RegPowerClean.job
[2012/07/30 16:02:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/30 16:02:47 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\RPCReminder.job
[2012/07/30 16:02:44 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012/07/30 16:02:36 | 000,002,703 | ---- | M] () -- C:\Windows\SysNative\GManager.ini
[2012/07/30 15:40:02 | 000,000,512 | ---- | M] () -- C:\Users\TROY\Documents\MBR.dat
[2012/07/30 13:58:25 | 000,044,607 | ---- | M] () -- C:\Users\TROY\Desktop\bootkit_remover.zip
[2012/07/30 13:57:47 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\TROY\Desktop\aswMBR.exe
[2012/07/30 06:51:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/30 06:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/30 06:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1643144743-2594041797-535586485-1000UA.job
[2012/07/30 05:34:02 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for TROY.job
[2012/07/30 05:00:02 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\RGames Updater.job
[2012/07/29 19:00:07 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/07/29 07:28:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1643144743-2594041797-535586485-1000Core.job
[2012/07/28 14:02:18 | 000,066,629 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.JPG
[2012/07/28 14:02:17 | 000,066,616 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.2
[2012/07/28 14:02:15 | 000,102,795 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.0
[2012/07/28 14:02:15 | 000,066,476 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.1
[2012/07/28 14:00:46 | 000,097,889 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0031.0
[2012/07/28 14:00:46 | 000,060,666 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0031.JPG
[2012/07/28 13:59:39 | 000,108,299 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0029.0
[2012/07/28 13:59:39 | 000,072,334 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0029.JPG
[2012/07/28 13:59:18 | 000,128,139 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0028.0
[2012/07/28 13:59:18 | 000,089,130 | ---- | M] () -- C:\Users\TROY\AppData\Local\tmpPDC_0028.JPG
[2012/07/12 13:24:45 | 000,002,395 | ---- | M] () -- C:\Users\TROY\Desktop\Google Chrome.lnk
[2012/07/11 03:26:53 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTROY.job
[2012/07/11 03:26:45 | 000,355,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2012/07/30 15:59:54 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U\00000008.@
[2012/07/30 15:40:02 | 000,000,512 | ---- | C] () -- C:\Users\TROY\Documents\MBR.dat
[2012/07/30 13:58:25 | 000,044,607 | ---- | C] () -- C:\Users\TROY\Desktop\bootkit_remover.zip
[2012/07/28 14:02:18 | 000,066,616 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.2
[2012/07/28 14:02:17 | 000,066,476 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.1
[2012/07/28 14:02:15 | 000,102,795 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.0
[2012/07/28 14:02:15 | 000,066,629 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0044.JPG
[2012/07/28 14:00:46 | 000,097,889 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0031.0
[2012/07/28 14:00:46 | 000,060,666 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0031.JPG
[2012/07/28 13:59:39 | 000,108,299 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0029.0
[2012/07/28 13:59:39 | 000,072,334 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0029.JPG
[2012/07/28 13:59:18 | 000,128,139 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0028.0
[2012/07/28 13:59:18 | 000,089,130 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0028.JPG
[2012/07/14 08:29:41 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U\80000032.@
[2012/07/14 08:29:40 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U\80000064.@
[2012/07/14 08:29:40 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\L\00000004.@
[2012/07/14 08:29:19 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U\80000000.@
[2012/07/14 08:29:16 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U\00000004.@
[2012/07/14 08:29:16 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\U\000000cb.@
[2012/06/11 12:03:24 | 000,425,984 | ---- | C] () -- C:\Windows\SysWow64\WinCMR.dll
[2012/06/10 21:17:29 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/02/11 18:07:12 | 001,697,492 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp107.JPG
[2012/02/11 15:46:40 | 000,064,033 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp100.1
[2012/02/11 15:46:38 | 000,086,681 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp100.0
[2012/02/11 15:46:38 | 000,064,048 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp100.JPG
[2012/02/11 15:40:43 | 000,010,650 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp311_navi.JPG
[2012/02/11 15:40:20 | 000,771,545 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp312.JPG
[2012/02/11 15:39:53 | 000,631,547 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp308.2
[2012/02/11 15:39:47 | 000,631,557 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp308.JPG
[2012/02/11 15:37:43 | 000,758,507 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 011.JPG
[2012/02/11 15:37:41 | 000,765,750 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 011.0
[2012/02/05 20:34:55 | 000,870,128 | ---- | C] () -- C:\Users\TROY\AppData\Roaming\mcs.rma
[2012/02/05 20:34:55 | 000,000,004 | ---- | C] () -- C:\Users\TROY\AppData\Roaming\E18E54
[2012/02/05 08:47:31 | 000,000,636 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012/01/16 17:00:10 | 000,430,080 | ---- | C] () -- C:\Windows\SysWow64\UDLL.dll
[2012/01/16 17:00:10 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\mctudll.dll
[2012/01/11 14:40:09 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\@
[2012/01/11 14:40:09 | 000,002,048 | -HS- | C] () -- C:\Users\TROY\AppData\Local\{27b1b8cc-524d-83b9-bf3f-f38c9d24b8ae}\@
[2011/11/19 17:16:11 | 000,000,286 | ---- | C] () -- C:\Windows\EReg213.dat
[2011/09/29 19:30:26 | 000,810,523 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp629.JPG
[2011/09/29 19:30:09 | 000,675,276 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp630.1
[2011/09/29 19:30:08 | 001,045,015 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp630.0
[2011/09/29 19:30:08 | 000,675,328 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp630.JPG
[2011/09/29 19:29:15 | 000,684,493 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp321.1
[2011/09/29 19:29:14 | 000,980,091 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp321.0
[2011/09/29 19:29:14 | 000,684,504 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp321.JPG
[2011/09/29 19:28:54 | 000,007,128 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp320_navi.JPG
[2011/09/29 19:28:53 | 000,687,811 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp320.JPG
[2011/09/29 19:27:55 | 000,796,070 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp314.1
[2011/09/29 19:27:54 | 001,310,252 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp314.0
[2011/09/29 19:27:54 | 000,796,071 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp314.JPG
[2011/08/28 16:36:32 | 000,000,315 | ---- | C] () -- C:\Windows\EReg192.dat
[2011/08/23 08:42:01 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2011/06/15 16:38:55 | 000,723,601 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp146.JPG
[2011/06/01 12:16:19 | 000,444,640 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.JPG
[2011/06/01 12:14:53 | 000,444,657 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.14
[2011/06/01 12:14:51 | 000,444,658 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.13
[2011/06/01 12:14:25 | 000,444,619 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.12
[2011/06/01 12:14:22 | 000,444,624 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.11
[2011/06/01 12:14:18 | 000,444,601 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.10
[2011/06/01 12:14:15 | 000,444,636 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.9
[2011/06/01 12:14:12 | 000,444,663 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.8
[2011/06/01 12:14:07 | 000,444,681 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.7
[2011/06/01 12:13:56 | 000,444,641 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.6
[2011/06/01 12:13:54 | 000,444,639 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.5
[2011/06/01 12:13:52 | 000,444,649 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.4
[2011/06/01 12:13:24 | 000,444,648 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.3
[2011/06/01 12:13:22 | 000,444,704 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.2
[2011/06/01 12:13:16 | 000,444,677 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.1
[2011/06/01 12:13:15 | 000,497,489 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEM DAY 2011.0
[2011/06/01 12:12:40 | 000,049,814 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpHIDDEN ACRES MEMORIAL DAY 2011.JPG
[2011/05/30 14:42:14 | 000,063,488 | ---- | C] () -- C:\Users\TROY\xobglu16.dll
[2011/05/30 14:42:14 | 000,023,552 | ---- | C] () -- C:\Users\TROY\xobglu32.dll
[2011/04/28 21:53:43 | 004,489,216 | ---- | C] () -- C:\ProgramData\EAW Deathstar.scr
[2011/04/17 08:35:07 | 000,003,482 | ---- | C] () -- C:\Users\TROY\AppData\Roaming\wklnhst.dat
[2011/04/07 18:55:27 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2011/04/07 18:35:47 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2011/04/02 20:05:10 | 000,240,850 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.JPG
[2011/04/02 20:05:08 | 000,240,869 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.12
[2011/04/02 20:05:08 | 000,240,850 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.13
[2011/04/02 20:05:06 | 000,240,869 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.11
[2011/04/02 20:05:05 | 000,240,864 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.10
[2011/04/02 20:05:02 | 000,240,852 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.9
[2011/04/02 20:05:00 | 000,240,869 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.8
[2011/04/02 20:04:58 | 000,240,880 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.7
[2011/04/02 20:04:56 | 000,240,873 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.6
[2011/04/02 20:04:53 | 000,240,872 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.5
[2011/04/02 20:04:38 | 000,240,890 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.4
[2011/04/02 20:04:37 | 000,245,423 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.3
[2011/04/02 20:04:36 | 000,240,835 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.2
[2011/04/02 20:04:35 | 000,242,560 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.1
[2011/04/02 20:04:28 | 000,551,110 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN0411.0
[2011/04/02 20:03:33 | 000,223,372 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN047.4
[2011/04/02 20:03:30 | 000,223,379 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN047.3
[2011/04/02 20:03:28 | 000,223,382 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN047.2
[2011/04/02 20:03:26 | 000,223,411 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN047.1
[2011/04/02 20:03:25 | 000,568,257 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN047.0
[2011/04/02 20:03:25 | 000,223,384 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC-JAN047.JPG
[2011/04/02 20:02:47 | 000,228,024 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0253.4
[2011/04/02 20:02:41 | 000,228,003 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0253.3
[2011/04/02 20:02:40 | 000,227,982 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0253.2
[2011/04/02 20:02:37 | 000,227,984 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0253.1
[2011/04/02 20:02:35 | 000,571,741 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPDC_0253.0
[2011/04/02 19:58:56 | 001,058,757 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp158.JPG
[2011/04/02 19:57:57 | 001,097,227 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp793.JPG
[2011/04/02 19:57:40 | 000,837,870 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp827.3
[2011/04/02 19:57:38 | 000,837,900 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp827.2
[2011/04/02 19:57:36 | 000,837,922 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp827.1
[2011/04/02 19:57:35 | 000,837,856 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp827.JPG
[2011/04/02 19:57:34 | 001,364,925 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp827.0
[2011/04/02 19:57:12 | 000,810,826 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp829.3
[2011/04/02 19:57:09 | 000,810,844 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp829.2
[2011/04/02 19:57:08 | 000,810,824 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp829.1
[2011/04/02 19:57:07 | 000,810,803 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp829.JPG
[2011/04/02 19:57:06 | 001,333,658 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp829.0
[2011/04/02 19:56:01 | 000,784,463 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp877.JPG
[2011/04/02 19:55:13 | 000,533,822 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp894.JPG
[2011/04/02 19:55:12 | 000,745,851 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp894.0
[2011/04/02 19:54:14 | 000,715,215 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp922.JPG
[2011/04/02 19:54:09 | 000,715,245 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp922.4
[2011/04/02 19:54:06 | 000,715,252 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp922.3
[2011/04/02 19:54:05 | 000,715,229 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp922.2
[2011/04/02 19:54:01 | 000,715,230 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp922.1
[2011/04/02 19:53:48 | 001,112,730 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp922.0
[2011/04/02 19:53:32 | 000,779,883 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923.4
[2011/04/02 19:53:30 | 000,779,867 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923.3
[2011/04/02 19:53:27 | 000,779,867 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923.2
[2011/04/02 19:53:25 | 000,779,880 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923.1
[2011/04/02 19:53:24 | 001,273,338 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923.0
[2011/04/02 19:53:24 | 000,779,878 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923.JPG
[2011/04/02 19:53:20 | 000,014,611 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp923_navi.JPG
[2011/04/02 19:53:06 | 000,977,320 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp924.4
[2011/04/02 19:53:05 | 000,977,269 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp924.3
[2011/04/02 19:53:02 | 000,977,347 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp924.2
[2011/04/02 19:52:59 | 000,977,368 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp924.1
[2011/04/02 19:52:58 | 001,650,395 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp924.0
[2011/04/02 19:52:58 | 000,977,285 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp924.JPG
[2011/04/02 19:52:18 | 000,952,469 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.5
[2011/04/02 19:52:16 | 000,952,509 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.4
[2011/04/02 19:52:13 | 000,952,492 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.3
[2011/04/02 19:52:10 | 000,952,536 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.2
[2011/04/02 19:52:09 | 000,952,526 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.1
[2011/04/02 19:52:06 | 001,567,533 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.0
[2011/04/02 19:52:06 | 000,952,466 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp925.JPG
[2011/04/02 19:51:41 | 000,816,426 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp926.1
[2011/04/02 19:51:40 | 000,816,346 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp926.JPG
[2011/04/02 19:51:39 | 001,343,776 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp926.0
[2011/04/02 19:51:17 | 000,817,989 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp929.3
[2011/04/02 19:51:15 | 000,818,034 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp929.2
[2011/04/02 19:51:12 | 000,818,053 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp929.1
[2011/04/02 19:51:09 | 001,367,397 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp929.0
[2011/04/02 19:51:09 | 000,817,989 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp929.JPG
[2011/04/02 19:50:45 | 000,825,847 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp930.4
[2011/04/02 19:50:44 | 000,825,832 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp930.3
[2011/04/02 19:50:42 | 000,825,800 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp930.2
[2011/04/02 19:50:40 | 000,825,880 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp930.1
[2011/04/02 19:50:38 | 001,384,564 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp930.0
[2011/04/02 19:50:38 | 000,825,837 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp930.JPG
[2011/04/02 19:50:07 | 000,668,731 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp931.1
[2011/04/02 19:50:06 | 001,074,798 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp931.0
[2011/04/02 19:50:06 | 000,668,666 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp931.JPG
[2011/04/02 19:49:46 | 000,992,933 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp932.3
[2011/04/02 19:49:44 | 000,992,938 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp932.2
[2011/04/02 19:49:41 | 000,992,960 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp932.1
[2011/04/02 19:49:37 | 000,993,025 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp932.JPG
[2011/04/02 19:49:36 | 001,676,542 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp932.0
[2011/04/02 19:49:15 | 001,019,917 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp933.3
[2011/04/02 19:49:14 | 001,019,948 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp933.2
[2011/04/02 19:49:12 | 001,019,915 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp933.1
[2011/04/02 19:49:11 | 001,019,935 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp933.JPG
[2011/04/02 19:49:10 | 001,731,616 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp933.0
[2011/04/02 19:48:35 | 000,840,600 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp935.1
[2011/04/02 19:48:34 | 000,840,566 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp935.JPG
[2011/04/02 19:48:33 | 001,398,459 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp935.0
[2011/04/02 19:48:11 | 001,302,707 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp936.3
[2011/04/02 19:48:09 | 001,302,785 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp936.2
[2011/04/02 19:48:02 | 001,302,823 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp936.1
[2011/04/02 19:48:00 | 002,229,102 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp936.0
[2011/04/02 19:48:00 | 001,302,711 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp936.JPG
[2011/04/02 19:47:37 | 001,242,833 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp937.3
[2011/04/02 19:47:35 | 001,242,866 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp937.2
[2011/04/02 19:47:33 | 001,242,872 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp937.1
[2011/04/02 19:47:32 | 001,242,762 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp937.JPG
[2011/04/02 19:47:31 | 002,137,055 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp937.0
[2011/04/02 19:46:59 | 000,908,440 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp944.3
[2011/04/02 19:46:58 | 000,908,473 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp944.2
[2011/04/02 19:46:54 | 000,908,505 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp944.1
[2011/04/02 19:46:53 | 001,508,898 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp944.0
[2011/04/02 19:46:53 | 000,908,407 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp944.JPG
[2011/04/02 19:46:16 | 000,978,536 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp950.1
[2011/04/02 19:46:15 | 000,978,493 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp950.JPG
[2011/04/02 19:46:14 | 001,624,216 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp950.0
[2011/04/02 19:44:29 | 001,195,691 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp955.1
[2011/04/02 19:44:27 | 001,942,867 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp955.0
[2011/04/02 19:44:27 | 001,195,632 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp955.JPG
[2011/04/02 19:43:02 | 001,020,360 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp960.3
[2011/04/02 19:43:01 | 001,020,400 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp960.2
[2011/04/02 19:42:58 | 001,020,353 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp960.1
[2011/04/02 19:42:56 | 001,616,715 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp960.0
[2011/04/02 19:42:56 | 001,020,387 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp960.JPG
[2011/04/02 19:40:36 | 001,190,781 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPICTURES 2004-2010 141.1
[2011/04/02 19:40:35 | 002,101,757 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPICTURES 2004-2010 141.0
[2011/04/02 19:40:35 | 001,190,638 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPICTURES 2004-2010 141.JPG
[2011/04/02 19:40:31 | 000,015,476 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPICTURES 2004-2010 141_navi.JPG
[2011/04/02 19:37:25 | 000,604,325 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPICTURES 2004-2010 217.JPG
[2011/04/02 19:37:24 | 000,831,836 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpPICTURES 2004-2010 217.0
[2011/04/02 19:36:48 | 000,724,594 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp307.1
[2011/04/02 19:36:46 | 001,091,748 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp307.0
[2011/04/02 19:36:46 | 000,724,584 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp307.JPG
[2011/04/02 19:36:08 | 000,631,585 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp308.1
[2011/04/02 19:36:06 | 000,985,886 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp308.0
[2011/04/02 19:35:45 | 000,605,060 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp311.1
[2011/04/02 19:35:44 | 000,879,030 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp311.JPG
[2011/04/02 19:35:20 | 000,771,618 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp312.1
[2011/04/02 19:35:18 | 001,215,884 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp312.0
[2011/04/02 19:34:59 | 000,761,730 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp313.1
[2011/04/02 19:34:56 | 000,761,718 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp313.JPG
[2011/04/02 19:34:55 | 001,252,384 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp313.0
[2011/04/02 19:34:36 | 000,881,082 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp315.5
[2011/04/02 19:34:33 | 000,881,080 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp315.4
[2011/04/02 19:34:27 | 000,714,192 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp315.1
[2011/04/02 19:34:25 | 001,076,798 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp315.0
[2011/04/02 19:34:25 | 000,714,130 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp315.JPG
[2011/03/14 11:28:15 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/10 10:05:27 | 000,696,824 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp394.JPG
[2011/03/10 10:00:26 | 001,562,560 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp288.JPG
[2011/03/10 10:00:26 | 000,017,930 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp288_navi.JPG
[2011/03/10 09:59:12 | 000,615,480 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp204.1
[2011/03/10 09:59:10 | 000,970,205 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp204.0
[2011/03/10 09:59:10 | 000,615,436 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp204.JPG
[2011/03/10 09:58:46 | 000,831,568 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp202.3
[2011/03/10 09:58:43 | 000,831,560 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp202.2
[2011/03/10 09:58:41 | 000,831,589 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp202.1
[2011/03/10 09:58:39 | 000,831,542 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp202.JPG
[2011/03/10 09:58:38 | 001,378,740 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp202.0
[2011/01/13 09:23:18 | 001,134,304 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp063.0
[2011/01/13 09:21:40 | 000,958,877 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp045.1
[2011/01/13 09:21:40 | 000,958,838 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp045.JPG
[2011/01/13 09:21:29 | 000,012,900 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp045_navi.JPG
[2011/01/13 09:20:01 | 001,481,949 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp045.0
[2011/01/13 09:16:17 | 001,766,267 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp046.JPG
[2010/12/30 02:03:25 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/09/27 10:40:27 | 000,033,363 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 015.3
[2010/09/27 10:40:27 | 000,033,338 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 015.2
[2010/09/27 10:40:26 | 000,033,363 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 015.1
[2010/09/27 10:40:25 | 000,052,568 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 015.JPG
[2010/09/27 10:40:25 | 000,052,568 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmpALL 015.0
[2010/08/15 03:26:16 | 000,000,290 | ---- | C] () -- C:\Windows\EReg220.dat
[2010/05/28 11:43:03 | 000,000,000 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp1094.JPG
[2010/05/28 11:43:03 | 000,000,000 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp1094.0
[2010/03/05 10:31:28 | 001,051,327 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp441.3
[2010/03/05 10:31:24 | 001,051,327 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp441.2
[2010/03/05 10:31:20 | 001,051,531 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp441.1
[2010/03/05 10:31:15 | 001,791,686 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp441.0
[2010/03/05 10:31:15 | 001,051,266 | ---- | C] () -- C:\Users\TROY\AppData\Local\tmp441.JPG
[2010/01/30 12:29:10 | 000,000,129 | ---- | C] () -- C:\Users\TROY\jagex_runescape_preferences2.dat
[2010/01/30 12:27:55 | 000,000,041 | ---- | C] () -- C:\Users\TROY\jagex_runescape_preferences.dat
========== LOP Check ==========
[2011/06/11 14:00:27 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Amazon
[2011/07/02 13:24:33 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Catalina Marketing Corp
[2012/06/11 12:08:33 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\DefaultTab
[2012/07/30 16:05:24 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Fighters
[2012/07/08 20:15:49 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Firefly Studios
[2010/11/18 22:55:47 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Gamelab
[2012/06/10 21:20:56 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Genieo
[2009/12/31 23:32:10 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Hulabee
[2012/02/01 20:43:21 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\iWin
[2011/12/26 20:52:15 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Leadertech
[2012/06/10 21:03:57 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\MusicOasis
[2009/12/28 14:13:00 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\PictureMover
[2012/01/21 11:58:53 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Product_RM
[2012/01/21 17:14:16 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Registry Mechanic
[2010/01/13 09:45:21 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\SanDisk
[2010/01/05 15:44:04 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\School Zone Preferences
[2012/06/10 21:47:19 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Smart PC Cleaner
[2011/07/14 04:01:15 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Smilebox
[2011/04/17 08:35:08 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Template
[2011/03/21 19:34:02 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\The Creative Assembly
[2010/12/10 07:56:51 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\WildTangentv1001
[2010/01/08 18:22:44 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\WinBatch
[2011/03/14 12:07:34 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\Windows Live Writer
[2010/06/15 00:44:03 | 000,000,000 | ---D | M] -- C:\Users\TROY\AppData\Roaming\YoudaGames
[2012/07/30 16:02:44 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job
[2012/06/30 11:23:48 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/07/30 16:02:52 | 000,000,458 | ---- | M] () -- C:\Windows\Tasks\RegPowerClean.job
[2012/07/30 05:00:02 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\RGames Updater.job
[2012/07/29 19:00:07 | 000,000,266 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2012/07/30 16:02:47 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\RPCReminder.job
[2012/01/24 11:32:44 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:FA7CDE12
< End of report >
And the OTL extras log file:
OTL Extras logfile created on: 7/30/2012 4:23:35 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\TROY\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.99 Gb Total Physical Memory | 4.85 Gb Available Physical Memory | 80.95% Memory free
11.98 Gb Paging File | 10.81 Gb Available in Paging File | 90.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.17 Gb Total Space | 461.42 Gb Free Space | 78.99% Space Free | Partition Type: NTFS
Drive D: | 11.90 Gb Total Space | 2.17 Gb Free Space | 18.21% Space Free | Partition Type: NTFS
Drive E: | 643.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: TROY-PC | User Name: TROY | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E8AD1B5-C081-4A95-A038-693752D38532}" = Community Smartbar
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1EF75089-392B-4771-B791-17316E27EBA6}" = Real War Rogue States
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43F1F130-66ED-4D50-8475-393312149C5D}" = Youda Legend The Curse of the Amsterdam Diamond
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{5188D24B-9003-41B9-BC5D-7FEBA5C8F3AE}" = Dirt Track Racing 2
"{5411B815-2958-4F4F-B985-AFF0C38A15B2}" = Youda Marina
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5C13AD07-5129-11D5-96DB-AE99AF79C743}" = Bob the Builder - Bob Builds a Park
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6972FD5E-01D0-4742-8EB0-A0D351CF28FF}" = Governor of Poker
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6D1C9920-3309-11D4-9B62-004005E1220F}" = BANG! Gunship Elite
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B33A30A-FE01-4BA1-858F-ACB80EABBD25}_is1" = Pacific Storm
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}" = SEE2 UV150 11.05.0505.1159
"{82B811D7-0B86-45C7-A854-B785CCB3256A}" = WingMan Software
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{856480C9-2428-15E1-97BC-685EE2A7B8E6}" = MusicOasis
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8D267873-6944-4E4F-9158-F702392112D9}" = Compublox
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{987F1753-1F42-4DF2-A5EA-0CCB777F3EB0}" = CWA Reminder by We-Care.com v4.0.19.3
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A34CCD1C-7738-47B9-863D-8E0C478FB8F7}" = Dora the Explorer: Animal Adventures
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C2B9C70F-165E-450D-9EC1-F7B160016291}" = Living 3D Dolphin
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CA256FA1-4CF9-492C-98A6-6E451F83AEC3}" = Youda Farmer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster for Battlefield Vietnam
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = THE SETTLERS - Rise of an Empire
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA7D60ED-9ED3-48F5-8F18-5B5B6663B229}" = Desert Storm
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EEE76149-DC7F-4D3E-B021-6152DF574FA6}" = Petz Horsez 2
"{EFF44B4A-5485-4690-8993-E9B7E19599A0}" = Hunting Unlimited 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activision_CWUninstallKey" = The History Channel Civil War
"Activision_HG2UninstallKey" = Heavy Gear 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires 2.0" = Microsoft Age of Empires II
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"Ballerburg_is1" = Ballerburg
"Battle For Troy" = Battle For Troy
"Beginning Sounds" = Beginning Sounds
"Best Buy Digital Music Store" = Best Buy Digital Music Store
"BFGC" = Big Fish Games: Game Manager
"BFG-Diego Dinosaur Rescue" = Diego Dinosaur Rescue
"bflixtoolbar" = BFlix Toolbar
"Bird Hunter Wild Wings Edition" = Bird Hunter Wild Wings Edition
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DefaultTab" = DefaultTab
"DefaultTab Chrome" = DefaultTab Chrome
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"European Air War" = European Air War
"Flight Simulator 98" = Microsoft Flight Simulator 98
"Font Companion" = Font Companion
"Guild Wars" = Guild Wars
"Homepage Protection" = Homepage Protection
"HP Remote Solution" = HP Remote Solution
"iLivid" = iLivid
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InterActual Player" = InterActual Player
"iWinArcade" = iWin Games (remove only)
"Jewel Quest" = Jewel Quest (remove only)
"Jewel Quest 2" = Jewel Quest 2 (remove only)
"Jewel Quest Solitaire" = Jewel Quest Solitaire (remove only)
"Jewel Quest Solitaire II" = Jewel Quest Solitaire II (remove only)
"LEGO Rock Raiders" = LEGO Rock Raiders
"Lords of Magic Special Edition" = Lords of Magic Special Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Matchbox® Caterpillar® Construction Zone 2 Gold Mining CD-ROM" = Matchbox® Caterpillar® Construction Zone 2 Gold Mining CD-ROM
"McAfee Security Scan" = McAfee Security Scan Plus
"Monopoly Star Wars" = Monopoly Star Wars
"MusicOasis" = MusicOasis
"Network Play System (Patching)" = Network Play System (Patching)
"NSS" = Norton Security Scan
"NST" = Norton Safe Web Lite
"PhonicsTutor Classic" = PhonicsTutor Classic
"Product_Name" = Minnesota Cuke
"Produtools_Manuals_2.1 Toolbar" = Produtools Manuals 2.1 Toolbar
"Project Eden" = UnInstall Project Eden
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"RegPowerClean_is1" = Winferno Registry Power Cleaner
"Robin Hood: The Legend Of Sherwood" = Robin Hood: The Legend Of Sherwood
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"Shogun Total War" = Shogun Total War
"Smart PC Cleaner_is1" = Smart PC Cleaner v3.0
"Squad Leader" = Squad Leader
"Steam App 10500" = Empire: Total War
"Steam App 47410" = Stronghold Kingdoms
"The Operational Art of War: Century of Warfare" = The Operational Art of War: Century of Warfare
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Tonka Raceway" = Tonka Raceway
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-91f8c6c3-7c23-481f-8f83-d50626528b89" = Bob the Builder - Can-Do Carnival
"Yahoo! Companion" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"genieo" = Genieo
"Google Chrome" = Google Chrome
"Happy Tails Animal Shelter" = Happy Tails Animal Shelter
"RivalGaming" = RivalGaming
"Sansa Updater" = Sansa Updater
"Smilebox" = Smilebox
"SOE-Clone Wars" = Clone Wars
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/27/2011 11:23:39 PM | Computer Name = TROY-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.
Error - 10/27/2011 11:23:50 PM | Computer Name = TROY-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 10/28/2011 6:44:27 PM | Computer Name = TROY-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)
Error - 10/28/2011 6:44:27 PM | Computer Name = TROY-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)
Error - 10/28/2011 7:03:01 PM | Computer Name = TROY-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.
Error - 10/28/2011 7:03:32 PM | Computer Name = TROY-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 10/28/2011 7:52:33 PM | Computer Name = TROY-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.
Error - 10/28/2011 7:52:35 PM | Computer Name = TROY-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 10/28/2011 8:18:11 PM | Computer Name = TROY-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)
Error - 10/28/2011 8:18:11 PM | Computer Name = TROY-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)
[ Hewlett-Packard Events ]
Error - 8/16/2011 3:32:29 PM | Computer Name = TROY-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Error - 4/28/2012 6:10:14 PM | Computer Name = TROY-PC | Source = Hewlett-Packard | ID = 0
Description =
Error - 4/28/2012 6:10:14 PM | Computer Name = TROY-PC | Source = Hewlett-Packard | ID = 0
Description =
Error - 4/28/2012 6:10:15 PM | Computer Name = TROY-PC | Source = Hewlett-Packard | ID = 0
Description =
Error - 4/28/2012 6:10:15 PM | Computer Name = TROY-PC | Source = Hewlett-Packard | ID = 0
Description =
[ Media Center Events ]
Error - 4/27/2010 3:01:29 AM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 12:01:28 AM - Error connecting to the internet. 12:01:28 AM - Unable
to contact server..
Error - 4/27/2010 3:28:04 PM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 12:28:04 PM - Error connecting to the internet. 12:28:04 PM - Unable
to contact server..
Error - 4/27/2010 3:28:10 PM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 12:28:09 PM - Error connecting to the internet. 12:28:09 PM - Unable
to contact server..
Error - 4/28/2010 3:38:11 AM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 12:38:11 AM - Error connecting to the internet. 12:38:11 AM - Unable
to contact server..
Error - 4/28/2010 3:38:17 AM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 12:38:16 AM - Error connecting to the internet. 12:38:16 AM - Unable
to contact server..
Error - 4/28/2010 3:16:38 PM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 12:16:38 PM - Error connecting to the internet. 12:16:38 PM - Unable
to contact server..
Error - 4/28/2010 3:16:44 PM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 12:16:43 PM - Error connecting to the internet. 12:16:43 PM - Unable
to contact server..
Error - 4/29/2010 3:42:14 AM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 12:42:14 AM - Error connecting to the internet. 12:42:14 AM - Unable
to contact server..
Error - 4/29/2010 3:42:23 AM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 12:42:20 AM - Error connecting to the internet. 12:42:20 AM - Unable
to contact server..
Error - 4/29/2010 4:58:04 PM | Computer Name = TROY-PC | Source = MCUpdate | ID = 0
Description = 1:57:57 PM - Error connecting to the internet. 1:57:57 PM - Unable
to contact server..
[ System Events ]
Error - 7/30/2012 5:02:36 PM | Computer Name = TROY-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.
Error - 7/30/2012 5:02:38 PM | Computer Name = TROY-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060
Error - 7/30/2012 5:10:20 PM | Computer Name = TROY-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 7/30/2012 5:10:20 PM | Computer Name = TROY-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.
Error - 7/30/2012 5:10:20 PM | Computer Name = TROY-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.
Error - 7/30/2012 5:10:21 PM | Computer Name = TROY-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
discache MpFilter spldr Wanarpv6
Error - 7/30/2012 5:10:30 PM | Computer Name = TROY-PC | Source = DCOM | ID = 10005
Description =
Error - 7/30/2012 5:10:36 PM | Computer Name = TROY-PC | Source = DCOM | ID = 10005
Description =
Error - 7/30/2012 5:10:37 PM | Computer Name = TROY-PC | Source = DCOM | ID = 10005
Description =
Error - 7/30/2012 5:10:37 PM | Computer Name = TROY-PC | Source = DCOM | ID = 10005
Description =
< End of report >
And finally, since I started at the avast website before heading here, I have an aswMBR log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-30 15:13:49
-----------------------------
15:13:49.868 OS Version: Windows x64 6.1.7601 Service Pack 1
15:13:49.868 Number of processors: 2 586 0x170A
15:13:49.868 ComputerName: TROY-PC UserName: TROY
15:13:50.944 Initialize success
15:14:57.169 AVAST engine defs: 12073000
15:18:14.736 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:18:14.738 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
15:18:14.748 Disk 0 MBR read successfully
15:18:14.750 Disk 0 MBR scan
15:18:14.764 Disk 0 unknown MBR code
15:18:14.782 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:18:14.792 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 598194 MB offset 206848
15:18:14.830 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12184 MB offset 1225308160
15:18:14.874 Disk 0 scanning C:\Windows\system32\drivers
15:18:23.070 Service scanning
15:18:41.410 Modules scanning
15:18:41.418 Disk 0 trace - called modules:
15:18:41.430 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:18:41.434 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c9c060]
15:18:41.439 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800672f050]
15:18:42.938 AVAST engine scan C:\Windows
15:18:46.614 AVAST engine scan C:\Windows\system32
15:20:22.064 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:20:23.908 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:21:10.710 AVAST engine scan C:\Windows\system32\drivers
15:21:20.916 AVAST engine scan C:\Users\TROY
15:25:40.700 File: C:\Users\TROY\AppData\Local\RivalGaming\RivalGaming.dll **INFECTED** Win32:Malware-gen
15:25:40.800 File: C:\Users\TROY\AppData\Local\RivalGaming\Uninstaller.exe **INFECTED** Win32:Malware-gen
15:31:44.017 File: C:\Users\TROY\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\xpcomponent.dll **INFECTED** Win32:Malware-gen
15:34:14.734 AVAST engine scan C:\ProgramData
15:35:54.506 Scan finished successfully
15:40:02.105 Disk 0 MBR has been saved successfully to "C:\Users\TROY\Documents\MBR.dat"
15:40:02.111 The log file has been saved successfully to "C:\Users\TROY\Documents\aswMBR.txt"
Once again, many thanks to the folks providing support here @ GTG!