Trojan Access Trojan Gen 2 Removal Advice [Solved]
Started by
jmgoodwin74
, Sep 05 2012 01:34 PM
#1
Posted 05 September 2012 - 01:34 PM
#2
Posted 05 September 2012 - 01:51 PM
Attached you will find my OTL Log:
OTL logfile created on: 9/5/2012 3:38:05 PM - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Matt Goodwin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.87 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 39.15% Memory free
4.37 Gb Paging File | 1.43 Gb Available in Paging File | 32.68% Paging File free
Paging file location(s): c:\pagefile.sys 256 512
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.62 Gb Total Space | 4.45 Gb Free Space | 0.98% Space Free | Partition Type: NTFS
Computer Name: MATTGOODWIN-PC | User Name: Matt Goodwin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/05 15:36:06 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Matt Goodwin\Desktop\OTL.exe
PRC - [2012/08/15 09:48:42 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/05 18:50:30 | 000,295,304 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2012/07/05 18:41:08 | 007,392,136 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/06/08 11:32:44 | 000,531,928 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe
PRC - [2012/06/08 11:32:44 | 000,310,008 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe
PRC - [2012/06/08 11:32:44 | 000,211,104 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\MXTask2.exe
PRC - [2012/06/05 13:16:40 | 000,080,816 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe
PRC - [2012/05/04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/03/02 16:48:30 | 000,494,192 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/11/13 07:53:42 | 002,996,592 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
PRC - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
PRC - [2011/11/13 07:53:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
PRC - [2011/11/13 07:53:28 | 001,687,408 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
PRC - [2011/11/07 15:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
PRC - [2011/11/07 15:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010/11/20 08:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/03/03 10:41:40 | 000,053,248 | ---- | M] (HP) -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2009/12/02 15:51:12 | 000,136,192 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2009/09/22 14:30:42 | 000,632,096 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfPro5Hook.exe
PRC - [2009/09/10 00:53:10 | 000,027,736 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2009/09/10 00:42:44 | 000,142,424 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2009/08/11 15:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/07/29 00:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 23:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/13 19:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/08/31 09:59:28 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
========== Modules (No Company Name) ==========
MOD - [2012/08/02 18:09:26 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/08/02 18:08:09 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012/08/02 18:08:06 | 001,806,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
MOD - [2012/08/02 18:08:05 | 000,310,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2012/08/02 18:08:03 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/08/02 18:07:34 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/08/02 18:07:24 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/08/02 01:45:29 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/08/02 01:45:17 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/08/02 01:45:08 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/08/02 01:44:48 | 001,016,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ca1ff0fd5eade2211db56512252c0365\System.Configuration.ni.dll
MOD - [2012/08/02 01:44:45 | 005,767,680 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\6305ef37f34d6758947b5156121aa401\System.Xml.ni.dll
MOD - [2012/03/05 12:08:06 | 000,010,752 | ---- | M] () -- C:\windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll
MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/03/03 10:41:06 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPFaxUtilities.dll
MOD - [2010/03/03 10:41:04 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\Alerts.dll
MOD - [2010/03/03 10:40:50 | 000,516,096 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPAppTools.dll
MOD - [2010/03/03 10:40:48 | 000,840,192 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\PLSDMXMLObjects.dll
MOD - [2010/03/03 10:40:46 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\AppConstants.dll
MOD - [2010/03/03 10:40:44 | 000,130,560 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\DMBaseObjects.dll
MOD - [2010/03/03 10:40:44 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPToolkit.dll
MOD - [2010/03/03 10:40:42 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTools.dll
MOD - [2009/10/15 08:25:30 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\NativeUtils.dll
MOD - [2007/08/31 09:59:28 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPUsageTracking.dll
MOD - [2007/08/31 09:59:28 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
MOD - [2007/08/31 09:59:26 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPToolkit.dll
MOD - [2007/08/31 09:59:26 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\Enumeration.dll
MOD - [2007/08/31 09:59:10 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPTools.dll
MOD - [2007/08/31 09:59:04 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPStreamsInterface.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/03/02 16:52:08 | 001,125,488 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe -- (wsnm_usbctrl)
SRV:64bit: - [2012/03/02 16:48:30 | 000,494,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV:64bit: - [2009/09/17 16:41:36 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/08/11 20:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/05 18:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 15:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/08 13:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2012/08/15 10:48:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/05 18:41:08 | 007,392,136 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/06/08 11:32:44 | 000,531,928 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe -- (Fix-It Task Manager)
SRV - [2012/06/08 11:32:44 | 000,310,008 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe -- (.AVQWindowsMonitorService)
SRV - [2012/06/05 13:16:40 | 000,080,816 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe -- (AQFileRestoreSrv)
SRV - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/11/07 15:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/11/07 15:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/02 15:51:12 | 000,136,192 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/09/10 00:42:44 | 000,142,424 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009/08/10 23:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 23:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/07/26 01:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/02 16:52:08 | 000,048,240 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmwvusb.sys -- (vmwvusb)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/21 09:16:31 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/15 21:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/01/20 15:18:26 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV:64bit: - [2009/11/10 10:27:06 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2009/10/26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/02 13:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/27 12:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/07 09:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 23:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/28 22:24:12 | 000,081,408 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/24 19:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 21:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/10 10:45:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/07/04 23:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 12:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/06/29 20:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 14:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 21:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/07/16 17:29:33 | 000,023,064 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hpfx64fax.sys -- (HPFXFAX)
DRV:64bit: - [2007/07/16 17:29:23 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPFXBULK)
DRV:64bit: - [2007/01/18 16:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2012/08/31 20:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120901.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/22 09:12:27 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120905.002\ex64.sys -- (NAVEX15)
DRV - [2012/08/22 09:12:27 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/22 09:12:27 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120905.002\eng64.sys -- (NAVENG)
DRV - [2012/08/09 08:54:10 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/06/18 20:01:14 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120823.007\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E113DADB-2393-4213-91BA-105D4072AA4E}
IE:64bit: - HKLM\..\SearchScopes\{E113DADB-2393-4213-91BA-105D4072AA4E}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{576E30E7-120E-47A7-80FD-42325F4B5513}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2260173
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\..\URLSearchHook: {3bbd3c14-4c16-4989-8366-95bc9179779d} - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar....ale.underscore}
IE - HKCU\..\SearchScopes\{29311076-292B-4DB7-B34B-C01604B408CB}: "URL" = http://search.condui...&ctid=CT3201318
IE - HKCU\..\SearchScopes\{576E30E7-120E-47A7-80FD-42325F4B5513}: "URL" = http://www.google.co...&rlz=1I7TSNA_en
IE - HKCU\..\SearchScopes\{7351FD46-C273-4897-B664-A661BCE51A5E}: "URL" = http://search.freeca...p={searchTerms}
IE - HKCU\..\SearchScopes\{7545FDB5-E450-47EA-A7E0-AB1C5C1365AE}: "URL" = http://swagbucks.com...q={searchTerms}
IE - HKCU\..\SearchScopes\{A4C9B0F2-3EF3-4F88-A97A-4121A423F183}: "URL" = http://search.yahoo....33,17118,0,18,0
IE - HKCU\..\SearchScopes\{C570F98B-2728-4D63-A268-8C1F4E199788}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Matt Goodwin\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Matt Goodwin\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 17:26:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_12_1 [2012/09/04 11:05:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Matt Goodwin\AppData\Roaming\Move Networks [2010/05/24 13:48:45 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Matt Goodwin\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Matt Goodwin\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_1\
CHR - Extension: Angry Birds = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: 3D Baseball II = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlogndjagpkddpfdjehblbmkmkbpdnhh\1.0_0\
CHR - Extension: JDoodle Jump = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegnpclfpgemhfmgfobelglidonaopc\1.4_1\
CHR - Extension: Space Invaders = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkolofikfmgppihdahfkbgpdgkocapbp\1.4_0\
CHR - Extension: Poppit = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_1\
Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3BBD3C14-4C16-4989-8366-95BC9179779D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP LaserJet M1522 MFP Series Fax] C:\Program Files (x86)\HP\hp LaserJet M1522\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDFViewerPlus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" File not found
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...x-w32-2.0.2.cab (AlternaTIFF ActiveX)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (Reg Error: Key error.)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse...se/ghplayer.cab (GameHouse Games Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27ACFC9C-112C-4294-9376-BAD7D87427B2}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (wsauth) - C:\windows\SysNative\wsauth.dll (VMware, Inc.)
O30 - LSA: Security Packages - (wsauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/05 15:35:59 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Matt Goodwin\Desktop\OTL.exe
[2012/09/05 08:58:44 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 09-05-2012
[2012/09/04 10:10:07 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 09-04-2012
[2012/09/03 16:13:33 | 000,000,000 | ---D | C] -- C:\Firefox
[2012/09/03 16:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/09/03 16:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012/09/03 16:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/03 16:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/08/30 21:40:46 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-31-2012
[2012/08/30 10:59:55 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-30-2012
[2012/08/29 10:42:14 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-29-2012
[2012/08/28 10:21:53 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-28-2012
[2012/08/27 10:11:48 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-27-2012
[2012/08/24 11:04:44 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-24-2012
[2012/08/23 23:11:25 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/23 22:45:30 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/08/23 21:35:00 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/08/23 16:51:16 | 000,048,240 | ---- | C] (VMware, Inc.) -- C:\windows\SysNative\drivers\vmwvusb.sys
[2012/08/23 16:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2012/08/23 16:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2012/08/23 16:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
[2012/08/23 16:34:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/08/23 10:52:42 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-23-2012
[2012/08/22 13:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/22 13:41:17 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Roaming\DriverCure
[2012/08/22 13:41:13 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Roaming\SpeedyPC Software
[2012/08/22 13:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/08/22 13:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/22 10:35:36 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-22-2012
[2012/08/21 10:38:09 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-21-2012
[2012/08/20 10:56:16 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-20-2012
[2012/08/16 22:51:56 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-17-2012
[2012/08/16 09:47:39 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-16-2012
[2012/08/15 10:31:21 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
[2012/08/15 09:58:03 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-15-2012
[2012/08/14 15:07:44 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Local\NPE
[2012/08/14 11:07:17 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\FixZeroAccess.sys
[2012/08/14 10:03:28 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-14-2012
[2012/08/13 09:49:55 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-13-2012
[2012/08/12 21:48:53 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Local\visi_coupon
[2012/08/12 21:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2012/08/12 21:47:28 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\AI_RecycleBin
[2012/08/12 21:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/12 21:47:17 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Roaming\DefaultTab
[2012/08/12 21:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/08/12 21:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/08/10 14:27:11 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\My Scans
[7 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/09/05 15:36:06 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Matt Goodwin\Desktop\OTL.exe
[2012/09/05 14:59:06 | 000,000,000 | ---- | M] () -- C:\Users\Matt Goodwin\Documents\Nuance Image Printer Writer Port
[2012/09/05 14:48:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/05 14:06:13 | 000,732,477 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\211263.pdf
[2012/09/05 13:58:39 | 000,003,192 | ---- | M] () -- C:\{B5FA2FC5-682E-49AC-A9C3-1AB704E86A75}
[2012/09/05 10:10:49 | 000,003,168 | ---- | M] () -- C:\{88DC289C-1C9D-460E-8EDF-AF8D9299EDF9}
[2012/09/05 10:08:51 | 000,003,192 | ---- | M] () -- C:\{426B2890-CEB9-4AC5-93F3-EE7A28599302}
[2012/09/05 08:58:44 | 000,001,466 | -H-- | M] () -- C:\Users\Matt Goodwin\Documents\PP11Thumbs.ptn2
[2012/09/05 08:38:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/04 21:22:39 | 002,462,652 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/04 21:22:39 | 000,749,042 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/04 21:22:39 | 000,006,184 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/04 20:22:08 | 000,003,192 | ---- | M] () -- C:\{E112FD48-CED0-4D0C-9584-FBDC49C593E2}
[2012/09/04 15:06:33 | 000,003,192 | ---- | M] () -- C:\{64F3BD50-87EC-44EB-8BEF-B97D910168B6}
[2012/09/04 13:46:19 | 000,003,192 | ---- | M] () -- C:\{388FFD71-34A4-4DB8-BCC5-75492A71FECE}
[2012/09/04 13:13:27 | 000,003,168 | ---- | M] () -- C:\{0611CB42-BF1E-4090-A2BC-C3B79E66992A}
[2012/09/04 13:07:58 | 000,003,192 | ---- | M] () -- C:\{1AEA1DB9-A387-4D2D-8FAC-A0F8B4E50159}
[2012/09/04 12:55:10 | 000,003,192 | ---- | M] () -- C:\{435B21CD-EC98-40A6-92B0-EF2C3712B64B}
[2012/09/04 11:13:49 | 000,015,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/04 11:13:49 | 000,015,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/04 11:12:43 | 000,003,168 | ---- | M] () -- C:\{D5D548BA-E666-4CA1-A0D2-52CF45651A45}
[2012/09/04 11:02:53 | 3117,404,160 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/04 09:34:41 | 000,003,168 | ---- | M] () -- C:\{7799089E-E0B0-4429-9712-174BBCD61807}
[2012/09/03 15:51:13 | 000,003,168 | ---- | M] () -- C:\{1D2D849C-8EEB-482E-9953-F82581B13087}
[2012/08/30 15:32:01 | 000,003,168 | ---- | M] () -- C:\{93936D02-423B-4DAB-BC17-92A623552F3F}
[2012/08/30 13:17:02 | 000,003,168 | ---- | M] () -- C:\{31938262-EDFC-4ACE-AE35-6E632FB6236E}
[2012/08/30 13:07:43 | 000,003,168 | ---- | M] () -- C:\{76007194-A200-4AB9-AA21-2ECF29EEE6D4}
[2012/08/30 12:27:32 | 000,003,168 | ---- | M] () -- C:\{A5CA7C0F-9931-4115-9AEB-D88291E4125C}
[2012/08/30 10:55:19 | 000,003,168 | ---- | M] () -- C:\{345A6389-813B-4E25-A576-277D8C79AA9B}
[2012/08/30 10:53:35 | 000,003,192 | ---- | M] () -- C:\{BE03BC01-8873-41C8-900E-042464089E7F}
[2012/08/30 10:42:16 | 000,003,168 | ---- | M] () -- C:\{76B2AC76-E2A5-410A-BA81-0A11F2AE7042}
[2012/08/30 10:00:31 | 000,003,168 | ---- | M] () -- C:\{370C0DA4-BDE0-4694-BA49-3CA80E593737}
[2012/08/30 09:41:31 | 000,003,152 | ---- | M] () -- C:\{DB8E9FBC-AEA6-4143-ABED-A9E82C8275C0}
[2012/08/30 09:34:31 | 000,003,128 | ---- | M] () -- C:\{0B59A272-95DB-46F7-AF45-5DA35C51A8D4}
[2012/08/30 09:21:54 | 000,003,128 | ---- | M] () -- C:\{736B3B72-F853-4C7B-98F6-675516E28701}
[2012/08/30 08:30:25 | 000,003,128 | ---- | M] () -- C:\{02B0C4A6-F264-4142-8412-971E9285522A}
[2012/08/29 22:46:26 | 000,003,152 | ---- | M] () -- C:\{83A3C42D-5BA5-45D9-A7CF-A3BDA0062B4A}
[2012/08/29 22:32:39 | 000,003,128 | ---- | M] () -- C:\{310320F5-8E4E-4BAB-9761-AEB335A4377D}
[2012/08/29 22:17:09 | 000,003,128 | ---- | M] () -- C:\{5D9C7A1B-28CF-44EB-A362-D5689EB30C6A}
[2012/08/29 21:45:27 | 000,003,128 | ---- | M] () -- C:\{C87F3131-21BE-4CE3-993A-3215B9931ECF}
[2012/08/29 20:52:56 | 000,003,128 | ---- | M] () -- C:\{69951E90-408D-4B9C-ACA6-22D5FAE3FA3F}
[2012/08/29 18:30:22 | 000,003,128 | ---- | M] () -- C:\{F32460BE-E85B-4970-A4AC-D5EF451641A4}
[2012/08/29 18:27:07 | 000,003,128 | ---- | M] () -- C:\{89BEA620-732B-445F-8EB4-F21EE6910B96}
[2012/08/29 18:12:46 | 000,003,152 | ---- | M] () -- C:\{4F25CED8-9DB0-40A8-A1B2-395712CE4696}
[2012/08/29 17:17:57 | 000,003,152 | ---- | M] () -- C:\{1C448458-BA17-47ED-9729-2DDAA3B857F4}
[2012/08/29 17:15:11 | 000,003,128 | ---- | M] () -- C:\{38639907-009A-49AE-90A0-9D3497AC1EBA}
[2012/08/29 17:12:40 | 000,003,128 | ---- | M] () -- C:\{97A1072A-670B-4A7B-A3EF-D70320278FC9}
[2012/08/29 17:00:34 | 000,003,128 | ---- | M] () -- C:\{1CB26035-99AF-40FF-9D06-8EA2DDF2A5E8}
[2012/08/29 16:45:30 | 000,003,128 | ---- | M] () -- C:\{420C844B-F5F4-4889-83B2-46A66229C251}
[2012/08/29 14:09:26 | 000,003,128 | ---- | M] () -- C:\{C777B7B6-A64E-4B9B-9146-101458A4E4AB}
[2012/08/29 14:03:37 | 000,003,128 | ---- | M] () -- C:\{354F6235-80AD-48A7-B6D4-4C15643080C2}
[2012/08/29 13:39:47 | 000,003,128 | ---- | M] () -- C:\{5C553A34-1088-464B-8EB9-3D97A2A294E7}
[2012/08/29 13:34:34 | 000,003,128 | ---- | M] () -- C:\{57DE245F-655C-4571-95BF-2ED2761617F6}
[2012/08/29 13:19:21 | 000,002,240 | ---- | M] () -- C:\{58C725D2-43AA-49DB-8210-07FB1C940070}
[2012/08/29 13:05:55 | 000,002,240 | ---- | M] () -- C:\{B87C7F89-69F8-46E0-AAFC-1C7D80BF72A1}
[2012/08/29 12:48:55 | 000,003,128 | ---- | M] () -- C:\{B3E49D9F-C434-441C-BC3E-297085C1C81A}
[2012/08/29 08:51:41 | 000,003,128 | ---- | M] () -- C:\{854BE175-B0BA-4705-B64A-8B1F6B06A2E5}
[2012/08/29 08:49:01 | 000,003,128 | ---- | M] () -- C:\{99AFBCB0-38D5-4298-B121-91A3A338A1D4}
[2012/08/28 21:50:00 | 000,003,128 | ---- | M] () -- C:\{72DC70B9-5EF5-486B-94A7-0A2A1EF414E7}
[2012/08/28 09:36:46 | 000,154,332 | ---- | M] () -- C:\windows\hppins08.dat
[2012/08/28 09:36:43 | 000,000,733 | ---- | M] () -- C:\windows\hpbvspst.his
[2012/08/28 09:36:43 | 000,000,392 | ---- | M] () -- C:\windows\hpbvspst.ini
[2012/08/28 09:36:28 | 000,000,524 | ---- | M] () -- C:\windows\hpbvspst.hi1
[2012/08/28 09:36:28 | 000,000,316 | ---- | M] () -- C:\windows\hpbvspst.bu1
[2012/08/27 23:27:56 | 000,003,168 | ---- | M] () -- C:\{16155F60-CFE3-4366-B41F-BA3DC2D57B8B}
[2012/08/27 21:59:32 | 000,003,168 | ---- | M] () -- C:\{A4E99CD0-7A90-4480-AF40-F225BA00275E}
[2012/08/27 17:01:49 | 000,154,332 | ---- | M] () -- C:\windows\hppins08.dat.temp
[2012/08/27 17:01:46 | 000,000,733 | ---- | M] () -- C:\windows\hpbvspst.hi2
[2012/08/27 17:01:46 | 000,000,392 | ---- | M] () -- C:\windows\hpbvspst.bu2
[2012/08/27 07:34:50 | 000,003,168 | ---- | M] () -- C:\{4E10D4BD-7B04-48AC-8C14-5E6D25E2E0CC}
[2012/08/27 07:17:24 | 000,003,192 | ---- | M] () -- C:\{4CD07928-9D7F-4A93-8509-70FF9E9B5E16}
[2012/08/27 06:52:30 | 000,003,168 | ---- | M] () -- C:\{E7FD9D52-890D-4186-8F9C-1BB7B8B53815}
[2012/08/27 06:26:54 | 000,003,168 | ---- | M] () -- C:\{2ECC07C2-2376-453D-A024-3482934EEE94}
[2012/08/27 06:16:02 | 000,003,168 | ---- | M] () -- C:\{44E2112D-4926-4A22-ACC2-91F492C117C4}
[2012/08/27 06:13:14 | 000,003,192 | ---- | M] () -- C:\{552180D7-079B-470E-B925-C16E62055820}
[2012/08/27 05:58:43 | 000,003,192 | ---- | M] () -- C:\{54417B5D-1574-4975-B838-5A85BC35C44E}
[2012/08/27 05:54:55 | 000,003,168 | ---- | M] () -- C:\{59261EB2-D702-4F51-92A3-5AFCA98A6A3F}
[2012/08/27 05:31:13 | 000,003,192 | ---- | M] () -- C:\{3D46AAFC-420C-4157-941C-A9FDEC9C685E}
[2012/08/27 05:29:55 | 000,003,192 | ---- | M] () -- C:\{9FA1BCC7-7C64-4EBF-98AC-737AE7467DC9}
[2012/08/27 05:28:23 | 000,003,168 | ---- | M] () -- C:\{38EF06F8-DB97-4651-8E21-43E1368302E9}
[2012/08/27 05:20:41 | 000,003,192 | ---- | M] () -- C:\{31872568-8051-4EC4-9549-79B36D42ED72}
[2012/08/27 05:13:04 | 000,003,168 | ---- | M] () -- C:\{D264F097-922E-4D58-8A1A-E95526747BD8}
[2012/08/27 05:12:01 | 000,003,192 | ---- | M] () -- C:\{797B1DE8-5F2E-4501-9907-85C5E013420D}
[2012/08/27 05:10:58 | 000,003,168 | ---- | M] () -- C:\{790FB7C3-1CE7-42FF-AADD-63D6F6379AA6}
[2012/08/27 04:55:45 | 000,003,192 | ---- | M] () -- C:\{B9D7868D-FF08-42E6-809F-19F1E8E4A194}
[2012/08/27 04:40:44 | 000,003,168 | ---- | M] () -- C:\{3B2E1758-C42A-4DC6-A2D9-FC62CE2E1FC4}
[2012/08/27 04:27:11 | 000,003,192 | ---- | M] () -- C:\{9E016C95-8B89-4ECB-AA22-07261880BAFE}
[2012/08/27 04:11:33 | 000,003,168 | ---- | M] () -- C:\{7E5E009B-A596-45F6-91D1-C26EC30EF060}
[2012/08/27 03:58:56 | 000,003,192 | ---- | M] () -- C:\{8F9169D2-481E-4913-8E3E-117400ADF2AB}
[2012/08/27 03:43:34 | 000,003,168 | ---- | M] () -- C:\{18745425-3D5E-4CFC-A87F-72EDD710153C}
[2012/08/27 03:27:57 | 000,003,192 | ---- | M] () -- C:\{BD3D45C5-8BF7-4198-B845-A70B9CC0B163}
[2012/08/27 03:14:12 | 000,003,168 | ---- | M] () -- C:\{E4E2262B-492B-4C90-9514-EB9FF3AD4C57}
[2012/08/27 03:02:24 | 000,003,192 | ---- | M] () -- C:\{7F1DA728-5FF8-4CF0-942A-97B1AC4E8BD4}
[2012/08/27 02:54:44 | 000,003,168 | ---- | M] () -- C:\{22BF0279-E4FE-4B17-8417-D7768C8926D2}
[2012/08/27 02:42:29 | 000,002,360 | ---- | M] () -- C:\{51D68F4E-39A6-47C4-8BE4-434109A4F3F5}
[2012/08/27 02:37:59 | 000,002,256 | ---- | M] () -- C:\{85E7252F-AEE1-4889-AE03-2438BC724C94}
[2012/08/27 02:31:32 | 000,003,192 | ---- | M] () -- C:\{A1D87CF4-367A-4168-9389-F4AE1F663DD8}
[2012/08/27 02:25:08 | 000,003,168 | ---- | M] () -- C:\{007F42BC-BDD9-4CD0-8DA8-25732A07FFE3}
[2012/08/27 02:18:37 | 000,003,192 | ---- | M] () -- C:\{35D4D92D-61FC-4DE8-A2E9-6FB58000A91E}
[2012/08/27 02:11:55 | 000,003,168 | ---- | M] () -- C:\{09C6F392-9DFB-41F9-A7C2-A6E3614342AF}
[2012/08/27 02:04:09 | 000,003,192 | ---- | M] () -- C:\{E939DFD1-04B7-44EA-921A-F8634EA93F12}
[2012/08/27 02:00:27 | 000,003,168 | ---- | M] () -- C:\{AA7CE832-1273-488E-8704-0A10270793A6}
[2012/08/27 01:56:39 | 000,003,192 | ---- | M] () -- C:\{D7F31B1C-AE9F-4BBA-9F99-4DD2CEC30F55}
[2012/08/27 01:51:44 | 000,003,168 | ---- | M] () -- C:\{1B9FFD69-3BDC-4AAB-922F-9F190C0D0819}
[2012/08/27 01:43:28 | 000,002,424 | ---- | M] () -- C:\{06E94532-6D8D-4F1F-A834-94FEA44CFF4A}
[2012/08/27 01:38:23 | 000,002,856 | ---- | M] () -- C:\{0BE7830D-7895-4F8E-9013-6DCEBEBC7FB6}
[2012/08/27 01:29:32 | 000,003,192 | ---- | M] () -- C:\{61FB13D2-7940-4EF6-81ED-3391BC7BDDB8}
[2012/08/27 01:23:13 | 000,003,168 | ---- | M] () -- C:\{02A88FF2-2827-476D-A88E-474ACA1FC57F}
[2012/08/27 01:16:30 | 000,003,192 | ---- | M] () -- C:\{DAE744A3-3450-434C-BF1F-BBB1E75AEB97}
[2012/08/27 01:09:58 | 000,003,168 | ---- | M] () -- C:\{B2424844-1023-40A3-A610-1B20E331C877}
[2012/08/27 01:03:18 | 000,003,192 | ---- | M] () -- C:\{2D38A9B7-4C7A-4C7B-A97C-9F1A9D9CC54F}
[2012/08/27 00:56:11 | 000,003,168 | ---- | M] () -- C:\{32A37D5E-7E65-42DF-9787-CEA4154BFDBF}
[2012/08/27 00:49:40 | 000,003,192 | ---- | M] () -- C:\{3EBC872C-E6F7-4DE5-86DB-F9603E80443E}
[2012/08/27 00:43:02 | 000,003,168 | ---- | M] () -- C:\{663525C9-77A0-4FC2-BB3D-8C1FA26FDFD7}
[2012/08/27 00:36:11 | 000,003,192 | ---- | M] () -- C:\{7203AB3B-22C2-4535-96B1-6A0B7EA95F21}
[2012/08/27 00:29:26 | 000,003,168 | ---- | M] () -- C:\{0F348110-A2AA-4751-B4FC-4ED368625A8D}
[2012/08/27 00:22:44 | 000,003,192 | ---- | M] () -- C:\{E8FE0B1A-5490-4A9B-A993-180DBB473604}
[2012/08/27 00:16:08 | 000,003,168 | ---- | M] () -- C:\{4871B192-0475-4C77-A79B-B369005BCDE2}
[2012/08/27 00:09:22 | 000,003,192 | ---- | M] () -- C:\{44F642B2-A475-411F-92B8-7BAA68868F29}
[2012/08/27 00:02:53 | 000,003,168 | ---- | M] () -- C:\{E5EBBBA1-3C9A-4026-B072-AC8BCE3B515A}
[2012/08/26 23:56:37 | 000,003,168 | ---- | M] () -- C:\{A6BF8615-A99D-4ABF-AFA0-5F2ED58FDFD1}
[2012/08/26 23:49:49 | 000,003,192 | ---- | M] () -- C:\{13897D9B-8BF9-4C63-A49B-FA2507254154}
[2012/08/26 23:42:49 | 000,003,192 | ---- | M] () -- C:\{54C3433A-6975-49A7-B15D-4656AEC94308}
[2012/08/26 23:35:48 | 000,003,168 | ---- | M] () -- C:\{772B44D7-714D-4FD7-AE86-495986A00A2D}
[2012/08/26 23:27:41 | 000,003,192 | ---- | M] () -- C:\{4ED516C9-0012-44CB-B436-AC888FC23194}
[2012/08/26 23:21:07 | 000,003,168 | ---- | M] () -- C:\{59261146-4BF1-495C-A5EE-9A120693FD57}
[2012/08/26 23:14:29 | 000,003,168 | ---- | M] () -- C:\{3786DFB1-7BD6-4C45-88A1-9774B8F7819E}
[2012/08/26 23:08:01 | 000,003,192 | ---- | M] () -- C:\{16B81A89-5599-43B9-8E86-BCA917514A8E}
[2012/08/26 23:01:04 | 000,003,192 | ---- | M] () -- C:\{CAD94E47-E3B5-4B3E-95C3-19AF5A8CFA15}
[2012/08/26 22:54:37 | 000,003,168 | ---- | M] () -- C:\{8C26E315-CC85-457F-8335-D00D2DCFC42A}
[2012/08/26 22:47:54 | 000,003,192 | ---- | M] () -- C:\{ACDE1898-21CF-4981-90DB-07ECEA89624B}
[2012/08/26 22:41:20 | 000,003,168 | ---- | M] () -- C:\{94D683BB-5C78-42A1-A5FF-8D0EB6C9446F}
[2012/08/26 22:34:37 | 000,003,168 | ---- | M] () -- C:\{D532E393-D7FE-417D-9823-900DD64E70AA}
[2012/08/26 22:28:08 | 000,003,192 | ---- | M] () -- C:\{4E12E152-6A0D-4DBE-858A-439FDF1F04B0}
[2012/08/26 22:21:30 | 000,003,192 | ---- | M] () -- C:\{0672694C-2E3B-48CD-8E7C-8AA6D89098D7}
[2012/08/26 22:14:29 | 000,003,168 | ---- | M] () -- C:\{86FEF14E-9BB7-41AA-BAFD-7C27FD1CAAFB}
[2012/08/26 22:07:41 | 000,003,192 | ---- | M] () -- C:\{261CE2A9-3778-48EB-AC6B-40C46C91BAE0}
[2012/08/26 22:00:22 | 000,003,168 | ---- | M] () -- C:\{472BCEE4-02FA-4112-9CDA-FE41DDA63D41}
[2012/08/26 21:53:22 | 000,003,192 | ---- | M] () -- C:\{EC573A94-76B7-4370-810B-9184F395B960}
[2012/08/26 21:47:58 | 000,003,168 | ---- | M] () -- C:\{8AF87C00-6DB3-4ADE-8223-7C807D8235F0}
[2012/08/26 21:42:34 | 000,003,192 | ---- | M] () -- C:\{9B8D3CF4-96B2-42A1-BA9E-723F5AB1F36A}
[2012/08/26 21:36:19 | 000,003,168 | ---- | M] () -- C:\{937343FE-BDBE-4861-AF0D-4961C520FFDE}
[2012/08/26 21:30:22 | 000,003,192 | ---- | M] () -- C:\{988B1A48-675B-4892-B886-BF6DA6AFED62}
[2012/08/26 21:23:35 | 000,003,168 | ---- | M] () -- C:\{6DE38B91-9503-45CE-A11A-A6DF08836D0D}
[2012/08/26 21:19:22 | 000,003,168 | ---- | M] () -- C:\{F67C339E-9310-4845-A607-E4B4A3ECA116}
[2012/08/26 21:11:27 | 000,003,192 | ---- | M] () -- C:\{FB0C94E5-21F0-408B-98A1-A429A1504334}
[2012/08/26 21:05:10 | 000,003,192 | ---- | M] () -- C:\{93289DDB-CD97-419F-904B-3E8A88E2FBF7}
[2012/08/26 21:00:23 | 000,003,168 | ---- | M] () -- C:\{1A975C1E-0987-4E70-ACE9-BE0AEC32124D}
[2012/08/26 20:56:55 | 000,003,192 | ---- | M] () -- C:\{79390CA4-2F04-4D2D-95E3-5281B3D6BE5D}
[2012/08/26 20:50:33 | 000,003,168 | ---- | M] () -- C:\{79068B1D-655E-46A6-942C-067D2A9E3DFF}
[2012/08/26 20:44:22 | 000,003,192 | ---- | M] () -- C:\{B35FA9B7-A64B-4221-8799-69250DA69FD7}
[2012/08/26 20:38:05 | 000,003,168 | ---- | M] () -- C:\{BCC40A1C-50B4-4C43-AAEB-5EB1111D8270}
[2012/08/26 20:32:33 | 000,003,192 | ---- | M] () -- C:\{26634504-1B0C-4C4E-A57E-822AEA6A5733}
[2012/08/26 20:26:09 | 000,003,168 | ---- | M] () -- C:\{29A3860B-6290-46FA-A32C-D9D1CA659550}
[2012/08/24 16:15:49 | 000,003,168 | ---- | M] () -- C:\{B0FEF934-D317-4415-A26E-8B50E1706084}
[2012/08/23 23:00:11 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\FixZeroAccess.sys
[2012/08/23 16:51:01 | 000,001,325 | ---- | M] () -- C:\Users\Public\Desktop\VMware View Client.lnk
[2012/08/22 20:49:57 | 000,003,192 | ---- | M] () -- C:\{1C69F3EB-5739-4094-B10B-DBD8C5F5FF04}
[2012/08/22 20:45:39 | 000,003,168 | ---- | M] () -- C:\{A8491215-D97C-4039-88F3-27BCE0FCFABA}
[2012/08/22 20:31:29 | 000,003,168 | ---- | M] () -- C:\{A00FDA31-71E0-4CA7-94C0-B44A093559B8}
[2012/08/22 20:03:45 | 000,003,168 | ---- | M] () -- C:\{1393051B-A571-4241-AC4E-9128FA954CB7}
[2012/08/22 20:02:19 | 000,003,168 | ---- | M] () -- C:\{A17B9DAE-9BB3-469E-A6F7-C8E7D1FB269D}
[2012/08/22 19:35:55 | 000,003,160 | ---- | M] () -- C:\{B5383519-1BC3-4B65-9129-835E8F855564}
[2012/08/22 19:04:27 | 000,003,128 | ---- | M] () -- C:\{9B485D98-9770-43AD-89CE-B90FA125A568}
[2012/08/22 18:25:37 | 000,003,168 | ---- | M] () -- C:\{7C86F62B-7B97-45B0-96DA-13EA5C99F24D}
[2012/08/22 18:17:46 | 000,003,168 | ---- | M] () -- C:\{827AB113-E3E9-48D9-B368-4341AABC51BE}
[2012/08/22 17:30:01 | 000,003,160 | ---- | M] () -- C:\{7E52FE86-80AF-4BC3-B63F-451B032040A9}
[2012/08/22 17:23:33 | 000,003,192 | ---- | M] () -- C:\{AD91554F-2373-4F27-A7A6-CF68D994FA96}
[2012/08/22 17:17:28 | 000,003,168 | ---- | M] () -- C:\{882DFF59-1A98-475C-BC36-6DE64BB86B10}
[2012/08/22 17:10:59 | 000,003,472 | ---- | M] () -- C:\{8F1EA7DB-17C2-4A57-A9B6-19935AFF95BA}
[2012/08/22 17:04:15 | 000,003,320 | ---- | M] () -- C:\{3F22011B-48B3-4970-A2F9-1C4A3D0FF3E0}
[2012/08/22 16:57:28 | 000,003,160 | ---- | M] () -- C:\{06602612-1253-413A-B68C-FA3DEA19FA71}
[2012/08/22 16:49:49 | 000,003,192 | ---- | M] () -- C:\{E4ADB819-5699-49FC-AE8D-8283DBE20EF1}
[2012/08/22 16:42:59 | 000,003,168 | ---- | M] () -- C:\{0B8DA6EC-CEA7-4488-8E4F-6378B173EF1A}
[2012/08/22 16:36:10 | 000,003,168 | ---- | M] () -- C:\{CEC5649A-E6BD-4030-8E41-CFD839F28B6E}
[2012/08/22 16:29:30 | 000,003,160 | ---- | M] () -- C:\{6DFAB4FC-63DA-484F-A62D-9DA1E0966AEC}
[2012/08/22 16:20:15 | 000,003,192 | ---- | M] () -- C:\{2706DD1E-7A0D-42F9-9ECF-1BD7D17B39D7}
[2012/08/22 16:08:36 | 000,003,168 | ---- | M] () -- C:\{B9B01496-A7BF-40DC-9357-181921400CD3}
[2012/08/22 15:57:47 | 000,003,168 | ---- | M] () -- C:\{A8B8C87A-A5AD-4495-8C98-39959EE60FCF}
[2012/08/22 15:51:15 | 000,003,160 | ---- | M] () -- C:\{3B89C180-07E4-4582-A151-17FE5048CC72}
[2012/08/22 15:44:56 | 000,003,192 | ---- | M] () -- C:\{9AFD7FF8-536D-4DCE-9604-1FC1DE758EFA}
[2012/08/22 15:38:13 | 000,003,168 | ---- | M] () -- C:\{E545CE53-6B5B-49F5-89C0-96CE54C05B02}
[2012/08/22 15:30:39 | 000,003,168 | ---- | M] () -- C:\{FDAECA24-A9B5-490A-8199-FBEBA537F95E}
[2012/08/22 15:23:46 | 000,003,160 | ---- | M] () -- C:\{413E0413-521D-4349-A0E2-AEAC2A57CAE4}
[2012/08/22 15:16:47 | 000,003,168 | ---- | M] () -- C:\{3F6C5E6C-3D55-451C-A62E-C6B22EA71ED8}
[2012/08/22 15:09:36 | 000,003,192 | ---- | M] () -- C:\{95A17765-B72D-44DA-9322-F050020641D7}
[2012/08/22 15:03:01 | 000,003,160 | ---- | M] () -- C:\{E28A78EE-B56C-48C6-8D8D-19E7A5A894F8}
[2012/08/22 14:55:16 | 000,003,168 | ---- | M] () -- C:\{1CBC0AA7-79AB-440C-A01E-06D794D01E7D}
[2012/08/22 14:48:13 | 000,003,192 | ---- | M] () -- C:\{C6CC8BA4-2F12-460D-AE1A-D14C32EB34A9}
[2012/08/22 14:41:51 | 000,003,168 | ---- | M] () -- C:\{0D27268C-EB15-4FA6-8042-FB437A459BF5}
[2012/08/22 14:33:51 | 000,003,168 | ---- | M] () -- C:\{BCCDAAEF-F439-4207-975E-EB7D3227DD0F}
[2012/08/22 14:26:31 | 000,003,160 | ---- | M] () -- C:\{27A34C47-4460-4763-962D-8AF2DCAC036B}
[2012/08/22 14:16:08 | 000,003,192 | ---- | M] () -- C:\{DDF000FE-6102-433D-A4BF-3050172F3254}
[2012/08/22 14:06:41 | 000,003,168 | ---- | M] () -- C:\{CC23A4FB-F944-4415-B878-E9EC79720501}
[2012/08/22 13:55:12 | 000,002,360 | ---- | M] () -- C:\{3B8F8721-CC1B-4151-88E2-667BD7B81F92}
[2012/08/22 13:38:48 | 000,002,256 | ---- | M] () -- C:\{46271224-84D4-4DFF-B784-9A33AB3E8CD7}
[2012/08/22 13:28:48 | 000,003,168 | ---- | M] () -- C:\{55F02BA1-06A7-4B0E-9963-797109B6558E}
[2012/08/22 13:18:47 | 000,003,160 | ---- | M] () -- C:\{ECABE8D8-A484-4A25-943E-6D02EEE3A1A4}
[2012/08/22 13:09:04 | 000,003,192 | ---- | M] () -- C:\{34D6C40C-B3C8-469A-9E8E-CA46609EF1E8}
[2012/08/22 13:00:16 | 000,003,168 | ---- | M] () -- C:\{404C2799-5F6F-4D9C-8654-08574844585A}
[2012/08/22 12:50:28 | 000,003,168 | ---- | M] () -- C:\{B1D7B7CD-6B6A-4F53-BFE1-558339111CE2}
[2012/08/22 12:39:37 | 000,003,160 | ---- | M] () -- C:\{173D4F36-8402-448D-B712-FBA87FEE2C01}
[2012/08/22 12:30:34 | 000,003,192 | ---- | M] () -- C:\{0560BFBA-178E-4B01-AB78-41A31B0C331B}
[2012/08/22 12:21:18 | 000,003,168 | ---- | M] () -- C:\{EE7885EB-B2E8-49FD-9243-BC1E91D0790C}
[2012/08/22 11:57:39 | 000,003,168 | ---- | M] () -- C:\{E1C5E2EF-3F31-4A00-ADA0-6E4FDB6CF74E}
[2012/08/22 11:16:31 | 000,003,192 | ---- | M] () -- C:\{93A4726C-B5CB-4E46-94EC-A58FA89157F4}
[2012/08/22 11:14:59 | 000,003,168 | ---- | M] () -- C:\{DA801D02-C985-49F3-874E-617038975132}
[2012/08/22 11:03:54 | 000,003,192 | ---- | M] () -- C:\{683545E1-C95F-4F1A-BE62-4AC57BE7BB07}
[2012/08/22 10:58:09 | 000,003,168 | ---- | M] () -- C:\{85F3975B-3814-40DF-84D2-D6D9117803E1}
[2012/08/20 22:08:41 | 000,003,160 | ---- | M] () -- C:\{92D61E61-717D-4330-AA8D-C196C999CAC8}
[2012/08/20 22:05:18 | 000,003,168 | ---- | M] () -- C:\{D4CAAB1C-6BEC-4789-8448-6381A0CE9F0F}
[2012/08/20 21:57:00 | 000,003,192 | ---- | M] () -- C:\{C5A9D8DE-AEA0-47CC-8224-B359C6D64BB3}
[2012/08/20 21:47:42 | 000,003,168 | ---- | M] () -- C:\{81BB429E-31E4-4A02-8F6F-EB1566E8A237}
[2012/08/20 21:15:52 | 000,003,168 | ---- | M] () -- C:\{B3FE7E9C-5EAE-4CC3-98EA-43B23AA64D8A}
[2012/08/20 14:24:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/19 12:58:08 | 000,003,192 | ---- | M] () -- C:\{9334061B-8657-4959-9CA5-6B4AFDD6B6DB}
[2012/08/19 12:43:29 | 000,003,168 | ---- | M] () -- C:\{4B6A520C-53D3-4D1E-A555-1F13FFEE3249}
[2012/08/19 12:40:01 | 000,003,168 | ---- | M] () -- C:\{37750AEC-AA8B-4E99-85AF-18EF33B6793E}
[2012/08/19 12:14:25 | 000,003,168 | ---- | M] () -- C:\{ED1BCF3C-12BC-40B1-87A6-7B6226D930E8}
[2012/08/19 12:05:30 | 000,003,168 | ---- | M] () -- C:\{74F6E4F8-3357-4F52-BE21-C1B6585A8993}
[2012/08/19 11:25:11 | 000,003,192 | ---- | M] () -- C:\{8331D4A7-FA9A-449A-993B-8A54174B53B2}
[2012/08/18 20:28:55 | 000,003,192 | ---- | M] () -- C:\{B41BCE8B-8327-4027-9D00-19FE4A000E0D}
[2012/08/18 20:25:23 | 000,003,168 | ---- | M] () -- C:\{6A48205F-D6FA-4B2F-85A7-3A1E4F49AD87}
[2012/08/18 20:15:41 | 000,003,168 | ---- | M] () -- C:\{870E820D-4737-485E-8C20-3363AA2968CB}
[2012/08/14 14:51:56 | 000,430,672 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/14 14:39:00 | 000,003,168 | ---- | M] () -- C:\{5F43D11C-968B-4FC2-8033-853DDA105279}
[2012/08/14 14:28:30 | 000,003,168 | ---- | M] () -- C:\{7EAA41B2-BAFC-48FF-9DD1-835736ACB458}
[2012/08/14 14:25:45 | 000,003,168 | ---- | M] () -- C:\{3BBB27CF-EF53-4C93-A8B0-4DA74AB93423}
[2012/08/14 13:03:10 | 000,003,168 | ---- | M] () -- C:\{97476F37-2466-4CA9-8208-C1E1C41AF0EF}
[2012/08/14 12:58:10 | 000,003,192 | ---- | M] () -- C:\{94C3A42A-1F86-418B-AD0A-007DCBBA01C6}
[2012/08/14 12:57:01 | 000,003,168 | ---- | M] () -- C:\{914EB9D7-E303-4BAF-8A78-4B7F10F20CEE}
[2012/08/14 12:55:32 | 000,003,168 | ---- | M] () -- C:\{1E12AFF7-C1B1-48DB-A7F9-8AF399D10CEE}
[2012/08/14 11:57:06 | 000,003,168 | ---- | M] () -- C:\{6683579B-4F07-4D42-8E1F-F2434F58F006}
[2012/08/14 11:55:39 | 000,003,168 | ---- | M] () -- C:\{0284EB07-E85C-426F-849B-2440CFF00573}
[7 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/09/05 14:06:22 | 000,732,477 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\211263.pdf
[2012/09/05 13:58:38 | 000,003,192 | ---- | C] () -- C:\{B5FA2FC5-682E-49AC-A9C3-1AB704E86A75}
[2012/09/05 10:10:38 | 000,003,168 | ---- | C] () -- C:\{88DC289C-1C9D-460E-8EDF-AF8D9299EDF9}
[2012/09/05 10:08:46 | 000,003,192 | ---- | C] () -- C:\{426B2890-CEB9-4AC5-93F3-EE7A28599302}
[2012/09/04 20:21:55 | 000,003,192 | ---- | C] () -- C:\{E112FD48-CED0-4D0C-9584-FBDC49C593E2}
[2012/09/04 15:06:33 | 000,003,192 | ---- | C] () -- C:\{64F3BD50-87EC-44EB-8BEF-B97D910168B6}
[2012/09/04 13:46:19 | 000,003,192 | ---- | C] () -- C:\{388FFD71-34A4-4DB8-BCC5-75492A71FECE}
[2012/09/04 13:13:25 | 000,003,168 | ---- | C] () -- C:\{0611CB42-BF1E-4090-A2BC-C3B79E66992A}
[2012/09/04 13:07:56 | 000,003,192 | ---- | C] () -- C:\{1AEA1DB9-A387-4D2D-8FAC-A0F8B4E50159}
[2012/09/04 12:55:10 | 000,003,192 | ---- | C] () -- C:\{435B21CD-EC98-40A6-92B0-EF2C3712B64B}
[2012/09/04 11:12:42 | 000,003,168 | ---- | C] () -- C:\{D5D548BA-E666-4CA1-A0D2-52CF45651A45}
[2012/09/04 09:34:41 | 000,003,168 | ---- | C] () -- C:\{7799089E-E0B0-4429-9712-174BBCD61807}
[2012/09/03 15:51:13 | 000,003,168 | ---- | C] () -- C:\{1D2D849C-8EEB-482E-9953-F82581B13087}
[2012/08/30 15:32:01 | 000,003,168 | ---- | C] () -- C:\{93936D02-423B-4DAB-BC17-92A623552F3F}
[2012/08/30 13:17:02 | 000,003,168 | ---- | C] () -- C:\{31938262-EDFC-4ACE-AE35-6E632FB6236E}
[2012/08/30 13:07:42 | 000,003,168 | ---- | C] () -- C:\{76007194-A200-4AB9-AA21-2ECF29EEE6D4}
[2012/08/30 12:27:30 | 000,003,168 | ---- | C] () -- C:\{A5CA7C0F-9931-4115-9AEB-D88291E4125C}
[2012/08/30 10:55:19 | 000,003,168 | ---- | C] () -- C:\{345A6389-813B-4E25-A576-277D8C79AA9B}
[2012/08/30 10:53:34 | 000,003,192 | ---- | C] () -- C:\{BE03BC01-8873-41C8-900E-042464089E7F}
[2012/08/30 10:42:15 | 000,003,168 | ---- | C] () -- C:\{76B2AC76-E2A5-410A-BA81-0A11F2AE7042}
[2012/08/30 10:00:31 | 000,003,168 | ---- | C] () -- C:\{370C0DA4-BDE0-4694-BA49-3CA80E593737}
[2012/08/30 09:41:30 | 000,003,152 | ---- | C] () -- C:\{DB8E9FBC-AEA6-4143-ABED-A9E82C8275C0}
[2012/08/30 09:34:30 | 000,003,128 | ---- | C] () -- C:\{0B59A272-95DB-46F7-AF45-5DA35C51A8D4}
[2012/08/30 09:21:52 | 000,003,128 | ---- | C] () -- C:\{736B3B72-F853-4C7B-98F6-675516E28701}
[2012/08/30 08:30:25 | 000,003,128 | ---- | C] () -- C:\{02B0C4A6-F264-4142-8412-971E9285522A}
[2012/08/29 22:46:25 | 000,003,152 | ---- | C] () -- C:\{83A3C42D-5BA5-45D9-A7CF-A3BDA0062B4A}
[2012/08/29 22:32:37 | 000,003,128 | ---- | C] () -- C:\{310320F5-8E4E-4BAB-9761-AEB335A4377D}
[2012/08/29 22:17:08 | 000,003,128 | ---- | C] () -- C:\{5D9C7A1B-28CF-44EB-A362-D5689EB30C6A}
[2012/08/29 21:45:25 | 000,003,128 | ---- | C] () -- C:\{C87F3131-21BE-4CE3-993A-3215B9931ECF}
[2012/08/29 20:52:56 | 000,003,128 | ---- | C] () -- C:\{69951E90-408D-4B9C-ACA6-22D5FAE3FA3F}
[2012/08/29 18:30:22 | 000,003,128 | ---- | C] () -- C:\{F32460BE-E85B-4970-A4AC-D5EF451641A4}
[2012/08/29 18:27:06 | 000,003,128 | ---- | C] () -- C:\{89BEA620-732B-445F-8EB4-F21EE6910B96}
[2012/08/29 18:12:44 | 000,003,152 | ---- | C] () -- C:\{4F25CED8-9DB0-40A8-A1B2-395712CE4696}
[2012/08/29 17:17:57 | 000,003,152 | ---- | C] () -- C:\{1C448458-BA17-47ED-9729-2DDAA3B857F4}
[2012/08/29 17:15:09 | 000,003,128 | ---- | C] () -- C:\{38639907-009A-49AE-90A0-9D3497AC1EBA}
[2012/08/29 17:12:39 | 000,003,128 | ---- | C] () -- C:\{97A1072A-670B-4A7B-A3EF-D70320278FC9}
[2012/08/29 17:00:33 | 000,003,128 | ---- | C] () -- C:\{1CB26035-99AF-40FF-9D06-8EA2DDF2A5E8}
[2012/08/29 16:45:30 | 000,003,128 | ---- | C] () -- C:\{420C844B-F5F4-4889-83B2-46A66229C251}
[2012/08/29 14:09:26 | 000,003,128 | ---- | C] () -- C:\{C777B7B6-A64E-4B9B-9146-101458A4E4AB}
[2012/08/29 14:03:36 | 000,003,128 | ---- | C] () -- C:\{354F6235-80AD-48A7-B6D4-4C15643080C2}
[2012/08/29 13:39:45 | 000,003,128 | ---- | C] () -- C:\{5C553A34-1088-464B-8EB9-3D97A2A294E7}
[2012/08/29 13:34:33 | 000,003,128 | ---- | C] () -- C:\{57DE245F-655C-4571-95BF-2ED2761617F6}
[2012/08/29 13:19:19 | 000,002,240 | ---- | C] () -- C:\{58C725D2-43AA-49DB-8210-07FB1C940070}
[2012/08/29 13:05:52 | 000,002,240 | ---- | C] () -- C:\{B87C7F89-69F8-46E0-AAFC-1C7D80BF72A1}
[2012/08/29 12:48:55 | 000,003,128 | ---- | C] () -- C:\{B3E49D9F-C434-441C-BC3E-297085C1C81A}
[2012/08/29 08:51:40 | 000,003,128 | ---- | C] () -- C:\{854BE175-B0BA-4705-B64A-8B1F6B06A2E5}
[2012/08/29 08:49:00 | 000,003,128 | ---- | C] () -- C:\{99AFBCB0-38D5-4298-B121-91A3A338A1D4}
[2012/08/28 21:49:59 | 000,003,128 | ---- | C] () -- C:\{72DC70B9-5EF5-486B-94A7-0A2A1EF414E7}
[2012/08/27 23:27:56 | 000,003,168 | ---- | C] () -- C:\{16155F60-CFE3-4366-B41F-BA3DC2D57B8B}
[2012/08/27 21:59:32 | 000,003,168 | ---- | C] () -- C:\{A4E99CD0-7A90-4480-AF40-F225BA00275E}
[2012/08/27 07:34:50 | 000,003,168 | ---- | C] () -- C:\{4E10D4BD-7B04-48AC-8C14-5E6D25E2E0CC}
[2012/08/27 07:17:24 | 000,003,192 | ---- | C] () -- C:\{4CD07928-9D7F-4A93-8509-70FF9E9B5E16}
[2012/08/27 06:52:29 | 000,003,168 | ---- | C] () -- C:\{E7FD9D52-890D-4186-8F9C-1BB7B8B53815}
[2012/08/27 06:26:53 | 000,003,168 | ---- | C] () -- C:\{2ECC07C2-2376-453D-A024-3482934EEE94}
[2012/08/27 06:16:00 | 000,003,168 | ---- | C] () -- C:\{44E2112D-4926-4A22-ACC2-91F492C117C4}
[2012/08/27 06:13:12 | 000,003,192 | ---- | C] () -- C:\{552180D7-079B-470E-B925-C16E62055820}
[2012/08/27 05:58:42 | 000,003,192 | ---- | C] () -- C:\{54417B5D-1574-4975-B838-5A85BC35C44E}
[2012/08/27 05:54:54 | 000,003,168 | ---- | C] () -- C:\{59261EB2-D702-4F51-92A3-5AFCA98A6A3F}
[2012/08/27 05:31:03 | 000,003,192 | ---- | C] () -- C:\{3D46AAFC-420C-4157-941C-A9FDEC9C685E}
[2012/08/27 05:29:39 | 000,003,192 | ---- | C] () -- C:\{9FA1BCC7-7C64-4EBF-98AC-737AE7467DC9}
[2012/08/27 05:28:20 | 000,003,168 | ---- | C] () -- C:\{38EF06F8-DB97-4651-8E21-43E1368302E9}
[2012/08/27 05:20:33 | 000,003,192 | ---- | C] () -- C:\{31872568-8051-4EC4-9549-79B36D42ED72}
[2012/08/27 05:13:02 | 000,003,168 | ---- | C] () -- C:\{D264F097-922E-4D58-8A1A-E95526747BD8}
[2012/08/27 05:11:58 | 000,003,192 | ---- | C] () -- C:\{797B1DE8-5F2E-4501-9907-85C5E013420D}
[2012/08/27 05:10:55 | 000,003,168 | ---- | C] () -- C:\{790FB7C3-1CE7-42FF-AADD-63D6F6379AA6}
[2012/08/27 04:55:41 | 000,003,192 | ---- | C] () -- C:\{B9D7868D-FF08-42E6-809F-19F1E8E4A194}
[2012/08/27 04:40:43 | 000,003,168 | ---- | C] () -- C:\{3B2E1758-C42A-4DC6-A2D9-FC62CE2E1FC4}
[2012/08/27 04:27:10 | 000,003,192 | ---- | C] () -- C:\{9E016C95-8B89-4ECB-AA22-07261880BAFE}
[2012/08/27 04:11:31 | 000,003,168 | ---- | C] () -- C:\{7E5E009B-A596-45F6-91D1-C26EC30EF060}
[2012/08/27 03:58:54 | 000,003,192 | ---- | C] () -- C:\{8F9169D2-481E-4913-8E3E-117400ADF2AB}
[2012/08/27 03:43:30 | 000,003,168 | ---- | C] () -- C:\{18745425-3D5E-4CFC-A87F-72EDD710153C}
[2012/08/27 03:27:56 | 000,003,192 | ---- | C] () -- C:\{BD3D45C5-8BF7-4198-B845-A70B9CC0B163}
[2012/08/27 03:14:10 | 000,003,168 | ---- | C] () -- C:\{E4E2262B-492B-4C90-9514-EB9FF3AD4C57}
[2012/08/27 03:02:23 | 000,003,192 | ---- | C] () -- C:\{7F1DA728-5FF8-4CF0-942A-97B1AC4E8BD4}
[2012/08/27 02:54:42 | 000,003,168 | ---- | C] () -- C:\{22BF0279-E4FE-4B17-8417-D7768C8926D2}
[2012/08/27 02:42:28 | 000,002,360 | ---- | C] () -- C:\{51D68F4E-39A6-47C4-8BE4-434109A4F3F5}
[2012/08/27 02:37:58 | 000,002,256 | ---- | C] () -- C:\{85E7252F-AEE1-4889-AE03-2438BC724C94}
[2012/08/27 02:31:31 | 000,003,192 | ---- | C] () -- C:\{A1D87CF4-367A-4168-9389-F4AE1F663DD8}
[2012/08/27 02:25:07 | 000,003,168 | ---- | C] () -- C:\{007F42BC-BDD9-4CD0-8DA8-25732A07FFE3}
[2012/08/27 02:18:36 | 000,003,192 | ---- | C] () -- C:\{35D4D92D-61FC-4DE8-A2E9-6FB58000A91E}
[2012/08/27 02:11:53 | 000,003,168 | ---- | C] () -- C:\{09C6F392-9DFB-41F9-A7C2-A6E3614342AF}
[2012/08/27 02:04:08 | 000,003,192 | ---- | C] () -- C:\{E939DFD1-04B7-44EA-921A-F8634EA93F12}
[2012/08/27 02:00:26 | 000,003,168 | ---- | C] () -- C:\{AA7CE832-1273-488E-8704-0A10270793A6}
[2012/08/27 01:56:38 | 000,003,192 | ---- | C] () -- C:\{D7F31B1C-AE9F-4BBA-9F99-4DD2CEC30F55}
[2012/08/27 01:51:43 | 000,003,168 | ---- | C] () -- C:\{1B9FFD69-3BDC-4AAB-922F-9F190C0D0819}
[2012/08/27 01:43:27 | 000,002,424 | ---- | C] () -- C:\{06E94532-6D8D-4F1F-A834-94FEA44CFF4A}
[2012/08/27 01:38:22 | 000,002,856 | ---- | C] () -- C:\{0BE7830D-7895-4F8E-9013-6DCEBEBC7FB6}
[2012/08/27 01:29:31 | 000,003,192 | ---- | C] () -- C:\{61FB13D2-7940-4EF6-81ED-3391BC7BDDB8}
[2012/08/27 01:23:12 | 000,003,168 | ---- | C] () -- C:\{02A88FF2-2827-476D-A88E-474ACA1FC57F}
[2012/08/27 01:16:28 | 000,003,192 | ---- | C] () -- C:\{DAE744A3-3450-434C-BF1F-BBB1E75AEB97}
[2012/08/27 01:09:57 | 000,003,168 | ---- | C] () -- C:\{B2424844-1023-40A3-A610-1B20E331C877}
[2012/08/27 01:03:16 | 000,003,192 | ---- | C] () -- C:\{2D38A9B7-4C7A-4C7B-A97C-9F1A9D9CC54F}
[2012/08/27 00:56:10 | 000,003,168 | ---- | C] () -- C:\{32A37D5E-7E65-42DF-9787-CEA4154BFDBF}
[2012/08/27 00:49:38 | 000,003,192 | ---- | C] () -- C:\{3EBC872C-E6F7-4DE5-86DB-F9603E80443E}
[2012/08/27 00:43:01 | 000,003,168 | ---- | C] () -- C:\{663525C9-77A0-4FC2-BB3D-8C1FA26FDFD7}
[2012/08/27 00:36:10 | 000,003,192 | ---- | C] () -- C:\{7203AB3B-22C2-4535-96B1-6A0B7EA95F21}
[2012/08/27 00:29:25 | 000,003,168 | ---- | C] () -- C:\{0F348110-A2AA-4751-B4FC-4ED368625A8D}
[2012/08/27 00:22:43 | 000,003,192 | ---- | C] () -- C:\{E8FE0B1A-5490-4A9B-A993-180DBB473604}
[2012/08/27 00:16:06 | 000,003,168 | ---- | C] () -- C:\{4871B192-0475-4C77-A79B-B369005BCDE2}
[2012/08/27 00:09:21 | 000,003,192 | ---- | C] () -- C:\{44F642B2-A475-411F-92B8-7BAA68868F29}
[2012/08/27 00:02:52 | 000,003,168 | ---- | C] () -- C:\{E5EBBBA1-3C9A-4026-B072-AC8BCE3B515A}
[2012/08/26 23:56:36 | 000,003,168 | ---- | C] () -- C:\{A6BF8615-A99D-4ABF-AFA0-5F2ED58FDFD1}
[2012/08/26 23:49:48 | 000,003,192 | ---- | C] () -- C:\{13897D9B-8BF9-4C63-A49B-FA2507254154}
[2012/08/26 23:42:47 | 000,003,192 | ---- | C] () -- C:\{54C3433A-6975-49A7-B15D-4656AEC94308}
[2012/08/26 23:35:46 | 000,003,168 | ---- | C] () -- C:\{772B44D7-714D-4FD7-AE86-495986A00A2D}
[2012/08/26 23:27:40 | 000,003,192 | ---- | C] () -- C:\{4ED516C9-0012-44CB-B436-AC888FC23194}
[2012/08/26 23:21:05 | 000,003,168 | ---- | C] () -- C:\{59261146-4BF1-495C-A5EE-9A120693FD57}
[2012/08/26 23:14:28 | 000,003,168 | ---- | C] () -- C:\{3786DFB1-7BD6-4C45-88A1-9774B8F7819E}
[2012/08/26 23:07:59 | 000,003,192 | ---- | C] () -- C:\{16B81A89-5599-43B9-8E86-BCA917514A8E}
[2012/08/26 23:01:03 | 000,003,192 | ---- | C] () -- C:\{CAD94E47-E3B5-4B3E-95C3-19AF5A8CFA15}
[2012/08/26 22:54:36 | 000,003,168 | ---- | C] () -- C:\{8C26E315-CC85-457F-8335-D00D2DCFC42A}
[2012/08/26 22:47:53 | 000,003,192 | ---- | C] () -- C:\{ACDE1898-21CF-4981-90DB-07ECEA89624B}
[2012/08/26 22:41:19 | 000,003,168 | ---- | C] () -- C:\{94D683BB-5C78-42A1-A5FF-8D0EB6C9446F}
[2012/08/26 22:34:36 | 000,003,168 | ---- | C] () -- C:\{D532E393-D7FE-417D-9823-900DD64E70AA}
[2012/08/26 22:28:07 | 000,003,192 | ---- | C] () -- C:\{4E12E152-6A0D-4DBE-858A-439FDF1F04B0}
[2012/08/26 22:21:29 | 000,003,192 | ---- | C] () -- C:\{0672694C-2E3B-48CD-8E7C-8AA6D89098D7}
[2012/08/26 22:14:28 | 000,003,168 | ---- | C] () -- C:\{86FEF14E-9BB7-41AA-BAFD-7C27FD1CAAFB}
[2012/08/26 22:07:40 | 000,003,192 | ---- | C] () -- C:\{261CE2A9-3778-48EB-AC6B-40C46C91BAE0}
[2012/08/26 22:00:21 | 000,003,168 | ---- | C] () -- C:\{472BCEE4-02FA-4112-9CDA-FE41DDA63D41}
[2012/08/26 21:53:20 | 000,003,192 | ---- | C] () -- C:\{EC573A94-76B7-4370-810B-9184F395B960}
[2012/08/26 21:47:57 | 000,003,168 | ---- | C] () -- C:\{8AF87C00-6DB3-4ADE-8223-7C807D8235F0}
[2012/08/26 21:42:33 | 000,003,192 | ---- | C] () -- C:\{9B8D3CF4-96B2-42A1-BA9E-723F5AB1F36A}
[2012/08/26 21:36:17 | 000,003,168 | ---- | C] () -- C:\{937343FE-BDBE-4861-AF0D-4961C520FFDE}
[2012/08/26 21:30:21 | 000,003,192 | ---- | C] () -- C:\{988B1A48-675B-4892-B886-BF6DA6AFED62}
[2012/08/26 21:23:34 | 000,003,168 | ---- | C] () -- C:\{6DE38B91-9503-45CE-A11A-A6DF08836D0D}
[2012/08/26 21:19:19 | 000,003,168 | ---- | C] () -- C:\{F67C339E-9310-4845-A607-E4B4A3ECA116}
[2012/08/26 21:11:26 | 000,003,192 | ---- | C] () -- C:\{FB0C94E5-21F0-408B-98A1-A429A1504334}
[2012/08/26 21:05:09 | 000,003,192 | ---- | C] () -- C:\{93289DDB-CD97-419F-904B-3E8A88E2FBF7}
[2012/08/26 21:00:23 | 000,003,168 | ---- | C] () -- C:\{1A975C1E-0987-4E70-ACE9-BE0AEC32124D}
[2012/08/26 20:56:54 | 000,003,192 | ---- | C] () -- C:\{79390CA4-2F04-4D2D-95E3-5281B3D6BE5D}
[2012/08/26 20:50:32 | 000,003,168 | ---- | C] () -- C:\{79068B1D-655E-46A6-942C-067D2A9E3DFF}
[2012/08/26 20:44:21 | 000,003,192 | ---- | C] () -- C:\{B35FA9B7-A64B-4221-8799-69250DA69FD7}
[2012/08/26 20:38:04 | 000,003,168 | ---- | C] () -- C:\{BCC40A1C-50B4-4C43-AAEB-5EB1111D8270}
[2012/08/26 20:32:32 | 000,003,192 | ---- | C] () -- C:\{26634504-1B0C-4C4E-A57E-822AEA6A5733}
[2012/08/26 20:26:08 | 000,003,168 | ---- | C] () -- C:\{29A3860B-6290-46FA-A32C-D9D1CA659550}
[2012/08/24 16:15:49 | 000,003,168 | ---- | C] () -- C:\{B0FEF934-D317-4415-A26E-8B50E1706084}
[2012/08/23 16:50:57 | 000,001,325 | ---- | C] () -- C:\Users\Public\Desktop\VMware View Client.lnk
[2012/08/22 20:49:55 | 000,003,192 | ---- | C] () -- C:\{1C69F3EB-5739-4094-B10B-DBD8C5F5FF04}
[2012/08/22 20:45:37 | 000,003,168 | ---- | C] () -- C:\{A8491215-D97C-4039-88F3-27BCE0FCFABA}
[2012/08/22 20:31:25 | 000,003,168 | ---- | C] () -- C:\{A00FDA31-71E0-4CA7-94C0-B44A093559B8}
[2012/08/22 20:03:45 | 000,003,168 | ---- | C] () -- C:\{1393051B-A571-4241-AC4E-9128FA954CB7}
[2012/08/22 20:02:16 | 000,003,168 | ---- | C] () -- C:\{A17B9DAE-9BB3-469E-A6F7-C8E7D1FB269D}
[2012/08/22 19:35:52 | 000,003,160 | ---- | C] () -- C:\{B5383519-1BC3-4B65-9129-835E8F855564}
[2012/08/22 19:04:25 | 000,003,128 | ---- | C] () -- C:\{9B485D98-9770-43AD-89CE-B90FA125A568}
[2012/08/22 18:25:35 | 000,003,168 | ---- | C] () -- C:\{7C86F62B-7B97-45B0-96DA-13EA5C99F24D}
[2012/08/22 18:17:44 | 000,003,168 | ---- | C] () -- C:\{827AB113-E3E9-48D9-B368-4341AABC51BE}
[2012/08/22 17:30:00 | 000,003,160 | ---- | C] () -- C:\{7E52FE86-80AF-4BC3-B63F-451B032040A9}
[2012/08/22 17:23:31 | 000,003,192 | ---- | C] () -- C:\{AD91554F-2373-4F27-A7A6-CF68D994FA96}
[2012/08/22 17:17:27 | 000,003,168 | ---- | C] () -- C:\{882DFF59-1A98-475C-BC36-6DE64BB86B10}
[2012/08/22 17:10:58 | 000,003,472 | ---- | C] () -- C:\{8F1EA7DB-17C2-4A57-A9B6-19935AFF95BA}
[2012/08/22 17:04:14 | 000,003,320 | ---- | C] () -- C:\{3F22011B-48B3-4970-A2F9-1C4A3D0FF3E0}
[2012/08/22 16:57:27 | 000,003,160 | ---- | C] () -- C:\{06602612-1253-413A-B68C-FA3DEA19FA71}
[2012/08/22 16:49:48 | 000,003,192 | ---- | C] () -- C:\{E4ADB819-5699-49FC-AE8D-8283DBE20EF1}
[2012/08/22 16:42:58 | 000,003,168 | ---- | C] () -- C:\{0B8DA6EC-CEA7-4488-8E4F-6378B173EF1A}
[2012/08/22 16:36:10 | 000,003,168 | ---- | C] () -- C:\{CEC5649A-E6BD-4030-8E41-CFD839F28B6E}
[2012/08/22 16:29:29 | 000,003,160 | ---- | C] () -- C:\{6DFAB4FC-63DA-484F-A62D-9DA1E0966AEC}
[2012/08/22 16:20:13 | 000,003,192 | ---- | C] () -- C:\{2706DD1E-7A0D-42F9-9ECF-1BD7D17B39D7}
[2012/08/22 16:08:34 | 000,003,168 | ---- | C] () -- C:\{B9B01496-A7BF-40DC-9357-181921400CD3}
[2012/08/22 15:57:44 | 000,003,168 | ---- | C] () -- C:\{A8B8C87A-A5AD-4495-8C98-39959EE60FCF}
[2012/08/22 15:51:14 | 000,003,160 | ---- | C] () -- C:\{3B89C180-07E4-4582-A151-17FE5048CC72}
[2012/08/22 15:44:55 | 000,003,192 | ---- | C] () -- C:\{9AFD7FF8-536D-4DCE-9604-1FC1DE758EFA}
[2012/08/22 15:38:12 | 000,003,168 | ---- | C] () -- C:\{E545CE53-6B5B-49F5-89C0-96CE54C05B02}
[2012/08/22 15:30:38 | 000,003,168 | ---- | C] () -- C:\{FDAECA24-A9B5-490A-8199-FBEBA537F95E}
[2012/08/22 15:23:43 | 000,003,160 | ---- | C] () -- C:\{413E0413-521D-4349-A0E2-AEAC2A57CAE4}
[2012/08/22 15:16:46 | 000,003,168 | ---- | C] () -- C:\{3F6C5E6C-3D55-451C-A62E-C6B22EA71ED8}
[2012/08/22 15:09:35 | 000,003,192 | ---- | C] () -- C:\{95A17765-B72D-44DA-9322-F050020641D7}
[2012/08/22 15:03:00 | 000,003,160 | ---- | C] () -- C:\{E28A78EE-B56C-48C6-8D8D-19E7A5A894F8}
[2012/08/22 14:55:14 | 000,003,168 | ---- | C] () -- C:\{1CBC0AA7-79AB-440C-A01E-06D794D01E7D}
[2012/08/22 14:48:11 | 000,003,192 | ---- | C] () -- C:\{C6CC8BA4-2F12-460D-AE1A-D14C32EB34A9}
[2012/08/22 14:41:50 | 000,003,168 | ---- | C] () -- C:\{0D27268C-EB15-4FA6-8042-FB437A459BF5}
[2012/08/22 14:33:49 | 000,003,168 | ---- | C] () -- C:\{BCCDAAEF-F439-4207-975E-EB7D3227DD0F}
[2012/08/22 14:26:30 | 000,003,160 | ---- | C] () -- C:\{27A34C47-4460-4763-962D-8AF2DCAC036B}
[2012/08/22 14:16:08 | 000,003,192 | ---- | C] () -- C:\{DDF000FE-6102-433D-A4BF-3050172F3254}
[2012/08/22 14:06:40 | 000,003,168 | ---- | C] () -- C:\{CC23A4FB-F944-4415-B878-E9EC79720501}
[2012/08/22 13:55:04 | 000,002,360 | ---- | C] () -- C:\{3B8F8721-CC1B-4151-88E2-667BD7B81F92}
[2012/08/22 13:38:46 | 000,002,256 | ---- | C] () -- C:\{46271224-84D4-4DFF-B784-9A33AB3E8CD7}
[2012/08/22 13:28:45 | 000,003,168 | ---- | C] () -- C:\{55F02BA1-06A7-4B0E-9963-797109B6558E}
[2012/08/22 13:18:44 | 000,003,160 | ---- | C] () -- C:\{ECABE8D8-A484-4A25-943E-6D02EEE3A1A4}
[2012/08/22 13:09:02 | 000,003,192 | ---- | C] () -- C:\{34D6C40C-B3C8-469A-9E8E-CA46609EF1E8}
[2012/08/22 13:00:14 | 000,003,168 | ---- | C] () -- C:\{404C2799-5F6F-4D9C-8654-08574844585A}
[2012/08/22 12:50:26 | 000,003,168 | ---- | C] () -- C:\{B1D7B7CD-6B6A-4F53-BFE1-558339111CE2}
[2012/08/22 12:39:36 | 000,003,160 | ---- | C] () -- C:\{173D4F36-8402-448D-B712-FBA87FEE2C01}
[2012/08/22 12:30:33 | 000,003,192 | ---- | C] () -- C:\{0560BFBA-178E-4B01-AB78-41A31B0C331B}
[2012/08/22 12:21:16 | 000,003,168 | ---- | C] () -- C:\{EE7885EB-B2E8-49FD-9243-BC1E91D0790C}
[2012/08/22 11:57:38 | 000,003,168 | ---- | C] () -- C:\{E1C5E2EF-3F31-4A00-ADA0-6E4FDB6CF74E}
[2012/08/22 11:16:31 | 000,003,192 | ---- | C] () -- C:\{93A4726C-B5CB-4E46-94EC-A58FA89157F4}
[2012/08/22 11:14:58 | 000,003,168 | ---- | C] () -- C:\{DA801D02-C985-49F3-874E-617038975132}
[2012/08/22 11:03:53 | 000,003,192 | ---- | C] () -- C:\{683545E1-C95F-4F1A-BE62-4AC57BE7BB07}
[2012/08/22 10:58:08 | 000,003,168 | ---- | C] () -- C:\{85F3975B-3814-40DF-84D2-D6D9117803E1}
[2012/08/21 16:40:14 | 000,000,804 | ---- | C] () -- C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\L\00000004.@
[2012/08/20 22:08:39 | 000,003,160 | ---- | C] () -- C:\{92D61E61-717D-4330-AA8D-C196C999CAC8}
[2012/08/20 22:05:16 | 000,003,168 | ---- | C] () -- C:\{D4CAAB1C-6BEC-4789-8448-6381A0CE9F0F}
[2012/08/20 21:56:57 | 000,003,192 | ---- | C] () -- C:\{C5A9D8DE-AEA0-47CC-8224-B359C6D64BB3}
[2012/08/20 21:47:39 | 000,003,168 | ---- | C] () -- C:\{81BB429E-31E4-4A02-8F6F-EB1566E8A237}
[2012/08/20 21:15:51 | 000,003,168 | ---- | C] () -- C:\{B3FE7E9C-5EAE-4CC3-98EA-43B23AA64D8A}
[2012/08/19 12:58:05 | 000,003,192 | ---- | C] () -- C:\{9334061B-8657-4959-9CA5-6B4AFDD6B6DB}
[2012/08/19 12:43:25 | 000,003,168 | ---- | C] () -- C:\{4B6A520C-53D3-4D1E-A555-1F13FFEE3249}
[2012/08/19 12:39:57 | 000,003,168 | ---- | C] () -- C:\{37750AEC-AA8B-4E99-85AF-18EF33B6793E}
[2012/08/19 12:14:18 | 000,003,168 | ---- | C] () -- C:\{ED1BCF3C-12BC-40B1-87A6-7B6226D930E8}
[2012/08/19 12:05:20 | 000,003,168 | ---- | C] () -- C:\{74F6E4F8-3357-4F52-BE21-C1B6585A8993}
[2012/08/19 11:25:10 | 000,003,192 | ---- | C] () -- C:\{8331D4A7-FA9A-449A-993B-8A54174B53B2}
[2012/08/18 20:28:55 | 000,003,192 | ---- | C] () -- C:\{B41BCE8B-8327-4027-9D00-19FE4A000E0D}
[2012/08/18 20:25:19 | 000,003,168 | ---- | C] () -- C:\{6A48205F-D6FA-4B2F-85A7-3A1E4F49AD87}
[2012/08/18 20:15:38 | 000,003,168 | ---- | C] () -- C:\{870E820D-4737-485E-8C20-3363AA2968CB}
[2012/08/14 14:38:56 | 000,003,168 | ---- | C] () -- C:\{5F43D11C-968B-4FC2-8033-853DDA105279}
[2012/08/14 14:28:26 | 000,003,168 | ---- | C] () -- C:\{7EAA41B2-BAFC-48FF-9DD1-835736ACB458}
[2012/08/14 14:25:35 | 000,003,168 | ---- | C] () -- C:\{3BBB27CF-EF53-4C93-A8B0-4DA74AB93423}
[2012/08/14 13:03:08 | 000,003,168 | ---- | C] () -- C:\{97476F37-2466-4CA9-8208-C1E1C41AF0EF}
[2012/08/14 12:58:07 | 000,003,192 | ---- | C] () -- C:\{94C3A42A-1F86-418B-AD0A-007DCBBA01C6}
[2012/08/14 12:57:00 | 000,003,168 | ---- | C] () -- C:\{914EB9D7-E303-4BAF-8A78-4B7F10F20CEE}
[2012/08/14 12:55:29 | 000,003,168 | ---- | C] () -- C:\{1E12AFF7-C1B1-48DB-A7F9-8AF399D10CEE}
[2012/08/14 11:57:03 | 000,003,168 | ---- | C] () -- C:\{6683579B-4F07-4D42-8E1F-F2434F58F006}
[2012/08/14 11:55:35 | 000,003,168 | ---- | C] () -- C:\{0284EB07-E85C-426F-849B-2440CFF00573}
[2012/08/08 17:07:59 | 000,000,000 | ---- | C] () -- C:\Users\Matt Goodwin\Documents\Nuance Image Printer Writer Port
[2012/08/01 20:16:30 | 000,006,212 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/07/18 23:22:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\Standard
[2012/07/18 23:22:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\Soundtrack
[2012/07/15 22:43:02 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2012/07/15 22:43:02 | 000,000,000 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Roaming\Standard Tool
[2012/07/15 22:24:56 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/07/15 22:23:45 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/07/15 22:23:45 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/07/15 22:23:45 | 000,000,000 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Roaming\SupportPrinters
[2012/07/15 22:23:45 | 000,000,000 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Roaming\Strings
[2012/06/05 14:04:48 | 000,021,120 | ---- | C] () -- C:\windows\SysWow64\drivers\AQFileRestore.sys
[2012/03/05 12:04:04 | 000,154,332 | ---- | C] () -- C:\windows\hppins08.dat
[2012/03/05 12:04:04 | 000,001,116 | ---- | C] () -- C:\windows\hppmdl08.dat
[2012/03/05 11:23:08 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2012/03/05 11:22:55 | 000,316,928 | ---- | C] () -- C:\windows\SysWow64\hpcc3118.dll
[2012/01/11 09:40:58 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\@
[2012/01/11 09:40:58 | 000,002,048 | -HS- | C] () -- C:\Users\Matt Goodwin\AppData\Local\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\@
[2012/01/09 18:00:31 | 000,000,376 | ---- | C] () -- C:\windows\AAA9de.ini
[2011/05/18 17:42:28 | 000,001,940 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/13 19:06:30 | 000,000,036 | -H-- | C] () -- C:\windows\SysWow64\f9t.dat
[2010/10/30 14:07:21 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2010/10/30 14:00:41 | 000,000,019 | ---- | C] () -- C:\windows\popcinfo.dat
[2010/04/04 23:03:37 | 000,004,284 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Roaming\wklnhst.dat
[2010/02/26 00:47:03 | 000,000,824 | ---- | C] () -- C:\Users\Matt Goodwin\hosts
[2010/01/03 16:35:24 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/01 21:27:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/01 21:01:05 | 008,126,464 | -HS- | C] () -- C:\Users\Matt Goodwin\NTUSER.BK1
[2010/01/01 21:01:05 | 006,299,648 | ---- | C] () -- C:\Users\Matt Goodwin\NTUSER.BAK
========== LOP Check ==========
[2012/05/12 10:03:13 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\.minecraft
[2012/08/08 09:22:49 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\.oit
[2012/08/01 22:42:29 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Avanquest
[2010/10/03 14:39:18 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Catalina Marketing Corp
[2010/01/21 09:48:50 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2012/08/12 21:47:17 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\DefaultTab
[2012/08/22 13:41:17 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\DriverCure
[2010/02/22 18:32:18 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\E-centives
[2012/07/15 22:48:19 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Nikon
[2010/01/05 10:37:04 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Nuance
[2010/04/12 21:42:24 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\OverDrive
[2010/01/23 14:14:19 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Snood
[2012/08/22 13:41:13 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\SpeedyPC Software
[2011/01/13 19:08:07 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Stamps.com Internet Postage
[2010/10/08 23:34:49 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Teleca
[2010/04/04 23:03:39 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Template
[2011/03/02 00:04:25 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Tific
[2010/01/06 10:09:34 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\TOSHIBA
[2010/05/23 13:14:46 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Ulead Systems
[2010/01/01 21:01:38 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\WinBatch
[2010/12/03 16:11:47 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Windows Live Writer
[2010/01/03 16:33:53 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Zeon
[2012/06/06 15:27:13 | 000,032,550 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
OTL logfile created on: 9/5/2012 3:38:05 PM - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Matt Goodwin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.87 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 39.15% Memory free
4.37 Gb Paging File | 1.43 Gb Available in Paging File | 32.68% Paging File free
Paging file location(s): c:\pagefile.sys 256 512
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.62 Gb Total Space | 4.45 Gb Free Space | 0.98% Space Free | Partition Type: NTFS
Computer Name: MATTGOODWIN-PC | User Name: Matt Goodwin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/05 15:36:06 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Matt Goodwin\Desktop\OTL.exe
PRC - [2012/08/15 09:48:42 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/05 18:50:30 | 000,295,304 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2012/07/05 18:41:08 | 007,392,136 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/06/08 11:32:44 | 000,531,928 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe
PRC - [2012/06/08 11:32:44 | 000,310,008 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe
PRC - [2012/06/08 11:32:44 | 000,211,104 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\MXTask2.exe
PRC - [2012/06/05 13:16:40 | 000,080,816 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe
PRC - [2012/05/04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/03/02 16:48:30 | 000,494,192 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/11/13 07:53:42 | 002,996,592 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
PRC - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
PRC - [2011/11/13 07:53:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
PRC - [2011/11/13 07:53:28 | 001,687,408 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
PRC - [2011/11/07 15:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
PRC - [2011/11/07 15:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010/11/20 08:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/03/03 10:41:40 | 000,053,248 | ---- | M] (HP) -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2009/12/02 15:51:12 | 000,136,192 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2009/09/22 14:30:42 | 000,632,096 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfPro5Hook.exe
PRC - [2009/09/10 00:53:10 | 000,027,736 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2009/09/10 00:42:44 | 000,142,424 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2009/08/11 15:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/07/29 00:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 23:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/13 19:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/08/31 09:59:28 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
========== Modules (No Company Name) ==========
MOD - [2012/08/02 18:09:26 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/08/02 18:08:09 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012/08/02 18:08:06 | 001,806,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
MOD - [2012/08/02 18:08:05 | 000,310,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2012/08/02 18:08:03 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/08/02 18:07:34 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/08/02 18:07:24 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/08/02 01:45:29 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/08/02 01:45:17 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/08/02 01:45:08 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/08/02 01:44:48 | 001,016,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ca1ff0fd5eade2211db56512252c0365\System.Configuration.ni.dll
MOD - [2012/08/02 01:44:45 | 005,767,680 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\6305ef37f34d6758947b5156121aa401\System.Xml.ni.dll
MOD - [2012/03/05 12:08:06 | 000,010,752 | ---- | M] () -- C:\windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll
MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/03/03 10:41:06 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPFaxUtilities.dll
MOD - [2010/03/03 10:41:04 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\Alerts.dll
MOD - [2010/03/03 10:40:50 | 000,516,096 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPAppTools.dll
MOD - [2010/03/03 10:40:48 | 000,840,192 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\PLSDMXMLObjects.dll
MOD - [2010/03/03 10:40:46 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\AppConstants.dll
MOD - [2010/03/03 10:40:44 | 000,130,560 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\DMBaseObjects.dll
MOD - [2010/03/03 10:40:44 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPToolkit.dll
MOD - [2010/03/03 10:40:42 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTools.dll
MOD - [2009/10/15 08:25:30 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\NativeUtils.dll
MOD - [2007/08/31 09:59:28 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPUsageTracking.dll
MOD - [2007/08/31 09:59:28 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
MOD - [2007/08/31 09:59:26 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPToolkit.dll
MOD - [2007/08/31 09:59:26 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\Enumeration.dll
MOD - [2007/08/31 09:59:10 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPTools.dll
MOD - [2007/08/31 09:59:04 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPStreamsInterface.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/03/02 16:52:08 | 001,125,488 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe -- (wsnm_usbctrl)
SRV:64bit: - [2012/03/02 16:48:30 | 000,494,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV:64bit: - [2009/09/17 16:41:36 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/08/11 20:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/05 18:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 15:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/08 13:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2012/08/15 10:48:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/05 18:41:08 | 007,392,136 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/06/08 11:32:44 | 000,531,928 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe -- (Fix-It Task Manager)
SRV - [2012/06/08 11:32:44 | 000,310,008 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe -- (.AVQWindowsMonitorService)
SRV - [2012/06/05 13:16:40 | 000,080,816 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe -- (AQFileRestoreSrv)
SRV - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/11/07 15:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/11/07 15:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/02 15:51:12 | 000,136,192 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/09/10 00:42:44 | 000,142,424 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009/08/10 23:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 23:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/07/26 01:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/02 16:52:08 | 000,048,240 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmwvusb.sys -- (vmwvusb)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/21 09:16:31 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/15 21:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/01/20 15:18:26 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV:64bit: - [2009/11/10 10:27:06 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2009/10/26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/02 13:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/27 12:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/07 09:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 23:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/28 22:24:12 | 000,081,408 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/24 19:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 21:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/10 10:45:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/07/04 23:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 12:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/06/29 20:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 14:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 21:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/07/16 17:29:33 | 000,023,064 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hpfx64fax.sys -- (HPFXFAX)
DRV:64bit: - [2007/07/16 17:29:23 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPFXBULK)
DRV:64bit: - [2007/01/18 16:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2012/08/31 20:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120901.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/22 09:12:27 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120905.002\ex64.sys -- (NAVEX15)
DRV - [2012/08/22 09:12:27 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/22 09:12:27 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120905.002\eng64.sys -- (NAVENG)
DRV - [2012/08/09 08:54:10 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/06/18 20:01:14 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120823.007\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E113DADB-2393-4213-91BA-105D4072AA4E}
IE:64bit: - HKLM\..\SearchScopes\{E113DADB-2393-4213-91BA-105D4072AA4E}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{576E30E7-120E-47A7-80FD-42325F4B5513}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2260173
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\..\URLSearchHook: {3bbd3c14-4c16-4989-8366-95bc9179779d} - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar....ale.underscore}
IE - HKCU\..\SearchScopes\{29311076-292B-4DB7-B34B-C01604B408CB}: "URL" = http://search.condui...&ctid=CT3201318
IE - HKCU\..\SearchScopes\{576E30E7-120E-47A7-80FD-42325F4B5513}: "URL" = http://www.google.co...&rlz=1I7TSNA_en
IE - HKCU\..\SearchScopes\{7351FD46-C273-4897-B664-A661BCE51A5E}: "URL" = http://search.freeca...p={searchTerms}
IE - HKCU\..\SearchScopes\{7545FDB5-E450-47EA-A7E0-AB1C5C1365AE}: "URL" = http://swagbucks.com...q={searchTerms}
IE - HKCU\..\SearchScopes\{A4C9B0F2-3EF3-4F88-A97A-4121A423F183}: "URL" = http://search.yahoo....33,17118,0,18,0
IE - HKCU\..\SearchScopes\{C570F98B-2728-4D63-A268-8C1F4E199788}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Matt Goodwin\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Matt Goodwin\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 17:26:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_12_1 [2012/09/04 11:05:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Matt Goodwin\AppData\Roaming\Move Networks [2010/05/24 13:48:45 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Matt Goodwin\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Matt Goodwin\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_1\
CHR - Extension: Angry Birds = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: 3D Baseball II = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlogndjagpkddpfdjehblbmkmkbpdnhh\1.0_0\
CHR - Extension: JDoodle Jump = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegnpclfpgemhfmgfobelglidonaopc\1.4_1\
CHR - Extension: Space Invaders = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkolofikfmgppihdahfkbgpdgkocapbp\1.4_0\
CHR - Extension: Poppit = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_1\
Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3BBD3C14-4C16-4989-8366-95BC9179779D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP LaserJet M1522 MFP Series Fax] C:\Program Files (x86)\HP\hp LaserJet M1522\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDFViewerPlus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" File not found
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...x-w32-2.0.2.cab (AlternaTIFF ActiveX)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (Reg Error: Key error.)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse...se/ghplayer.cab (GameHouse Games Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27ACFC9C-112C-4294-9376-BAD7D87427B2}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (wsauth) - C:\windows\SysNative\wsauth.dll (VMware, Inc.)
O30 - LSA: Security Packages - (wsauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/05 15:35:59 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Matt Goodwin\Desktop\OTL.exe
[2012/09/05 08:58:44 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 09-05-2012
[2012/09/04 10:10:07 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 09-04-2012
[2012/09/03 16:13:33 | 000,000,000 | ---D | C] -- C:\Firefox
[2012/09/03 16:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/09/03 16:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012/09/03 16:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/03 16:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/08/30 21:40:46 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-31-2012
[2012/08/30 10:59:55 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-30-2012
[2012/08/29 10:42:14 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-29-2012
[2012/08/28 10:21:53 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-28-2012
[2012/08/27 10:11:48 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-27-2012
[2012/08/24 11:04:44 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-24-2012
[2012/08/23 23:11:25 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/23 22:45:30 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/08/23 21:35:00 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/08/23 16:51:16 | 000,048,240 | ---- | C] (VMware, Inc.) -- C:\windows\SysNative\drivers\vmwvusb.sys
[2012/08/23 16:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2012/08/23 16:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2012/08/23 16:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
[2012/08/23 16:34:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/08/23 10:52:42 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-23-2012
[2012/08/22 13:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/22 13:41:17 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Roaming\DriverCure
[2012/08/22 13:41:13 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Roaming\SpeedyPC Software
[2012/08/22 13:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/08/22 13:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/22 10:35:36 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-22-2012
[2012/08/21 10:38:09 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-21-2012
[2012/08/20 10:56:16 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-20-2012
[2012/08/16 22:51:56 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-17-2012
[2012/08/16 09:47:39 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-16-2012
[2012/08/15 10:31:21 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
[2012/08/15 09:58:03 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-15-2012
[2012/08/14 15:07:44 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Local\NPE
[2012/08/14 11:07:17 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\FixZeroAccess.sys
[2012/08/14 10:03:28 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-14-2012
[2012/08/13 09:49:55 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-13-2012
[2012/08/12 21:48:53 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Local\visi_coupon
[2012/08/12 21:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2012/08/12 21:47:28 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\AI_RecycleBin
[2012/08/12 21:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/12 21:47:17 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Roaming\DefaultTab
[2012/08/12 21:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/08/12 21:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/08/10 14:27:11 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\My Scans
[7 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/09/05 15:36:06 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Matt Goodwin\Desktop\OTL.exe
[2012/09/05 14:59:06 | 000,000,000 | ---- | M] () -- C:\Users\Matt Goodwin\Documents\Nuance Image Printer Writer Port
[2012/09/05 14:48:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/05 14:06:13 | 000,732,477 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\211263.pdf
[2012/09/05 13:58:39 | 000,003,192 | ---- | M] () -- C:\{B5FA2FC5-682E-49AC-A9C3-1AB704E86A75}
[2012/09/05 10:10:49 | 000,003,168 | ---- | M] () -- C:\{88DC289C-1C9D-460E-8EDF-AF8D9299EDF9}
[2012/09/05 10:08:51 | 000,003,192 | ---- | M] () -- C:\{426B2890-CEB9-4AC5-93F3-EE7A28599302}
[2012/09/05 08:58:44 | 000,001,466 | -H-- | M] () -- C:\Users\Matt Goodwin\Documents\PP11Thumbs.ptn2
[2012/09/05 08:38:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/04 21:22:39 | 002,462,652 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/04 21:22:39 | 000,749,042 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/04 21:22:39 | 000,006,184 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/04 20:22:08 | 000,003,192 | ---- | M] () -- C:\{E112FD48-CED0-4D0C-9584-FBDC49C593E2}
[2012/09/04 15:06:33 | 000,003,192 | ---- | M] () -- C:\{64F3BD50-87EC-44EB-8BEF-B97D910168B6}
[2012/09/04 13:46:19 | 000,003,192 | ---- | M] () -- C:\{388FFD71-34A4-4DB8-BCC5-75492A71FECE}
[2012/09/04 13:13:27 | 000,003,168 | ---- | M] () -- C:\{0611CB42-BF1E-4090-A2BC-C3B79E66992A}
[2012/09/04 13:07:58 | 000,003,192 | ---- | M] () -- C:\{1AEA1DB9-A387-4D2D-8FAC-A0F8B4E50159}
[2012/09/04 12:55:10 | 000,003,192 | ---- | M] () -- C:\{435B21CD-EC98-40A6-92B0-EF2C3712B64B}
[2012/09/04 11:13:49 | 000,015,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/04 11:13:49 | 000,015,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/04 11:12:43 | 000,003,168 | ---- | M] () -- C:\{D5D548BA-E666-4CA1-A0D2-52CF45651A45}
[2012/09/04 11:02:53 | 3117,404,160 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/04 09:34:41 | 000,003,168 | ---- | M] () -- C:\{7799089E-E0B0-4429-9712-174BBCD61807}
[2012/09/03 15:51:13 | 000,003,168 | ---- | M] () -- C:\{1D2D849C-8EEB-482E-9953-F82581B13087}
[2012/08/30 15:32:01 | 000,003,168 | ---- | M] () -- C:\{93936D02-423B-4DAB-BC17-92A623552F3F}
[2012/08/30 13:17:02 | 000,003,168 | ---- | M] () -- C:\{31938262-EDFC-4ACE-AE35-6E632FB6236E}
[2012/08/30 13:07:43 | 000,003,168 | ---- | M] () -- C:\{76007194-A200-4AB9-AA21-2ECF29EEE6D4}
[2012/08/30 12:27:32 | 000,003,168 | ---- | M] () -- C:\{A5CA7C0F-9931-4115-9AEB-D88291E4125C}
[2012/08/30 10:55:19 | 000,003,168 | ---- | M] () -- C:\{345A6389-813B-4E25-A576-277D8C79AA9B}
[2012/08/30 10:53:35 | 000,003,192 | ---- | M] () -- C:\{BE03BC01-8873-41C8-900E-042464089E7F}
[2012/08/30 10:42:16 | 000,003,168 | ---- | M] () -- C:\{76B2AC76-E2A5-410A-BA81-0A11F2AE7042}
[2012/08/30 10:00:31 | 000,003,168 | ---- | M] () -- C:\{370C0DA4-BDE0-4694-BA49-3CA80E593737}
[2012/08/30 09:41:31 | 000,003,152 | ---- | M] () -- C:\{DB8E9FBC-AEA6-4143-ABED-A9E82C8275C0}
[2012/08/30 09:34:31 | 000,003,128 | ---- | M] () -- C:\{0B59A272-95DB-46F7-AF45-5DA35C51A8D4}
[2012/08/30 09:21:54 | 000,003,128 | ---- | M] () -- C:\{736B3B72-F853-4C7B-98F6-675516E28701}
[2012/08/30 08:30:25 | 000,003,128 | ---- | M] () -- C:\{02B0C4A6-F264-4142-8412-971E9285522A}
[2012/08/29 22:46:26 | 000,003,152 | ---- | M] () -- C:\{83A3C42D-5BA5-45D9-A7CF-A3BDA0062B4A}
[2012/08/29 22:32:39 | 000,003,128 | ---- | M] () -- C:\{310320F5-8E4E-4BAB-9761-AEB335A4377D}
[2012/08/29 22:17:09 | 000,003,128 | ---- | M] () -- C:\{5D9C7A1B-28CF-44EB-A362-D5689EB30C6A}
[2012/08/29 21:45:27 | 000,003,128 | ---- | M] () -- C:\{C87F3131-21BE-4CE3-993A-3215B9931ECF}
[2012/08/29 20:52:56 | 000,003,128 | ---- | M] () -- C:\{69951E90-408D-4B9C-ACA6-22D5FAE3FA3F}
[2012/08/29 18:30:22 | 000,003,128 | ---- | M] () -- C:\{F32460BE-E85B-4970-A4AC-D5EF451641A4}
[2012/08/29 18:27:07 | 000,003,128 | ---- | M] () -- C:\{89BEA620-732B-445F-8EB4-F21EE6910B96}
[2012/08/29 18:12:46 | 000,003,152 | ---- | M] () -- C:\{4F25CED8-9DB0-40A8-A1B2-395712CE4696}
[2012/08/29 17:17:57 | 000,003,152 | ---- | M] () -- C:\{1C448458-BA17-47ED-9729-2DDAA3B857F4}
[2012/08/29 17:15:11 | 000,003,128 | ---- | M] () -- C:\{38639907-009A-49AE-90A0-9D3497AC1EBA}
[2012/08/29 17:12:40 | 000,003,128 | ---- | M] () -- C:\{97A1072A-670B-4A7B-A3EF-D70320278FC9}
[2012/08/29 17:00:34 | 000,003,128 | ---- | M] () -- C:\{1CB26035-99AF-40FF-9D06-8EA2DDF2A5E8}
[2012/08/29 16:45:30 | 000,003,128 | ---- | M] () -- C:\{420C844B-F5F4-4889-83B2-46A66229C251}
[2012/08/29 14:09:26 | 000,003,128 | ---- | M] () -- C:\{C777B7B6-A64E-4B9B-9146-101458A4E4AB}
[2012/08/29 14:03:37 | 000,003,128 | ---- | M] () -- C:\{354F6235-80AD-48A7-B6D4-4C15643080C2}
[2012/08/29 13:39:47 | 000,003,128 | ---- | M] () -- C:\{5C553A34-1088-464B-8EB9-3D97A2A294E7}
[2012/08/29 13:34:34 | 000,003,128 | ---- | M] () -- C:\{57DE245F-655C-4571-95BF-2ED2761617F6}
[2012/08/29 13:19:21 | 000,002,240 | ---- | M] () -- C:\{58C725D2-43AA-49DB-8210-07FB1C940070}
[2012/08/29 13:05:55 | 000,002,240 | ---- | M] () -- C:\{B87C7F89-69F8-46E0-AAFC-1C7D80BF72A1}
[2012/08/29 12:48:55 | 000,003,128 | ---- | M] () -- C:\{B3E49D9F-C434-441C-BC3E-297085C1C81A}
[2012/08/29 08:51:41 | 000,003,128 | ---- | M] () -- C:\{854BE175-B0BA-4705-B64A-8B1F6B06A2E5}
[2012/08/29 08:49:01 | 000,003,128 | ---- | M] () -- C:\{99AFBCB0-38D5-4298-B121-91A3A338A1D4}
[2012/08/28 21:50:00 | 000,003,128 | ---- | M] () -- C:\{72DC70B9-5EF5-486B-94A7-0A2A1EF414E7}
[2012/08/28 09:36:46 | 000,154,332 | ---- | M] () -- C:\windows\hppins08.dat
[2012/08/28 09:36:43 | 000,000,733 | ---- | M] () -- C:\windows\hpbvspst.his
[2012/08/28 09:36:43 | 000,000,392 | ---- | M] () -- C:\windows\hpbvspst.ini
[2012/08/28 09:36:28 | 000,000,524 | ---- | M] () -- C:\windows\hpbvspst.hi1
[2012/08/28 09:36:28 | 000,000,316 | ---- | M] () -- C:\windows\hpbvspst.bu1
[2012/08/27 23:27:56 | 000,003,168 | ---- | M] () -- C:\{16155F60-CFE3-4366-B41F-BA3DC2D57B8B}
[2012/08/27 21:59:32 | 000,003,168 | ---- | M] () -- C:\{A4E99CD0-7A90-4480-AF40-F225BA00275E}
[2012/08/27 17:01:49 | 000,154,332 | ---- | M] () -- C:\windows\hppins08.dat.temp
[2012/08/27 17:01:46 | 000,000,733 | ---- | M] () -- C:\windows\hpbvspst.hi2
[2012/08/27 17:01:46 | 000,000,392 | ---- | M] () -- C:\windows\hpbvspst.bu2
[2012/08/27 07:34:50 | 000,003,168 | ---- | M] () -- C:\{4E10D4BD-7B04-48AC-8C14-5E6D25E2E0CC}
[2012/08/27 07:17:24 | 000,003,192 | ---- | M] () -- C:\{4CD07928-9D7F-4A93-8509-70FF9E9B5E16}
[2012/08/27 06:52:30 | 000,003,168 | ---- | M] () -- C:\{E7FD9D52-890D-4186-8F9C-1BB7B8B53815}
[2012/08/27 06:26:54 | 000,003,168 | ---- | M] () -- C:\{2ECC07C2-2376-453D-A024-3482934EEE94}
[2012/08/27 06:16:02 | 000,003,168 | ---- | M] () -- C:\{44E2112D-4926-4A22-ACC2-91F492C117C4}
[2012/08/27 06:13:14 | 000,003,192 | ---- | M] () -- C:\{552180D7-079B-470E-B925-C16E62055820}
[2012/08/27 05:58:43 | 000,003,192 | ---- | M] () -- C:\{54417B5D-1574-4975-B838-5A85BC35C44E}
[2012/08/27 05:54:55 | 000,003,168 | ---- | M] () -- C:\{59261EB2-D702-4F51-92A3-5AFCA98A6A3F}
[2012/08/27 05:31:13 | 000,003,192 | ---- | M] () -- C:\{3D46AAFC-420C-4157-941C-A9FDEC9C685E}
[2012/08/27 05:29:55 | 000,003,192 | ---- | M] () -- C:\{9FA1BCC7-7C64-4EBF-98AC-737AE7467DC9}
[2012/08/27 05:28:23 | 000,003,168 | ---- | M] () -- C:\{38EF06F8-DB97-4651-8E21-43E1368302E9}
[2012/08/27 05:20:41 | 000,003,192 | ---- | M] () -- C:\{31872568-8051-4EC4-9549-79B36D42ED72}
[2012/08/27 05:13:04 | 000,003,168 | ---- | M] () -- C:\{D264F097-922E-4D58-8A1A-E95526747BD8}
[2012/08/27 05:12:01 | 000,003,192 | ---- | M] () -- C:\{797B1DE8-5F2E-4501-9907-85C5E013420D}
[2012/08/27 05:10:58 | 000,003,168 | ---- | M] () -- C:\{790FB7C3-1CE7-42FF-AADD-63D6F6379AA6}
[2012/08/27 04:55:45 | 000,003,192 | ---- | M] () -- C:\{B9D7868D-FF08-42E6-809F-19F1E8E4A194}
[2012/08/27 04:40:44 | 000,003,168 | ---- | M] () -- C:\{3B2E1758-C42A-4DC6-A2D9-FC62CE2E1FC4}
[2012/08/27 04:27:11 | 000,003,192 | ---- | M] () -- C:\{9E016C95-8B89-4ECB-AA22-07261880BAFE}
[2012/08/27 04:11:33 | 000,003,168 | ---- | M] () -- C:\{7E5E009B-A596-45F6-91D1-C26EC30EF060}
[2012/08/27 03:58:56 | 000,003,192 | ---- | M] () -- C:\{8F9169D2-481E-4913-8E3E-117400ADF2AB}
[2012/08/27 03:43:34 | 000,003,168 | ---- | M] () -- C:\{18745425-3D5E-4CFC-A87F-72EDD710153C}
[2012/08/27 03:27:57 | 000,003,192 | ---- | M] () -- C:\{BD3D45C5-8BF7-4198-B845-A70B9CC0B163}
[2012/08/27 03:14:12 | 000,003,168 | ---- | M] () -- C:\{E4E2262B-492B-4C90-9514-EB9FF3AD4C57}
[2012/08/27 03:02:24 | 000,003,192 | ---- | M] () -- C:\{7F1DA728-5FF8-4CF0-942A-97B1AC4E8BD4}
[2012/08/27 02:54:44 | 000,003,168 | ---- | M] () -- C:\{22BF0279-E4FE-4B17-8417-D7768C8926D2}
[2012/08/27 02:42:29 | 000,002,360 | ---- | M] () -- C:\{51D68F4E-39A6-47C4-8BE4-434109A4F3F5}
[2012/08/27 02:37:59 | 000,002,256 | ---- | M] () -- C:\{85E7252F-AEE1-4889-AE03-2438BC724C94}
[2012/08/27 02:31:32 | 000,003,192 | ---- | M] () -- C:\{A1D87CF4-367A-4168-9389-F4AE1F663DD8}
[2012/08/27 02:25:08 | 000,003,168 | ---- | M] () -- C:\{007F42BC-BDD9-4CD0-8DA8-25732A07FFE3}
[2012/08/27 02:18:37 | 000,003,192 | ---- | M] () -- C:\{35D4D92D-61FC-4DE8-A2E9-6FB58000A91E}
[2012/08/27 02:11:55 | 000,003,168 | ---- | M] () -- C:\{09C6F392-9DFB-41F9-A7C2-A6E3614342AF}
[2012/08/27 02:04:09 | 000,003,192 | ---- | M] () -- C:\{E939DFD1-04B7-44EA-921A-F8634EA93F12}
[2012/08/27 02:00:27 | 000,003,168 | ---- | M] () -- C:\{AA7CE832-1273-488E-8704-0A10270793A6}
[2012/08/27 01:56:39 | 000,003,192 | ---- | M] () -- C:\{D7F31B1C-AE9F-4BBA-9F99-4DD2CEC30F55}
[2012/08/27 01:51:44 | 000,003,168 | ---- | M] () -- C:\{1B9FFD69-3BDC-4AAB-922F-9F190C0D0819}
[2012/08/27 01:43:28 | 000,002,424 | ---- | M] () -- C:\{06E94532-6D8D-4F1F-A834-94FEA44CFF4A}
[2012/08/27 01:38:23 | 000,002,856 | ---- | M] () -- C:\{0BE7830D-7895-4F8E-9013-6DCEBEBC7FB6}
[2012/08/27 01:29:32 | 000,003,192 | ---- | M] () -- C:\{61FB13D2-7940-4EF6-81ED-3391BC7BDDB8}
[2012/08/27 01:23:13 | 000,003,168 | ---- | M] () -- C:\{02A88FF2-2827-476D-A88E-474ACA1FC57F}
[2012/08/27 01:16:30 | 000,003,192 | ---- | M] () -- C:\{DAE744A3-3450-434C-BF1F-BBB1E75AEB97}
[2012/08/27 01:09:58 | 000,003,168 | ---- | M] () -- C:\{B2424844-1023-40A3-A610-1B20E331C877}
[2012/08/27 01:03:18 | 000,003,192 | ---- | M] () -- C:\{2D38A9B7-4C7A-4C7B-A97C-9F1A9D9CC54F}
[2012/08/27 00:56:11 | 000,003,168 | ---- | M] () -- C:\{32A37D5E-7E65-42DF-9787-CEA4154BFDBF}
[2012/08/27 00:49:40 | 000,003,192 | ---- | M] () -- C:\{3EBC872C-E6F7-4DE5-86DB-F9603E80443E}
[2012/08/27 00:43:02 | 000,003,168 | ---- | M] () -- C:\{663525C9-77A0-4FC2-BB3D-8C1FA26FDFD7}
[2012/08/27 00:36:11 | 000,003,192 | ---- | M] () -- C:\{7203AB3B-22C2-4535-96B1-6A0B7EA95F21}
[2012/08/27 00:29:26 | 000,003,168 | ---- | M] () -- C:\{0F348110-A2AA-4751-B4FC-4ED368625A8D}
[2012/08/27 00:22:44 | 000,003,192 | ---- | M] () -- C:\{E8FE0B1A-5490-4A9B-A993-180DBB473604}
[2012/08/27 00:16:08 | 000,003,168 | ---- | M] () -- C:\{4871B192-0475-4C77-A79B-B369005BCDE2}
[2012/08/27 00:09:22 | 000,003,192 | ---- | M] () -- C:\{44F642B2-A475-411F-92B8-7BAA68868F29}
[2012/08/27 00:02:53 | 000,003,168 | ---- | M] () -- C:\{E5EBBBA1-3C9A-4026-B072-AC8BCE3B515A}
[2012/08/26 23:56:37 | 000,003,168 | ---- | M] () -- C:\{A6BF8615-A99D-4ABF-AFA0-5F2ED58FDFD1}
[2012/08/26 23:49:49 | 000,003,192 | ---- | M] () -- C:\{13897D9B-8BF9-4C63-A49B-FA2507254154}
[2012/08/26 23:42:49 | 000,003,192 | ---- | M] () -- C:\{54C3433A-6975-49A7-B15D-4656AEC94308}
[2012/08/26 23:35:48 | 000,003,168 | ---- | M] () -- C:\{772B44D7-714D-4FD7-AE86-495986A00A2D}
[2012/08/26 23:27:41 | 000,003,192 | ---- | M] () -- C:\{4ED516C9-0012-44CB-B436-AC888FC23194}
[2012/08/26 23:21:07 | 000,003,168 | ---- | M] () -- C:\{59261146-4BF1-495C-A5EE-9A120693FD57}
[2012/08/26 23:14:29 | 000,003,168 | ---- | M] () -- C:\{3786DFB1-7BD6-4C45-88A1-9774B8F7819E}
[2012/08/26 23:08:01 | 000,003,192 | ---- | M] () -- C:\{16B81A89-5599-43B9-8E86-BCA917514A8E}
[2012/08/26 23:01:04 | 000,003,192 | ---- | M] () -- C:\{CAD94E47-E3B5-4B3E-95C3-19AF5A8CFA15}
[2012/08/26 22:54:37 | 000,003,168 | ---- | M] () -- C:\{8C26E315-CC85-457F-8335-D00D2DCFC42A}
[2012/08/26 22:47:54 | 000,003,192 | ---- | M] () -- C:\{ACDE1898-21CF-4981-90DB-07ECEA89624B}
[2012/08/26 22:41:20 | 000,003,168 | ---- | M] () -- C:\{94D683BB-5C78-42A1-A5FF-8D0EB6C9446F}
[2012/08/26 22:34:37 | 000,003,168 | ---- | M] () -- C:\{D532E393-D7FE-417D-9823-900DD64E70AA}
[2012/08/26 22:28:08 | 000,003,192 | ---- | M] () -- C:\{4E12E152-6A0D-4DBE-858A-439FDF1F04B0}
[2012/08/26 22:21:30 | 000,003,192 | ---- | M] () -- C:\{0672694C-2E3B-48CD-8E7C-8AA6D89098D7}
[2012/08/26 22:14:29 | 000,003,168 | ---- | M] () -- C:\{86FEF14E-9BB7-41AA-BAFD-7C27FD1CAAFB}
[2012/08/26 22:07:41 | 000,003,192 | ---- | M] () -- C:\{261CE2A9-3778-48EB-AC6B-40C46C91BAE0}
[2012/08/26 22:00:22 | 000,003,168 | ---- | M] () -- C:\{472BCEE4-02FA-4112-9CDA-FE41DDA63D41}
[2012/08/26 21:53:22 | 000,003,192 | ---- | M] () -- C:\{EC573A94-76B7-4370-810B-9184F395B960}
[2012/08/26 21:47:58 | 000,003,168 | ---- | M] () -- C:\{8AF87C00-6DB3-4ADE-8223-7C807D8235F0}
[2012/08/26 21:42:34 | 000,003,192 | ---- | M] () -- C:\{9B8D3CF4-96B2-42A1-BA9E-723F5AB1F36A}
[2012/08/26 21:36:19 | 000,003,168 | ---- | M] () -- C:\{937343FE-BDBE-4861-AF0D-4961C520FFDE}
[2012/08/26 21:30:22 | 000,003,192 | ---- | M] () -- C:\{988B1A48-675B-4892-B886-BF6DA6AFED62}
[2012/08/26 21:23:35 | 000,003,168 | ---- | M] () -- C:\{6DE38B91-9503-45CE-A11A-A6DF08836D0D}
[2012/08/26 21:19:22 | 000,003,168 | ---- | M] () -- C:\{F67C339E-9310-4845-A607-E4B4A3ECA116}
[2012/08/26 21:11:27 | 000,003,192 | ---- | M] () -- C:\{FB0C94E5-21F0-408B-98A1-A429A1504334}
[2012/08/26 21:05:10 | 000,003,192 | ---- | M] () -- C:\{93289DDB-CD97-419F-904B-3E8A88E2FBF7}
[2012/08/26 21:00:23 | 000,003,168 | ---- | M] () -- C:\{1A975C1E-0987-4E70-ACE9-BE0AEC32124D}
[2012/08/26 20:56:55 | 000,003,192 | ---- | M] () -- C:\{79390CA4-2F04-4D2D-95E3-5281B3D6BE5D}
[2012/08/26 20:50:33 | 000,003,168 | ---- | M] () -- C:\{79068B1D-655E-46A6-942C-067D2A9E3DFF}
[2012/08/26 20:44:22 | 000,003,192 | ---- | M] () -- C:\{B35FA9B7-A64B-4221-8799-69250DA69FD7}
[2012/08/26 20:38:05 | 000,003,168 | ---- | M] () -- C:\{BCC40A1C-50B4-4C43-AAEB-5EB1111D8270}
[2012/08/26 20:32:33 | 000,003,192 | ---- | M] () -- C:\{26634504-1B0C-4C4E-A57E-822AEA6A5733}
[2012/08/26 20:26:09 | 000,003,168 | ---- | M] () -- C:\{29A3860B-6290-46FA-A32C-D9D1CA659550}
[2012/08/24 16:15:49 | 000,003,168 | ---- | M] () -- C:\{B0FEF934-D317-4415-A26E-8B50E1706084}
[2012/08/23 23:00:11 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\FixZeroAccess.sys
[2012/08/23 16:51:01 | 000,001,325 | ---- | M] () -- C:\Users\Public\Desktop\VMware View Client.lnk
[2012/08/22 20:49:57 | 000,003,192 | ---- | M] () -- C:\{1C69F3EB-5739-4094-B10B-DBD8C5F5FF04}
[2012/08/22 20:45:39 | 000,003,168 | ---- | M] () -- C:\{A8491215-D97C-4039-88F3-27BCE0FCFABA}
[2012/08/22 20:31:29 | 000,003,168 | ---- | M] () -- C:\{A00FDA31-71E0-4CA7-94C0-B44A093559B8}
[2012/08/22 20:03:45 | 000,003,168 | ---- | M] () -- C:\{1393051B-A571-4241-AC4E-9128FA954CB7}
[2012/08/22 20:02:19 | 000,003,168 | ---- | M] () -- C:\{A17B9DAE-9BB3-469E-A6F7-C8E7D1FB269D}
[2012/08/22 19:35:55 | 000,003,160 | ---- | M] () -- C:\{B5383519-1BC3-4B65-9129-835E8F855564}
[2012/08/22 19:04:27 | 000,003,128 | ---- | M] () -- C:\{9B485D98-9770-43AD-89CE-B90FA125A568}
[2012/08/22 18:25:37 | 000,003,168 | ---- | M] () -- C:\{7C86F62B-7B97-45B0-96DA-13EA5C99F24D}
[2012/08/22 18:17:46 | 000,003,168 | ---- | M] () -- C:\{827AB113-E3E9-48D9-B368-4341AABC51BE}
[2012/08/22 17:30:01 | 000,003,160 | ---- | M] () -- C:\{7E52FE86-80AF-4BC3-B63F-451B032040A9}
[2012/08/22 17:23:33 | 000,003,192 | ---- | M] () -- C:\{AD91554F-2373-4F27-A7A6-CF68D994FA96}
[2012/08/22 17:17:28 | 000,003,168 | ---- | M] () -- C:\{882DFF59-1A98-475C-BC36-6DE64BB86B10}
[2012/08/22 17:10:59 | 000,003,472 | ---- | M] () -- C:\{8F1EA7DB-17C2-4A57-A9B6-19935AFF95BA}
[2012/08/22 17:04:15 | 000,003,320 | ---- | M] () -- C:\{3F22011B-48B3-4970-A2F9-1C4A3D0FF3E0}
[2012/08/22 16:57:28 | 000,003,160 | ---- | M] () -- C:\{06602612-1253-413A-B68C-FA3DEA19FA71}
[2012/08/22 16:49:49 | 000,003,192 | ---- | M] () -- C:\{E4ADB819-5699-49FC-AE8D-8283DBE20EF1}
[2012/08/22 16:42:59 | 000,003,168 | ---- | M] () -- C:\{0B8DA6EC-CEA7-4488-8E4F-6378B173EF1A}
[2012/08/22 16:36:10 | 000,003,168 | ---- | M] () -- C:\{CEC5649A-E6BD-4030-8E41-CFD839F28B6E}
[2012/08/22 16:29:30 | 000,003,160 | ---- | M] () -- C:\{6DFAB4FC-63DA-484F-A62D-9DA1E0966AEC}
[2012/08/22 16:20:15 | 000,003,192 | ---- | M] () -- C:\{2706DD1E-7A0D-42F9-9ECF-1BD7D17B39D7}
[2012/08/22 16:08:36 | 000,003,168 | ---- | M] () -- C:\{B9B01496-A7BF-40DC-9357-181921400CD3}
[2012/08/22 15:57:47 | 000,003,168 | ---- | M] () -- C:\{A8B8C87A-A5AD-4495-8C98-39959EE60FCF}
[2012/08/22 15:51:15 | 000,003,160 | ---- | M] () -- C:\{3B89C180-07E4-4582-A151-17FE5048CC72}
[2012/08/22 15:44:56 | 000,003,192 | ---- | M] () -- C:\{9AFD7FF8-536D-4DCE-9604-1FC1DE758EFA}
[2012/08/22 15:38:13 | 000,003,168 | ---- | M] () -- C:\{E545CE53-6B5B-49F5-89C0-96CE54C05B02}
[2012/08/22 15:30:39 | 000,003,168 | ---- | M] () -- C:\{FDAECA24-A9B5-490A-8199-FBEBA537F95E}
[2012/08/22 15:23:46 | 000,003,160 | ---- | M] () -- C:\{413E0413-521D-4349-A0E2-AEAC2A57CAE4}
[2012/08/22 15:16:47 | 000,003,168 | ---- | M] () -- C:\{3F6C5E6C-3D55-451C-A62E-C6B22EA71ED8}
[2012/08/22 15:09:36 | 000,003,192 | ---- | M] () -- C:\{95A17765-B72D-44DA-9322-F050020641D7}
[2012/08/22 15:03:01 | 000,003,160 | ---- | M] () -- C:\{E28A78EE-B56C-48C6-8D8D-19E7A5A894F8}
[2012/08/22 14:55:16 | 000,003,168 | ---- | M] () -- C:\{1CBC0AA7-79AB-440C-A01E-06D794D01E7D}
[2012/08/22 14:48:13 | 000,003,192 | ---- | M] () -- C:\{C6CC8BA4-2F12-460D-AE1A-D14C32EB34A9}
[2012/08/22 14:41:51 | 000,003,168 | ---- | M] () -- C:\{0D27268C-EB15-4FA6-8042-FB437A459BF5}
[2012/08/22 14:33:51 | 000,003,168 | ---- | M] () -- C:\{BCCDAAEF-F439-4207-975E-EB7D3227DD0F}
[2012/08/22 14:26:31 | 000,003,160 | ---- | M] () -- C:\{27A34C47-4460-4763-962D-8AF2DCAC036B}
[2012/08/22 14:16:08 | 000,003,192 | ---- | M] () -- C:\{DDF000FE-6102-433D-A4BF-3050172F3254}
[2012/08/22 14:06:41 | 000,003,168 | ---- | M] () -- C:\{CC23A4FB-F944-4415-B878-E9EC79720501}
[2012/08/22 13:55:12 | 000,002,360 | ---- | M] () -- C:\{3B8F8721-CC1B-4151-88E2-667BD7B81F92}
[2012/08/22 13:38:48 | 000,002,256 | ---- | M] () -- C:\{46271224-84D4-4DFF-B784-9A33AB3E8CD7}
[2012/08/22 13:28:48 | 000,003,168 | ---- | M] () -- C:\{55F02BA1-06A7-4B0E-9963-797109B6558E}
[2012/08/22 13:18:47 | 000,003,160 | ---- | M] () -- C:\{ECABE8D8-A484-4A25-943E-6D02EEE3A1A4}
[2012/08/22 13:09:04 | 000,003,192 | ---- | M] () -- C:\{34D6C40C-B3C8-469A-9E8E-CA46609EF1E8}
[2012/08/22 13:00:16 | 000,003,168 | ---- | M] () -- C:\{404C2799-5F6F-4D9C-8654-08574844585A}
[2012/08/22 12:50:28 | 000,003,168 | ---- | M] () -- C:\{B1D7B7CD-6B6A-4F53-BFE1-558339111CE2}
[2012/08/22 12:39:37 | 000,003,160 | ---- | M] () -- C:\{173D4F36-8402-448D-B712-FBA87FEE2C01}
[2012/08/22 12:30:34 | 000,003,192 | ---- | M] () -- C:\{0560BFBA-178E-4B01-AB78-41A31B0C331B}
[2012/08/22 12:21:18 | 000,003,168 | ---- | M] () -- C:\{EE7885EB-B2E8-49FD-9243-BC1E91D0790C}
[2012/08/22 11:57:39 | 000,003,168 | ---- | M] () -- C:\{E1C5E2EF-3F31-4A00-ADA0-6E4FDB6CF74E}
[2012/08/22 11:16:31 | 000,003,192 | ---- | M] () -- C:\{93A4726C-B5CB-4E46-94EC-A58FA89157F4}
[2012/08/22 11:14:59 | 000,003,168 | ---- | M] () -- C:\{DA801D02-C985-49F3-874E-617038975132}
[2012/08/22 11:03:54 | 000,003,192 | ---- | M] () -- C:\{683545E1-C95F-4F1A-BE62-4AC57BE7BB07}
[2012/08/22 10:58:09 | 000,003,168 | ---- | M] () -- C:\{85F3975B-3814-40DF-84D2-D6D9117803E1}
[2012/08/20 22:08:41 | 000,003,160 | ---- | M] () -- C:\{92D61E61-717D-4330-AA8D-C196C999CAC8}
[2012/08/20 22:05:18 | 000,003,168 | ---- | M] () -- C:\{D4CAAB1C-6BEC-4789-8448-6381A0CE9F0F}
[2012/08/20 21:57:00 | 000,003,192 | ---- | M] () -- C:\{C5A9D8DE-AEA0-47CC-8224-B359C6D64BB3}
[2012/08/20 21:47:42 | 000,003,168 | ---- | M] () -- C:\{81BB429E-31E4-4A02-8F6F-EB1566E8A237}
[2012/08/20 21:15:52 | 000,003,168 | ---- | M] () -- C:\{B3FE7E9C-5EAE-4CC3-98EA-43B23AA64D8A}
[2012/08/20 14:24:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/19 12:58:08 | 000,003,192 | ---- | M] () -- C:\{9334061B-8657-4959-9CA5-6B4AFDD6B6DB}
[2012/08/19 12:43:29 | 000,003,168 | ---- | M] () -- C:\{4B6A520C-53D3-4D1E-A555-1F13FFEE3249}
[2012/08/19 12:40:01 | 000,003,168 | ---- | M] () -- C:\{37750AEC-AA8B-4E99-85AF-18EF33B6793E}
[2012/08/19 12:14:25 | 000,003,168 | ---- | M] () -- C:\{ED1BCF3C-12BC-40B1-87A6-7B6226D930E8}
[2012/08/19 12:05:30 | 000,003,168 | ---- | M] () -- C:\{74F6E4F8-3357-4F52-BE21-C1B6585A8993}
[2012/08/19 11:25:11 | 000,003,192 | ---- | M] () -- C:\{8331D4A7-FA9A-449A-993B-8A54174B53B2}
[2012/08/18 20:28:55 | 000,003,192 | ---- | M] () -- C:\{B41BCE8B-8327-4027-9D00-19FE4A000E0D}
[2012/08/18 20:25:23 | 000,003,168 | ---- | M] () -- C:\{6A48205F-D6FA-4B2F-85A7-3A1E4F49AD87}
[2012/08/18 20:15:41 | 000,003,168 | ---- | M] () -- C:\{870E820D-4737-485E-8C20-3363AA2968CB}
[2012/08/14 14:51:56 | 000,430,672 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/14 14:39:00 | 000,003,168 | ---- | M] () -- C:\{5F43D11C-968B-4FC2-8033-853DDA105279}
[2012/08/14 14:28:30 | 000,003,168 | ---- | M] () -- C:\{7EAA41B2-BAFC-48FF-9DD1-835736ACB458}
[2012/08/14 14:25:45 | 000,003,168 | ---- | M] () -- C:\{3BBB27CF-EF53-4C93-A8B0-4DA74AB93423}
[2012/08/14 13:03:10 | 000,003,168 | ---- | M] () -- C:\{97476F37-2466-4CA9-8208-C1E1C41AF0EF}
[2012/08/14 12:58:10 | 000,003,192 | ---- | M] () -- C:\{94C3A42A-1F86-418B-AD0A-007DCBBA01C6}
[2012/08/14 12:57:01 | 000,003,168 | ---- | M] () -- C:\{914EB9D7-E303-4BAF-8A78-4B7F10F20CEE}
[2012/08/14 12:55:32 | 000,003,168 | ---- | M] () -- C:\{1E12AFF7-C1B1-48DB-A7F9-8AF399D10CEE}
[2012/08/14 11:57:06 | 000,003,168 | ---- | M] () -- C:\{6683579B-4F07-4D42-8E1F-F2434F58F006}
[2012/08/14 11:55:39 | 000,003,168 | ---- | M] () -- C:\{0284EB07-E85C-426F-849B-2440CFF00573}
[7 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/09/05 14:06:22 | 000,732,477 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\211263.pdf
[2012/09/05 13:58:38 | 000,003,192 | ---- | C] () -- C:\{B5FA2FC5-682E-49AC-A9C3-1AB704E86A75}
[2012/09/05 10:10:38 | 000,003,168 | ---- | C] () -- C:\{88DC289C-1C9D-460E-8EDF-AF8D9299EDF9}
[2012/09/05 10:08:46 | 000,003,192 | ---- | C] () -- C:\{426B2890-CEB9-4AC5-93F3-EE7A28599302}
[2012/09/04 20:21:55 | 000,003,192 | ---- | C] () -- C:\{E112FD48-CED0-4D0C-9584-FBDC49C593E2}
[2012/09/04 15:06:33 | 000,003,192 | ---- | C] () -- C:\{64F3BD50-87EC-44EB-8BEF-B97D910168B6}
[2012/09/04 13:46:19 | 000,003,192 | ---- | C] () -- C:\{388FFD71-34A4-4DB8-BCC5-75492A71FECE}
[2012/09/04 13:13:25 | 000,003,168 | ---- | C] () -- C:\{0611CB42-BF1E-4090-A2BC-C3B79E66992A}
[2012/09/04 13:07:56 | 000,003,192 | ---- | C] () -- C:\{1AEA1DB9-A387-4D2D-8FAC-A0F8B4E50159}
[2012/09/04 12:55:10 | 000,003,192 | ---- | C] () -- C:\{435B21CD-EC98-40A6-92B0-EF2C3712B64B}
[2012/09/04 11:12:42 | 000,003,168 | ---- | C] () -- C:\{D5D548BA-E666-4CA1-A0D2-52CF45651A45}
[2012/09/04 09:34:41 | 000,003,168 | ---- | C] () -- C:\{7799089E-E0B0-4429-9712-174BBCD61807}
[2012/09/03 15:51:13 | 000,003,168 | ---- | C] () -- C:\{1D2D849C-8EEB-482E-9953-F82581B13087}
[2012/08/30 15:32:01 | 000,003,168 | ---- | C] () -- C:\{93936D02-423B-4DAB-BC17-92A623552F3F}
[2012/08/30 13:17:02 | 000,003,168 | ---- | C] () -- C:\{31938262-EDFC-4ACE-AE35-6E632FB6236E}
[2012/08/30 13:07:42 | 000,003,168 | ---- | C] () -- C:\{76007194-A200-4AB9-AA21-2ECF29EEE6D4}
[2012/08/30 12:27:30 | 000,003,168 | ---- | C] () -- C:\{A5CA7C0F-9931-4115-9AEB-D88291E4125C}
[2012/08/30 10:55:19 | 000,003,168 | ---- | C] () -- C:\{345A6389-813B-4E25-A576-277D8C79AA9B}
[2012/08/30 10:53:34 | 000,003,192 | ---- | C] () -- C:\{BE03BC01-8873-41C8-900E-042464089E7F}
[2012/08/30 10:42:15 | 000,003,168 | ---- | C] () -- C:\{76B2AC76-E2A5-410A-BA81-0A11F2AE7042}
[2012/08/30 10:00:31 | 000,003,168 | ---- | C] () -- C:\{370C0DA4-BDE0-4694-BA49-3CA80E593737}
[2012/08/30 09:41:30 | 000,003,152 | ---- | C] () -- C:\{DB8E9FBC-AEA6-4143-ABED-A9E82C8275C0}
[2012/08/30 09:34:30 | 000,003,128 | ---- | C] () -- C:\{0B59A272-95DB-46F7-AF45-5DA35C51A8D4}
[2012/08/30 09:21:52 | 000,003,128 | ---- | C] () -- C:\{736B3B72-F853-4C7B-98F6-675516E28701}
[2012/08/30 08:30:25 | 000,003,128 | ---- | C] () -- C:\{02B0C4A6-F264-4142-8412-971E9285522A}
[2012/08/29 22:46:25 | 000,003,152 | ---- | C] () -- C:\{83A3C42D-5BA5-45D9-A7CF-A3BDA0062B4A}
[2012/08/29 22:32:37 | 000,003,128 | ---- | C] () -- C:\{310320F5-8E4E-4BAB-9761-AEB335A4377D}
[2012/08/29 22:17:08 | 000,003,128 | ---- | C] () -- C:\{5D9C7A1B-28CF-44EB-A362-D5689EB30C6A}
[2012/08/29 21:45:25 | 000,003,128 | ---- | C] () -- C:\{C87F3131-21BE-4CE3-993A-3215B9931ECF}
[2012/08/29 20:52:56 | 000,003,128 | ---- | C] () -- C:\{69951E90-408D-4B9C-ACA6-22D5FAE3FA3F}
[2012/08/29 18:30:22 | 000,003,128 | ---- | C] () -- C:\{F32460BE-E85B-4970-A4AC-D5EF451641A4}
[2012/08/29 18:27:06 | 000,003,128 | ---- | C] () -- C:\{89BEA620-732B-445F-8EB4-F21EE6910B96}
[2012/08/29 18:12:44 | 000,003,152 | ---- | C] () -- C:\{4F25CED8-9DB0-40A8-A1B2-395712CE4696}
[2012/08/29 17:17:57 | 000,003,152 | ---- | C] () -- C:\{1C448458-BA17-47ED-9729-2DDAA3B857F4}
[2012/08/29 17:15:09 | 000,003,128 | ---- | C] () -- C:\{38639907-009A-49AE-90A0-9D3497AC1EBA}
[2012/08/29 17:12:39 | 000,003,128 | ---- | C] () -- C:\{97A1072A-670B-4A7B-A3EF-D70320278FC9}
[2012/08/29 17:00:33 | 000,003,128 | ---- | C] () -- C:\{1CB26035-99AF-40FF-9D06-8EA2DDF2A5E8}
[2012/08/29 16:45:30 | 000,003,128 | ---- | C] () -- C:\{420C844B-F5F4-4889-83B2-46A66229C251}
[2012/08/29 14:09:26 | 000,003,128 | ---- | C] () -- C:\{C777B7B6-A64E-4B9B-9146-101458A4E4AB}
[2012/08/29 14:03:36 | 000,003,128 | ---- | C] () -- C:\{354F6235-80AD-48A7-B6D4-4C15643080C2}
[2012/08/29 13:39:45 | 000,003,128 | ---- | C] () -- C:\{5C553A34-1088-464B-8EB9-3D97A2A294E7}
[2012/08/29 13:34:33 | 000,003,128 | ---- | C] () -- C:\{57DE245F-655C-4571-95BF-2ED2761617F6}
[2012/08/29 13:19:19 | 000,002,240 | ---- | C] () -- C:\{58C725D2-43AA-49DB-8210-07FB1C940070}
[2012/08/29 13:05:52 | 000,002,240 | ---- | C] () -- C:\{B87C7F89-69F8-46E0-AAFC-1C7D80BF72A1}
[2012/08/29 12:48:55 | 000,003,128 | ---- | C] () -- C:\{B3E49D9F-C434-441C-BC3E-297085C1C81A}
[2012/08/29 08:51:40 | 000,003,128 | ---- | C] () -- C:\{854BE175-B0BA-4705-B64A-8B1F6B06A2E5}
[2012/08/29 08:49:00 | 000,003,128 | ---- | C] () -- C:\{99AFBCB0-38D5-4298-B121-91A3A338A1D4}
[2012/08/28 21:49:59 | 000,003,128 | ---- | C] () -- C:\{72DC70B9-5EF5-486B-94A7-0A2A1EF414E7}
[2012/08/27 23:27:56 | 000,003,168 | ---- | C] () -- C:\{16155F60-CFE3-4366-B41F-BA3DC2D57B8B}
[2012/08/27 21:59:32 | 000,003,168 | ---- | C] () -- C:\{A4E99CD0-7A90-4480-AF40-F225BA00275E}
[2012/08/27 07:34:50 | 000,003,168 | ---- | C] () -- C:\{4E10D4BD-7B04-48AC-8C14-5E6D25E2E0CC}
[2012/08/27 07:17:24 | 000,003,192 | ---- | C] () -- C:\{4CD07928-9D7F-4A93-8509-70FF9E9B5E16}
[2012/08/27 06:52:29 | 000,003,168 | ---- | C] () -- C:\{E7FD9D52-890D-4186-8F9C-1BB7B8B53815}
[2012/08/27 06:26:53 | 000,003,168 | ---- | C] () -- C:\{2ECC07C2-2376-453D-A024-3482934EEE94}
[2012/08/27 06:16:00 | 000,003,168 | ---- | C] () -- C:\{44E2112D-4926-4A22-ACC2-91F492C117C4}
[2012/08/27 06:13:12 | 000,003,192 | ---- | C] () -- C:\{552180D7-079B-470E-B925-C16E62055820}
[2012/08/27 05:58:42 | 000,003,192 | ---- | C] () -- C:\{54417B5D-1574-4975-B838-5A85BC35C44E}
[2012/08/27 05:54:54 | 000,003,168 | ---- | C] () -- C:\{59261EB2-D702-4F51-92A3-5AFCA98A6A3F}
[2012/08/27 05:31:03 | 000,003,192 | ---- | C] () -- C:\{3D46AAFC-420C-4157-941C-A9FDEC9C685E}
[2012/08/27 05:29:39 | 000,003,192 | ---- | C] () -- C:\{9FA1BCC7-7C64-4EBF-98AC-737AE7467DC9}
[2012/08/27 05:28:20 | 000,003,168 | ---- | C] () -- C:\{38EF06F8-DB97-4651-8E21-43E1368302E9}
[2012/08/27 05:20:33 | 000,003,192 | ---- | C] () -- C:\{31872568-8051-4EC4-9549-79B36D42ED72}
[2012/08/27 05:13:02 | 000,003,168 | ---- | C] () -- C:\{D264F097-922E-4D58-8A1A-E95526747BD8}
[2012/08/27 05:11:58 | 000,003,192 | ---- | C] () -- C:\{797B1DE8-5F2E-4501-9907-85C5E013420D}
[2012/08/27 05:10:55 | 000,003,168 | ---- | C] () -- C:\{790FB7C3-1CE7-42FF-AADD-63D6F6379AA6}
[2012/08/27 04:55:41 | 000,003,192 | ---- | C] () -- C:\{B9D7868D-FF08-42E6-809F-19F1E8E4A194}
[2012/08/27 04:40:43 | 000,003,168 | ---- | C] () -- C:\{3B2E1758-C42A-4DC6-A2D9-FC62CE2E1FC4}
[2012/08/27 04:27:10 | 000,003,192 | ---- | C] () -- C:\{9E016C95-8B89-4ECB-AA22-07261880BAFE}
[2012/08/27 04:11:31 | 000,003,168 | ---- | C] () -- C:\{7E5E009B-A596-45F6-91D1-C26EC30EF060}
[2012/08/27 03:58:54 | 000,003,192 | ---- | C] () -- C:\{8F9169D2-481E-4913-8E3E-117400ADF2AB}
[2012/08/27 03:43:30 | 000,003,168 | ---- | C] () -- C:\{18745425-3D5E-4CFC-A87F-72EDD710153C}
[2012/08/27 03:27:56 | 000,003,192 | ---- | C] () -- C:\{BD3D45C5-8BF7-4198-B845-A70B9CC0B163}
[2012/08/27 03:14:10 | 000,003,168 | ---- | C] () -- C:\{E4E2262B-492B-4C90-9514-EB9FF3AD4C57}
[2012/08/27 03:02:23 | 000,003,192 | ---- | C] () -- C:\{7F1DA728-5FF8-4CF0-942A-97B1AC4E8BD4}
[2012/08/27 02:54:42 | 000,003,168 | ---- | C] () -- C:\{22BF0279-E4FE-4B17-8417-D7768C8926D2}
[2012/08/27 02:42:28 | 000,002,360 | ---- | C] () -- C:\{51D68F4E-39A6-47C4-8BE4-434109A4F3F5}
[2012/08/27 02:37:58 | 000,002,256 | ---- | C] () -- C:\{85E7252F-AEE1-4889-AE03-2438BC724C94}
[2012/08/27 02:31:31 | 000,003,192 | ---- | C] () -- C:\{A1D87CF4-367A-4168-9389-F4AE1F663DD8}
[2012/08/27 02:25:07 | 000,003,168 | ---- | C] () -- C:\{007F42BC-BDD9-4CD0-8DA8-25732A07FFE3}
[2012/08/27 02:18:36 | 000,003,192 | ---- | C] () -- C:\{35D4D92D-61FC-4DE8-A2E9-6FB58000A91E}
[2012/08/27 02:11:53 | 000,003,168 | ---- | C] () -- C:\{09C6F392-9DFB-41F9-A7C2-A6E3614342AF}
[2012/08/27 02:04:08 | 000,003,192 | ---- | C] () -- C:\{E939DFD1-04B7-44EA-921A-F8634EA93F12}
[2012/08/27 02:00:26 | 000,003,168 | ---- | C] () -- C:\{AA7CE832-1273-488E-8704-0A10270793A6}
[2012/08/27 01:56:38 | 000,003,192 | ---- | C] () -- C:\{D7F31B1C-AE9F-4BBA-9F99-4DD2CEC30F55}
[2012/08/27 01:51:43 | 000,003,168 | ---- | C] () -- C:\{1B9FFD69-3BDC-4AAB-922F-9F190C0D0819}
[2012/08/27 01:43:27 | 000,002,424 | ---- | C] () -- C:\{06E94532-6D8D-4F1F-A834-94FEA44CFF4A}
[2012/08/27 01:38:22 | 000,002,856 | ---- | C] () -- C:\{0BE7830D-7895-4F8E-9013-6DCEBEBC7FB6}
[2012/08/27 01:29:31 | 000,003,192 | ---- | C] () -- C:\{61FB13D2-7940-4EF6-81ED-3391BC7BDDB8}
[2012/08/27 01:23:12 | 000,003,168 | ---- | C] () -- C:\{02A88FF2-2827-476D-A88E-474ACA1FC57F}
[2012/08/27 01:16:28 | 000,003,192 | ---- | C] () -- C:\{DAE744A3-3450-434C-BF1F-BBB1E75AEB97}
[2012/08/27 01:09:57 | 000,003,168 | ---- | C] () -- C:\{B2424844-1023-40A3-A610-1B20E331C877}
[2012/08/27 01:03:16 | 000,003,192 | ---- | C] () -- C:\{2D38A9B7-4C7A-4C7B-A97C-9F1A9D9CC54F}
[2012/08/27 00:56:10 | 000,003,168 | ---- | C] () -- C:\{32A37D5E-7E65-42DF-9787-CEA4154BFDBF}
[2012/08/27 00:49:38 | 000,003,192 | ---- | C] () -- C:\{3EBC872C-E6F7-4DE5-86DB-F9603E80443E}
[2012/08/27 00:43:01 | 000,003,168 | ---- | C] () -- C:\{663525C9-77A0-4FC2-BB3D-8C1FA26FDFD7}
[2012/08/27 00:36:10 | 000,003,192 | ---- | C] () -- C:\{7203AB3B-22C2-4535-96B1-6A0B7EA95F21}
[2012/08/27 00:29:25 | 000,003,168 | ---- | C] () -- C:\{0F348110-A2AA-4751-B4FC-4ED368625A8D}
[2012/08/27 00:22:43 | 000,003,192 | ---- | C] () -- C:\{E8FE0B1A-5490-4A9B-A993-180DBB473604}
[2012/08/27 00:16:06 | 000,003,168 | ---- | C] () -- C:\{4871B192-0475-4C77-A79B-B369005BCDE2}
[2012/08/27 00:09:21 | 000,003,192 | ---- | C] () -- C:\{44F642B2-A475-411F-92B8-7BAA68868F29}
[2012/08/27 00:02:52 | 000,003,168 | ---- | C] () -- C:\{E5EBBBA1-3C9A-4026-B072-AC8BCE3B515A}
[2012/08/26 23:56:36 | 000,003,168 | ---- | C] () -- C:\{A6BF8615-A99D-4ABF-AFA0-5F2ED58FDFD1}
[2012/08/26 23:49:48 | 000,003,192 | ---- | C] () -- C:\{13897D9B-8BF9-4C63-A49B-FA2507254154}
[2012/08/26 23:42:47 | 000,003,192 | ---- | C] () -- C:\{54C3433A-6975-49A7-B15D-4656AEC94308}
[2012/08/26 23:35:46 | 000,003,168 | ---- | C] () -- C:\{772B44D7-714D-4FD7-AE86-495986A00A2D}
[2012/08/26 23:27:40 | 000,003,192 | ---- | C] () -- C:\{4ED516C9-0012-44CB-B436-AC888FC23194}
[2012/08/26 23:21:05 | 000,003,168 | ---- | C] () -- C:\{59261146-4BF1-495C-A5EE-9A120693FD57}
[2012/08/26 23:14:28 | 000,003,168 | ---- | C] () -- C:\{3786DFB1-7BD6-4C45-88A1-9774B8F7819E}
[2012/08/26 23:07:59 | 000,003,192 | ---- | C] () -- C:\{16B81A89-5599-43B9-8E86-BCA917514A8E}
[2012/08/26 23:01:03 | 000,003,192 | ---- | C] () -- C:\{CAD94E47-E3B5-4B3E-95C3-19AF5A8CFA15}
[2012/08/26 22:54:36 | 000,003,168 | ---- | C] () -- C:\{8C26E315-CC85-457F-8335-D00D2DCFC42A}
[2012/08/26 22:47:53 | 000,003,192 | ---- | C] () -- C:\{ACDE1898-21CF-4981-90DB-07ECEA89624B}
[2012/08/26 22:41:19 | 000,003,168 | ---- | C] () -- C:\{94D683BB-5C78-42A1-A5FF-8D0EB6C9446F}
[2012/08/26 22:34:36 | 000,003,168 | ---- | C] () -- C:\{D532E393-D7FE-417D-9823-900DD64E70AA}
[2012/08/26 22:28:07 | 000,003,192 | ---- | C] () -- C:\{4E12E152-6A0D-4DBE-858A-439FDF1F04B0}
[2012/08/26 22:21:29 | 000,003,192 | ---- | C] () -- C:\{0672694C-2E3B-48CD-8E7C-8AA6D89098D7}
[2012/08/26 22:14:28 | 000,003,168 | ---- | C] () -- C:\{86FEF14E-9BB7-41AA-BAFD-7C27FD1CAAFB}
[2012/08/26 22:07:40 | 000,003,192 | ---- | C] () -- C:\{261CE2A9-3778-48EB-AC6B-40C46C91BAE0}
[2012/08/26 22:00:21 | 000,003,168 | ---- | C] () -- C:\{472BCEE4-02FA-4112-9CDA-FE41DDA63D41}
[2012/08/26 21:53:20 | 000,003,192 | ---- | C] () -- C:\{EC573A94-76B7-4370-810B-9184F395B960}
[2012/08/26 21:47:57 | 000,003,168 | ---- | C] () -- C:\{8AF87C00-6DB3-4ADE-8223-7C807D8235F0}
[2012/08/26 21:42:33 | 000,003,192 | ---- | C] () -- C:\{9B8D3CF4-96B2-42A1-BA9E-723F5AB1F36A}
[2012/08/26 21:36:17 | 000,003,168 | ---- | C] () -- C:\{937343FE-BDBE-4861-AF0D-4961C520FFDE}
[2012/08/26 21:30:21 | 000,003,192 | ---- | C] () -- C:\{988B1A48-675B-4892-B886-BF6DA6AFED62}
[2012/08/26 21:23:34 | 000,003,168 | ---- | C] () -- C:\{6DE38B91-9503-45CE-A11A-A6DF08836D0D}
[2012/08/26 21:19:19 | 000,003,168 | ---- | C] () -- C:\{F67C339E-9310-4845-A607-E4B4A3ECA116}
[2012/08/26 21:11:26 | 000,003,192 | ---- | C] () -- C:\{FB0C94E5-21F0-408B-98A1-A429A1504334}
[2012/08/26 21:05:09 | 000,003,192 | ---- | C] () -- C:\{93289DDB-CD97-419F-904B-3E8A88E2FBF7}
[2012/08/26 21:00:23 | 000,003,168 | ---- | C] () -- C:\{1A975C1E-0987-4E70-ACE9-BE0AEC32124D}
[2012/08/26 20:56:54 | 000,003,192 | ---- | C] () -- C:\{79390CA4-2F04-4D2D-95E3-5281B3D6BE5D}
[2012/08/26 20:50:32 | 000,003,168 | ---- | C] () -- C:\{79068B1D-655E-46A6-942C-067D2A9E3DFF}
[2012/08/26 20:44:21 | 000,003,192 | ---- | C] () -- C:\{B35FA9B7-A64B-4221-8799-69250DA69FD7}
[2012/08/26 20:38:04 | 000,003,168 | ---- | C] () -- C:\{BCC40A1C-50B4-4C43-AAEB-5EB1111D8270}
[2012/08/26 20:32:32 | 000,003,192 | ---- | C] () -- C:\{26634504-1B0C-4C4E-A57E-822AEA6A5733}
[2012/08/26 20:26:08 | 000,003,168 | ---- | C] () -- C:\{29A3860B-6290-46FA-A32C-D9D1CA659550}
[2012/08/24 16:15:49 | 000,003,168 | ---- | C] () -- C:\{B0FEF934-D317-4415-A26E-8B50E1706084}
[2012/08/23 16:50:57 | 000,001,325 | ---- | C] () -- C:\Users\Public\Desktop\VMware View Client.lnk
[2012/08/22 20:49:55 | 000,003,192 | ---- | C] () -- C:\{1C69F3EB-5739-4094-B10B-DBD8C5F5FF04}
[2012/08/22 20:45:37 | 000,003,168 | ---- | C] () -- C:\{A8491215-D97C-4039-88F3-27BCE0FCFABA}
[2012/08/22 20:31:25 | 000,003,168 | ---- | C] () -- C:\{A00FDA31-71E0-4CA7-94C0-B44A093559B8}
[2012/08/22 20:03:45 | 000,003,168 | ---- | C] () -- C:\{1393051B-A571-4241-AC4E-9128FA954CB7}
[2012/08/22 20:02:16 | 000,003,168 | ---- | C] () -- C:\{A17B9DAE-9BB3-469E-A6F7-C8E7D1FB269D}
[2012/08/22 19:35:52 | 000,003,160 | ---- | C] () -- C:\{B5383519-1BC3-4B65-9129-835E8F855564}
[2012/08/22 19:04:25 | 000,003,128 | ---- | C] () -- C:\{9B485D98-9770-43AD-89CE-B90FA125A568}
[2012/08/22 18:25:35 | 000,003,168 | ---- | C] () -- C:\{7C86F62B-7B97-45B0-96DA-13EA5C99F24D}
[2012/08/22 18:17:44 | 000,003,168 | ---- | C] () -- C:\{827AB113-E3E9-48D9-B368-4341AABC51BE}
[2012/08/22 17:30:00 | 000,003,160 | ---- | C] () -- C:\{7E52FE86-80AF-4BC3-B63F-451B032040A9}
[2012/08/22 17:23:31 | 000,003,192 | ---- | C] () -- C:\{AD91554F-2373-4F27-A7A6-CF68D994FA96}
[2012/08/22 17:17:27 | 000,003,168 | ---- | C] () -- C:\{882DFF59-1A98-475C-BC36-6DE64BB86B10}
[2012/08/22 17:10:58 | 000,003,472 | ---- | C] () -- C:\{8F1EA7DB-17C2-4A57-A9B6-19935AFF95BA}
[2012/08/22 17:04:14 | 000,003,320 | ---- | C] () -- C:\{3F22011B-48B3-4970-A2F9-1C4A3D0FF3E0}
[2012/08/22 16:57:27 | 000,003,160 | ---- | C] () -- C:\{06602612-1253-413A-B68C-FA3DEA19FA71}
[2012/08/22 16:49:48 | 000,003,192 | ---- | C] () -- C:\{E4ADB819-5699-49FC-AE8D-8283DBE20EF1}
[2012/08/22 16:42:58 | 000,003,168 | ---- | C] () -- C:\{0B8DA6EC-CEA7-4488-8E4F-6378B173EF1A}
[2012/08/22 16:36:10 | 000,003,168 | ---- | C] () -- C:\{CEC5649A-E6BD-4030-8E41-CFD839F28B6E}
[2012/08/22 16:29:29 | 000,003,160 | ---- | C] () -- C:\{6DFAB4FC-63DA-484F-A62D-9DA1E0966AEC}
[2012/08/22 16:20:13 | 000,003,192 | ---- | C] () -- C:\{2706DD1E-7A0D-42F9-9ECF-1BD7D17B39D7}
[2012/08/22 16:08:34 | 000,003,168 | ---- | C] () -- C:\{B9B01496-A7BF-40DC-9357-181921400CD3}
[2012/08/22 15:57:44 | 000,003,168 | ---- | C] () -- C:\{A8B8C87A-A5AD-4495-8C98-39959EE60FCF}
[2012/08/22 15:51:14 | 000,003,160 | ---- | C] () -- C:\{3B89C180-07E4-4582-A151-17FE5048CC72}
[2012/08/22 15:44:55 | 000,003,192 | ---- | C] () -- C:\{9AFD7FF8-536D-4DCE-9604-1FC1DE758EFA}
[2012/08/22 15:38:12 | 000,003,168 | ---- | C] () -- C:\{E545CE53-6B5B-49F5-89C0-96CE54C05B02}
[2012/08/22 15:30:38 | 000,003,168 | ---- | C] () -- C:\{FDAECA24-A9B5-490A-8199-FBEBA537F95E}
[2012/08/22 15:23:43 | 000,003,160 | ---- | C] () -- C:\{413E0413-521D-4349-A0E2-AEAC2A57CAE4}
[2012/08/22 15:16:46 | 000,003,168 | ---- | C] () -- C:\{3F6C5E6C-3D55-451C-A62E-C6B22EA71ED8}
[2012/08/22 15:09:35 | 000,003,192 | ---- | C] () -- C:\{95A17765-B72D-44DA-9322-F050020641D7}
[2012/08/22 15:03:00 | 000,003,160 | ---- | C] () -- C:\{E28A78EE-B56C-48C6-8D8D-19E7A5A894F8}
[2012/08/22 14:55:14 | 000,003,168 | ---- | C] () -- C:\{1CBC0AA7-79AB-440C-A01E-06D794D01E7D}
[2012/08/22 14:48:11 | 000,003,192 | ---- | C] () -- C:\{C6CC8BA4-2F12-460D-AE1A-D14C32EB34A9}
[2012/08/22 14:41:50 | 000,003,168 | ---- | C] () -- C:\{0D27268C-EB15-4FA6-8042-FB437A459BF5}
[2012/08/22 14:33:49 | 000,003,168 | ---- | C] () -- C:\{BCCDAAEF-F439-4207-975E-EB7D3227DD0F}
[2012/08/22 14:26:30 | 000,003,160 | ---- | C] () -- C:\{27A34C47-4460-4763-962D-8AF2DCAC036B}
[2012/08/22 14:16:08 | 000,003,192 | ---- | C] () -- C:\{DDF000FE-6102-433D-A4BF-3050172F3254}
[2012/08/22 14:06:40 | 000,003,168 | ---- | C] () -- C:\{CC23A4FB-F944-4415-B878-E9EC79720501}
[2012/08/22 13:55:04 | 000,002,360 | ---- | C] () -- C:\{3B8F8721-CC1B-4151-88E2-667BD7B81F92}
[2012/08/22 13:38:46 | 000,002,256 | ---- | C] () -- C:\{46271224-84D4-4DFF-B784-9A33AB3E8CD7}
[2012/08/22 13:28:45 | 000,003,168 | ---- | C] () -- C:\{55F02BA1-06A7-4B0E-9963-797109B6558E}
[2012/08/22 13:18:44 | 000,003,160 | ---- | C] () -- C:\{ECABE8D8-A484-4A25-943E-6D02EEE3A1A4}
[2012/08/22 13:09:02 | 000,003,192 | ---- | C] () -- C:\{34D6C40C-B3C8-469A-9E8E-CA46609EF1E8}
[2012/08/22 13:00:14 | 000,003,168 | ---- | C] () -- C:\{404C2799-5F6F-4D9C-8654-08574844585A}
[2012/08/22 12:50:26 | 000,003,168 | ---- | C] () -- C:\{B1D7B7CD-6B6A-4F53-BFE1-558339111CE2}
[2012/08/22 12:39:36 | 000,003,160 | ---- | C] () -- C:\{173D4F36-8402-448D-B712-FBA87FEE2C01}
[2012/08/22 12:30:33 | 000,003,192 | ---- | C] () -- C:\{0560BFBA-178E-4B01-AB78-41A31B0C331B}
[2012/08/22 12:21:16 | 000,003,168 | ---- | C] () -- C:\{EE7885EB-B2E8-49FD-9243-BC1E91D0790C}
[2012/08/22 11:57:38 | 000,003,168 | ---- | C] () -- C:\{E1C5E2EF-3F31-4A00-ADA0-6E4FDB6CF74E}
[2012/08/22 11:16:31 | 000,003,192 | ---- | C] () -- C:\{93A4726C-B5CB-4E46-94EC-A58FA89157F4}
[2012/08/22 11:14:58 | 000,003,168 | ---- | C] () -- C:\{DA801D02-C985-49F3-874E-617038975132}
[2012/08/22 11:03:53 | 000,003,192 | ---- | C] () -- C:\{683545E1-C95F-4F1A-BE62-4AC57BE7BB07}
[2012/08/22 10:58:08 | 000,003,168 | ---- | C] () -- C:\{85F3975B-3814-40DF-84D2-D6D9117803E1}
[2012/08/21 16:40:14 | 000,000,804 | ---- | C] () -- C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\L\00000004.@
[2012/08/20 22:08:39 | 000,003,160 | ---- | C] () -- C:\{92D61E61-717D-4330-AA8D-C196C999CAC8}
[2012/08/20 22:05:16 | 000,003,168 | ---- | C] () -- C:\{D4CAAB1C-6BEC-4789-8448-6381A0CE9F0F}
[2012/08/20 21:56:57 | 000,003,192 | ---- | C] () -- C:\{C5A9D8DE-AEA0-47CC-8224-B359C6D64BB3}
[2012/08/20 21:47:39 | 000,003,168 | ---- | C] () -- C:\{81BB429E-31E4-4A02-8F6F-EB1566E8A237}
[2012/08/20 21:15:51 | 000,003,168 | ---- | C] () -- C:\{B3FE7E9C-5EAE-4CC3-98EA-43B23AA64D8A}
[2012/08/19 12:58:05 | 000,003,192 | ---- | C] () -- C:\{9334061B-8657-4959-9CA5-6B4AFDD6B6DB}
[2012/08/19 12:43:25 | 000,003,168 | ---- | C] () -- C:\{4B6A520C-53D3-4D1E-A555-1F13FFEE3249}
[2012/08/19 12:39:57 | 000,003,168 | ---- | C] () -- C:\{37750AEC-AA8B-4E99-85AF-18EF33B6793E}
[2012/08/19 12:14:18 | 000,003,168 | ---- | C] () -- C:\{ED1BCF3C-12BC-40B1-87A6-7B6226D930E8}
[2012/08/19 12:05:20 | 000,003,168 | ---- | C] () -- C:\{74F6E4F8-3357-4F52-BE21-C1B6585A8993}
[2012/08/19 11:25:10 | 000,003,192 | ---- | C] () -- C:\{8331D4A7-FA9A-449A-993B-8A54174B53B2}
[2012/08/18 20:28:55 | 000,003,192 | ---- | C] () -- C:\{B41BCE8B-8327-4027-9D00-19FE4A000E0D}
[2012/08/18 20:25:19 | 000,003,168 | ---- | C] () -- C:\{6A48205F-D6FA-4B2F-85A7-3A1E4F49AD87}
[2012/08/18 20:15:38 | 000,003,168 | ---- | C] () -- C:\{870E820D-4737-485E-8C20-3363AA2968CB}
[2012/08/14 14:38:56 | 000,003,168 | ---- | C] () -- C:\{5F43D11C-968B-4FC2-8033-853DDA105279}
[2012/08/14 14:28:26 | 000,003,168 | ---- | C] () -- C:\{7EAA41B2-BAFC-48FF-9DD1-835736ACB458}
[2012/08/14 14:25:35 | 000,003,168 | ---- | C] () -- C:\{3BBB27CF-EF53-4C93-A8B0-4DA74AB93423}
[2012/08/14 13:03:08 | 000,003,168 | ---- | C] () -- C:\{97476F37-2466-4CA9-8208-C1E1C41AF0EF}
[2012/08/14 12:58:07 | 000,003,192 | ---- | C] () -- C:\{94C3A42A-1F86-418B-AD0A-007DCBBA01C6}
[2012/08/14 12:57:00 | 000,003,168 | ---- | C] () -- C:\{914EB9D7-E303-4BAF-8A78-4B7F10F20CEE}
[2012/08/14 12:55:29 | 000,003,168 | ---- | C] () -- C:\{1E12AFF7-C1B1-48DB-A7F9-8AF399D10CEE}
[2012/08/14 11:57:03 | 000,003,168 | ---- | C] () -- C:\{6683579B-4F07-4D42-8E1F-F2434F58F006}
[2012/08/14 11:55:35 | 000,003,168 | ---- | C] () -- C:\{0284EB07-E85C-426F-849B-2440CFF00573}
[2012/08/08 17:07:59 | 000,000,000 | ---- | C] () -- C:\Users\Matt Goodwin\Documents\Nuance Image Printer Writer Port
[2012/08/01 20:16:30 | 000,006,212 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/07/18 23:22:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\Standard
[2012/07/18 23:22:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\Soundtrack
[2012/07/15 22:43:02 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2012/07/15 22:43:02 | 000,000,000 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Roaming\Standard Tool
[2012/07/15 22:24:56 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/07/15 22:23:45 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/07/15 22:23:45 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/07/15 22:23:45 | 000,000,000 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Roaming\SupportPrinters
[2012/07/15 22:23:45 | 000,000,000 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Roaming\Strings
[2012/06/05 14:04:48 | 000,021,120 | ---- | C] () -- C:\windows\SysWow64\drivers\AQFileRestore.sys
[2012/03/05 12:04:04 | 000,154,332 | ---- | C] () -- C:\windows\hppins08.dat
[2012/03/05 12:04:04 | 000,001,116 | ---- | C] () -- C:\windows\hppmdl08.dat
[2012/03/05 11:23:08 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2012/03/05 11:22:55 | 000,316,928 | ---- | C] () -- C:\windows\SysWow64\hpcc3118.dll
[2012/01/11 09:40:58 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\@
[2012/01/11 09:40:58 | 000,002,048 | -HS- | C] () -- C:\Users\Matt Goodwin\AppData\Local\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\@
[2012/01/09 18:00:31 | 000,000,376 | ---- | C] () -- C:\windows\AAA9de.ini
[2011/05/18 17:42:28 | 000,001,940 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/13 19:06:30 | 000,000,036 | -H-- | C] () -- C:\windows\SysWow64\f9t.dat
[2010/10/30 14:07:21 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2010/10/30 14:00:41 | 000,000,019 | ---- | C] () -- C:\windows\popcinfo.dat
[2010/04/04 23:03:37 | 000,004,284 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Roaming\wklnhst.dat
[2010/02/26 00:47:03 | 000,000,824 | ---- | C] () -- C:\Users\Matt Goodwin\hosts
[2010/01/03 16:35:24 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/01 21:27:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/01 21:01:05 | 008,126,464 | -HS- | C] () -- C:\Users\Matt Goodwin\NTUSER.BK1
[2010/01/01 21:01:05 | 006,299,648 | ---- | C] () -- C:\Users\Matt Goodwin\NTUSER.BAK
========== LOP Check ==========
[2012/05/12 10:03:13 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\.minecraft
[2012/08/08 09:22:49 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\.oit
[2012/08/01 22:42:29 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Avanquest
[2010/10/03 14:39:18 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Catalina Marketing Corp
[2010/01/21 09:48:50 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2012/08/12 21:47:17 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\DefaultTab
[2012/08/22 13:41:17 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\DriverCure
[2010/02/22 18:32:18 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\E-centives
[2012/07/15 22:48:19 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Nikon
[2010/01/05 10:37:04 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Nuance
[2010/04/12 21:42:24 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\OverDrive
[2010/01/23 14:14:19 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Snood
[2012/08/22 13:41:13 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\SpeedyPC Software
[2011/01/13 19:08:07 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Stamps.com Internet Postage
[2010/10/08 23:34:49 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Teleca
[2010/04/04 23:03:39 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Template
[2011/03/02 00:04:25 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Tific
[2010/01/06 10:09:34 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\TOSHIBA
[2010/05/23 13:14:46 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Ulead Systems
[2010/01/01 21:01:38 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\WinBatch
[2010/12/03 16:11:47 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Windows Live Writer
[2010/01/03 16:33:53 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Zeon
[2012/06/06 15:27:13 | 000,032,550 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
#3
Posted 05 September 2012 - 02:48 PM
Hi there a few programmes to run first to clear the way and see the depth of the problem
Please post: All RKreport.txt text files located on your desktop.
THEN
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete
Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
FINALLY
run farbar service scanner
Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
- Download RogueKiller and save it on your desktop.
- Quit all programs
- Start RogueKiller.exe.
- Wait until Prescan has finished ...
- Click on Scan
- Wait for the end of the scan.
- The report has been created on the desktop.
- Click on the Delete button.
- The report has been created on the desktop.
- Next click on the ShortcutsFix
- The report has been created on the desktop.
Please post: All RKreport.txt text files located on your desktop.
THEN
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete
Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
FINALLY
run farbar service scanner
Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
#4
Posted 05 September 2012 - 07:51 PM
Please see all the RKreport.txt logs listed below. Please let me know if you need anything further. I look forward to your response.
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matt Goodwin [Admin rights]
Mode : Scan -- Date : 09/05/2012 17:11:09
¤¤¤ Bad processes : 3 ¤¤¤
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermThr]
¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 4816 : wscript.exe -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[FILEASSO] HKLM\[...]\command : (C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\L --> FOUND
[ZeroAccess][FILE] @ : C:\Users\Matt Goodwin\AppData\Local\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\Matt Goodwin\AppData\Local\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\Matt Goodwin\AppData\Local\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_64\Desktop.ini --> FOUND
[Susp.ASLR][FILE] services.exe : C:\windows\system32\services.exe --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] 3dc58bf13bf1226d28ff04fef707c91f
[BSP] 6b81a4f7bbdb87c02bc9f654358bd723 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464503 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954376192 | Size: 10936 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matt Goodwin [Admin rights]
Mode : Remove -- Date : 09/05/2012 17:13:41
¤¤¤ Bad processes : 5 ¤¤¤
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermThr]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED
[TASK][ROGUE ST] 4816 : wscript.exe -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILEASSO] HKLM\[...]\command : (C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE) -> REPLACED ("C:\Program Files (x86)\Internet Explorer\iexplore.exe")
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\@ --> REMOVED AT REBOOT
[ZeroAccess][FOLDER] ROOT : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\L --> REMOVED
[ZeroAccess][FILE] @ : C:\Users\Matt Goodwin\AppData\Local\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Matt Goodwin\AppData\Local\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Matt Goodwin\AppData\Local\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
[Susp.ASLR][FILE] services.exe : C:\windows\system32\services.exe --> REPLACED AT REBOOT (C:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] 3dc58bf13bf1226d28ff04fef707c91f
[BSP] 6b81a4f7bbdb87c02bc9f654358bd723 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464503 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954376192 | Size: 10936 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matt Goodwin [Admin rights]
Mode : Scan -- Date : 09/05/2012 17:27:08
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 1 ¤¤¤
[FILEASSO] HKLM\[...]\command : ("C:\Program Files (x86)\Internet Explorer\iexplore.exe") -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\U --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] 3dc58bf13bf1226d28ff04fef707c91f
[BSP] 6b81a4f7bbdb87c02bc9f654358bd723 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464503 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954376192 | Size: 10936 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matt Goodwin [Admin rights]
Mode : Remove -- Date : 09/05/2012 17:28:42
¤¤¤ Bad processes : 3 ¤¤¤
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermThr]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermThr]
¤¤¤ Registry Entries : 1 ¤¤¤
[FILEASSO] HKLM\[...]\command : ("C:\Program Files (x86)\Internet Explorer\iexplore.exe") -> REPLACED ("C:\Program Files (x86)\Internet Explorer\iexplore.exe")
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\U --> REMOVED
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] 3dc58bf13bf1226d28ff04fef707c91f
[BSP] 6b81a4f7bbdb87c02bc9f654358bd723 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464503 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954376192 | Size: 10936 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matt Goodwin [Admin rights]
Mode : Shortcuts HJfix -- Date : 09/05/2012 17:44:11
¤¤¤ Bad processes : 3 ¤¤¤
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermThr]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermThr]
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 10 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 283 / Fail 0
My documents: Success 454 / Fail 454
My favorites: Success 10 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 282 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 103 / Fail 21
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
¤¤¤ Infection : ZeroAccess ¤¤¤
Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matt Goodwin [Admin rights]
Mode : Scan -- Date : 09/05/2012 17:11:09
¤¤¤ Bad processes : 3 ¤¤¤
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermThr]
¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 4816 : wscript.exe -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[FILEASSO] HKLM\[...]\command : (C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\L --> FOUND
[ZeroAccess][FILE] @ : C:\Users\Matt Goodwin\AppData\Local\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\Matt Goodwin\AppData\Local\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\Matt Goodwin\AppData\Local\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_64\Desktop.ini --> FOUND
[Susp.ASLR][FILE] services.exe : C:\windows\system32\services.exe --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] 3dc58bf13bf1226d28ff04fef707c91f
[BSP] 6b81a4f7bbdb87c02bc9f654358bd723 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464503 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954376192 | Size: 10936 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matt Goodwin [Admin rights]
Mode : Remove -- Date : 09/05/2012 17:13:41
¤¤¤ Bad processes : 5 ¤¤¤
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermThr]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED
[TASK][ROGUE ST] 4816 : wscript.exe -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILEASSO] HKLM\[...]\command : (C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE) -> REPLACED ("C:\Program Files (x86)\Internet Explorer\iexplore.exe")
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\@ --> REMOVED AT REBOOT
[ZeroAccess][FOLDER] ROOT : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\L --> REMOVED
[ZeroAccess][FILE] @ : C:\Users\Matt Goodwin\AppData\Local\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Matt Goodwin\AppData\Local\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Matt Goodwin\AppData\Local\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
[Susp.ASLR][FILE] services.exe : C:\windows\system32\services.exe --> REPLACED AT REBOOT (C:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] 3dc58bf13bf1226d28ff04fef707c91f
[BSP] 6b81a4f7bbdb87c02bc9f654358bd723 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464503 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954376192 | Size: 10936 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matt Goodwin [Admin rights]
Mode : Scan -- Date : 09/05/2012 17:27:08
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 1 ¤¤¤
[FILEASSO] HKLM\[...]\command : ("C:\Program Files (x86)\Internet Explorer\iexplore.exe") -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\U --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] 3dc58bf13bf1226d28ff04fef707c91f
[BSP] 6b81a4f7bbdb87c02bc9f654358bd723 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464503 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954376192 | Size: 10936 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matt Goodwin [Admin rights]
Mode : Remove -- Date : 09/05/2012 17:28:42
¤¤¤ Bad processes : 3 ¤¤¤
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermThr]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermThr]
¤¤¤ Registry Entries : 1 ¤¤¤
[FILEASSO] HKLM\[...]\command : ("C:\Program Files (x86)\Internet Explorer\iexplore.exe") -> REPLACED ("C:\Program Files (x86)\Internet Explorer\iexplore.exe")
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\windows\Installer\{679f1631-04bc-87f6-12e2-e903a5b90c5b}\U --> REMOVED
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] 3dc58bf13bf1226d28ff04fef707c91f
[BSP] 6b81a4f7bbdb87c02bc9f654358bd723 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464503 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954376192 | Size: 10936 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matt Goodwin [Admin rights]
Mode : Shortcuts HJfix -- Date : 09/05/2012 17:44:11
¤¤¤ Bad processes : 3 ¤¤¤
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermThr]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermThr]
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 10 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 283 / Fail 0
My documents: Success 454 / Fail 454
My favorites: Success 10 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 282 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 103 / Fail 21
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
¤¤¤ Infection : ZeroAccess ¤¤¤
Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt
#5
Posted 05 September 2012 - 08:13 PM
For some reason, my computer will not allow me to download AdwCleaner. I attempt to run the program and it is blocked and deleted by my Norton system. I am hoping you can provide some feedback and maybe a way around this problem.
#6
Posted 06 September 2012 - 07:11 AM
Could you temporarily disable Norton and use this direct link the programme is safe
#7
Posted 06 September 2012 - 07:36 AM
I will try to disable it the best way I know how. I will let you know if this is accomplished as soon as possible. Thanks again for all of your help.
#8
Posted 06 September 2012 - 07:44 AM
As it stands now Norton should no longer be alerting on the trojan .. Could you confirm that
#9
Posted 06 September 2012 - 07:52 AM
Norton is still alerting me that the Trojan is still there.
#10
Posted 06 September 2012 - 07:57 AM
Is it on the services.exe file ?
Have you rebooted after the RogueKiller run ?
Have you rebooted after the RogueKiller run ?
#11
Posted 06 September 2012 - 08:03 AM
It is on the services.exe file. I have not re-booted since the RogueKiller scan.
#12
Posted 06 September 2012 - 08:15 AM
OK reboot please .. Run RogueKiller once more to ensure that the fix took
#13
Posted 06 September 2012 - 08:56 AM
Re-boot has been completed. I am not getting the Norton notification anymore.
#14
Posted 06 September 2012 - 08:57 AM
OK lets go forward with AdwCleaner then please
#15
Posted 06 September 2012 - 10:40 AM
Ok, now it is telling me that the file name or path is not specified or I don't have the proper permissions to access. I thought I disabled Norton but I guess I was unable to disable. Should I uninstall? Norton is also saying that adwcleaner is a threat.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users