Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Access Trojan Gen 2 Removal Advice [Solved]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will remove the bad bars manually to save uninstalling Norton

So could you run FSS to see what repairs are needed and a further OTL scan selecting all users
  • 0

Advertisements


#17
jmgoodwin74

jmgoodwin74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I apologize, but I am not sure what you are talking about. I am not that computer literate.
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#19
jmgoodwin74

jmgoodwin74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Listed below is the scan log from Farbar. Please let me know if you need anything else. Thanks again.

Farbar Service Scanner Version: 06-08-2012
Ran by Matt Goodwin (administrator) on 06-09-2012 at 21:15:06
Running from "C:\Users\Matt Goodwin\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the attached Zip file to your desktop
[attachment=60330:jmgoodwin74.zip]
Extract all seven reg files to the desktop
Double click each in turn and allow to merge with the registry

Reboot and run a fresh FSS scan please
Also let me know how the computer is behaving
  • 0

#21
jmgoodwin74

jmgoodwin74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I was able to run all the files except the Shared Access. I rebooted the computer as well. The computer seems to be doing better, but I can be slow and unresponsive at times. I am no longer receiving the Norton Alerts saying the Trojan virus is present. Listed below you will find the log from the most recent FSS scan.

Farbar Service Scanner Version: 06-08-2012
Ran by Matt Goodwin (administrator) on 07-09-2012 at 14:17:04
Running from "C:\Users\Matt Goodwin\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK so just windows firewall to fix now then, I will use a different tool for this. This one you may want to keep

Also could you run an OTL scan please selecting all users and I will remove the bad toolbars



Download Windows Repair (all in one) from this site

Install the programme then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished
Posted Image
  • 0

#23
jmgoodwin74

jmgoodwin74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Ok, finished with those steps. The most recent OTL log is below.

10OTL logfile created on: 9/7/2012 4:36:10 PM - Run 3
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Matt Goodwin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 57.40% Memory free
4.12 Gb Paging File | 2.32 Gb Available in Paging File | 56.23% Paging File free
Paging file location(s): c:\pagefile.sys 256 512

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.62 Gb Total Space | 3.13 Gb Free Space | 0.69% Space Free | Partition Type: NTFS

Computer Name: MATTGOODWIN-PC | User Name: Matt Goodwin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/05 15:36:06 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Matt Goodwin\Desktop\OTL.exe
PRC - [2012/08/15 09:48:42 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/05 18:50:30 | 000,295,304 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2012/07/05 18:41:08 | 007,392,136 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/06/08 11:32:44 | 000,531,928 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe
PRC - [2012/06/08 11:32:44 | 000,310,008 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe
PRC - [2012/06/08 11:32:44 | 000,211,104 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\MXTask2.exe
PRC - [2012/06/05 13:16:40 | 000,080,816 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe
PRC - [2012/05/04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/03/02 16:48:30 | 000,494,192 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2011/11/13 07:53:42 | 002,996,592 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
PRC - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
PRC - [2011/11/13 07:53:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
PRC - [2011/11/13 07:53:28 | 001,687,408 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
PRC - [2011/11/07 15:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
PRC - [2011/11/07 15:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010/11/20 08:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/03/03 10:41:40 | 000,053,248 | ---- | M] (HP) -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2009/12/02 15:51:12 | 000,136,192 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2009/09/22 14:30:42 | 000,632,096 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfPro5Hook.exe
PRC - [2009/09/10 00:53:10 | 000,027,736 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2009/09/10 00:42:44 | 000,142,424 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2009/08/11 15:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/07/29 00:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 23:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/13 19:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/08/31 09:59:28 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/02 18:08:09 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012/08/02 18:08:06 | 001,806,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
MOD - [2012/08/02 18:08:05 | 000,310,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2012/08/02 18:08:03 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/08/02 18:07:34 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/08/02 18:07:24 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/08/02 01:45:29 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/08/02 01:45:17 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/08/02 01:45:08 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/08/02 01:44:48 | 001,016,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ca1ff0fd5eade2211db56512252c0365\System.Configuration.ni.dll
MOD - [2012/08/02 01:44:45 | 005,767,680 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\6305ef37f34d6758947b5156121aa401\System.Xml.ni.dll
MOD - [2012/03/05 12:08:06 | 000,010,752 | ---- | M] () -- C:\windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll
MOD - [2010/03/03 10:41:06 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPFaxUtilities.dll
MOD - [2010/03/03 10:41:04 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\Alerts.dll
MOD - [2010/03/03 10:40:50 | 000,516,096 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPAppTools.dll
MOD - [2010/03/03 10:40:48 | 000,840,192 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\PLSDMXMLObjects.dll
MOD - [2010/03/03 10:40:46 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\AppConstants.dll
MOD - [2010/03/03 10:40:44 | 000,130,560 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\DMBaseObjects.dll
MOD - [2010/03/03 10:40:44 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPToolkit.dll
MOD - [2010/03/03 10:40:42 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTools.dll
MOD - [2009/10/15 08:25:30 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\NativeUtils.dll
MOD - [2007/08/31 09:59:28 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPUsageTracking.dll
MOD - [2007/08/31 09:59:28 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
MOD - [2007/08/31 09:59:26 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPToolkit.dll
MOD - [2007/08/31 09:59:26 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\Enumeration.dll
MOD - [2007/08/31 09:59:10 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPTools.dll
MOD - [2007/08/31 09:59:04 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPStreamsInterface.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/02 16:52:08 | 001,125,488 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe -- (wsnm_usbctrl)
SRV:64bit: - [2012/03/02 16:48:30 | 000,494,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV:64bit: - [2009/09/17 16:41:36 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/08/11 20:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/05 18:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 15:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 13:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2012/08/15 10:48:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/05 18:41:08 | 007,392,136 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/06/08 11:32:44 | 000,531,928 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe -- (Fix-It Task Manager)
SRV - [2012/06/08 11:32:44 | 000,310,008 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe -- (.AVQWindowsMonitorService)
SRV - [2012/06/05 13:16:40 | 000,080,816 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe -- (AQFileRestoreSrv)
SRV - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/11/07 15:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/11/07 15:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/02 15:51:12 | 000,136,192 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/09/10 00:42:44 | 000,142,424 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009/08/10 23:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 23:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/07/26 01:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/02 16:52:08 | 000,048,240 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmwvusb.sys -- (vmwvusb)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/21 09:16:31 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/15 21:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/01/20 15:18:26 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV:64bit: - [2009/11/10 10:27:06 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2009/10/26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/02 13:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/27 12:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/07 09:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 23:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/28 22:24:12 | 000,081,408 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/24 19:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 21:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/10 10:45:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/07/04 23:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 12:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/06/29 20:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 14:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 21:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/07/16 17:29:33 | 000,023,064 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hpfx64fax.sys -- (HPFXFAX)
DRV:64bit: - [2007/07/16 17:29:23 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPFXBULK)
DRV:64bit: - [2007/01/18 16:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120906.008\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/31 18:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120905.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/22 09:12:27 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120907.001\ex64.sys -- (NAVEX15)
DRV - [2012/08/22 09:12:27 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/22 09:12:27 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120907.001\eng64.sys -- (NAVENG)
DRV - [2012/08/09 08:54:10 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E113DADB-2393-4213-91BA-105D4072AA4E}
IE:64bit: - HKLM\..\SearchScopes\{E113DADB-2393-4213-91BA-105D4072AA4E}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{576E30E7-120E-47A7-80FD-42325F4B5513}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2260173


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\URLSearchHook: {3bbd3c14-4c16-4989-8366-95bc9179779d} - No CLSID value found
IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar....ale.underscore}
IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\SearchScopes\{29311076-292B-4DB7-B34B-C01604B408CB}: "URL" = http://search.condui...&ctid=CT3201318
IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\SearchScopes\{576E30E7-120E-47A7-80FD-42325F4B5513}: "URL" = http://www.google.co...&rlz=1I7TSNA_en
IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\SearchScopes\{7351FD46-C273-4897-B664-A661BCE51A5E}: "URL" = http://search.freeca...p={searchTerms}
IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\SearchScopes\{7545FDB5-E450-47EA-A7E0-AB1C5C1365AE}: "URL" = http://swagbucks.com...q={searchTerms}
IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\SearchScopes\{A4C9B0F2-3EF3-4F88-A97A-4121A423F183}: "URL" = http://search.yahoo....33,17118,0,18,0
IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\SearchScopes\{C570F98B-2728-4D63-A268-8C1F4E199788}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcas...q={searchTerms}
IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\SearchScopes\Comcast: "URL" = http://search.comcas...q={searchTerms}
IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Matt Goodwin\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Matt Goodwin\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 17:26:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_12_1 [2012/09/07 16:27:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Matt Goodwin\AppData\Roaming\Move Networks [2010/05/24 13:48:45 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Matt Goodwin\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Matt Goodwin\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_1\
CHR - Extension: Angry Birds = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: 3D Baseball II = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlogndjagpkddpfdjehblbmkmkbpdnhh\1.0_0\
CHR - Extension: JDoodle Jump = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegnpclfpgemhfmgfobelglidonaopc\1.4_1\
CHR - Extension: Space Invaders = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkolofikfmgppihdahfkbgpdgkocapbp\1.4_0\
CHR - Extension: Poppit = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_1\

O1 HOSTS File: ([2012/09/07 16:10:44 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\Toolbar\WebBrowser: (no name) - {3BBD3C14-4C16-4989-8366-95BC9179779D} - No CLSID value found.
O3 - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP LaserJet M1522 MFP Series Fax] C:\Program Files (x86)\HP\hp LaserJet M1522\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDFViewerPlus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" File not found
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-101742770-2194829681-279417830-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8:64bit: - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...x-w32-2.0.2.cab (AlternaTIFF ActiveX)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (Reg Error: Key error.)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse...se/ghplayer.cab (GameHouse Games Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27ACFC9C-112C-4294-9376-BAD7D87427B2}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (wsauth) - C:\windows\SysNative\wsauth.dll (VMware, Inc.)
O30 - LSA: Security Packages - (wsauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/07 15:28:02 | 000,181,064 | ---- | C] (Sysinternals) -- C:\windows\PSEXESVC.EXE
[2012/09/07 15:27:56 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe
[2012/09/07 15:25:25 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/09/07 14:45:30 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/09/07 14:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/09/07 14:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/09/07 10:32:23 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 09-07-212
[2012/09/06 21:14:36 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Matt Goodwin\Desktop\FSS.exe
[2012/09/06 10:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/06 10:54:31 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2012/09/06 10:53:59 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/06 09:41:53 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 09-06-2012
[2012/09/05 17:08:23 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Desktop\RK_Quarantine
[2012/09/05 15:35:59 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Matt Goodwin\Desktop\OTL.exe
[2012/09/05 08:58:44 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 09-05-2012
[2012/09/04 10:10:07 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 09-04-2012
[2012/09/03 16:13:33 | 000,000,000 | ---D | C] -- C:\Firefox
[2012/09/03 16:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/09/03 16:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012/09/03 16:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/08/30 21:40:46 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-31-2012
[2012/08/30 10:59:55 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-30-2012
[2012/08/29 10:42:14 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-29-2012
[2012/08/28 10:21:53 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-28-2012
[2012/08/27 10:11:48 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-27-2012
[2012/08/24 11:04:44 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-24-2012
[2012/08/23 23:11:25 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/23 22:50:48 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2012/08/23 22:45:30 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/08/23 21:35:00 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/08/23 16:51:16 | 000,048,240 | ---- | C] (VMware, Inc.) -- C:\windows\SysNative\drivers\vmwvusb.sys
[2012/08/23 16:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2012/08/23 16:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2012/08/23 16:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
[2012/08/23 16:34:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/08/23 10:52:42 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-23-2012
[2012/08/22 13:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/22 13:41:17 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Roaming\DriverCure
[2012/08/22 13:41:13 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Roaming\SpeedyPC Software
[2012/08/22 13:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/08/22 13:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/22 10:35:36 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-22-2012
[2012/08/21 10:38:09 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-21-2012
[2012/08/20 10:56:16 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-20-2012
[2012/08/16 22:51:56 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-17-2012
[2012/08/16 09:47:39 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-16-2012
[2012/08/15 10:31:21 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
[2012/08/15 09:58:03 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-15-2012
[2012/08/14 15:07:44 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Local\NPE
[2012/08/14 14:26:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/08/14 14:26:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/08/14 14:26:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/08/14 14:26:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/08/14 14:26:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/08/14 14:26:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/08/14 14:26:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/08/14 14:26:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/08/14 14:26:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/08/14 14:26:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/08/14 14:26:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/08/14 14:26:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/08/14 14:26:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/08/14 13:42:19 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2012/08/14 13:42:16 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2012/08/14 13:42:16 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2012/08/14 13:42:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe
[2012/08/14 13:42:15 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll
[2012/08/14 13:42:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll
[2012/08/14 13:42:14 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\browcli.dll
[2012/08/14 13:42:13 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2012/08/14 11:07:17 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\FixZeroAccess.sys
[2012/08/14 10:03:28 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-14-2012
[2012/08/13 09:49:55 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-13-2012
[2012/08/12 21:48:53 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Local\visi_coupon
[2012/08/12 21:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2012/08/12 21:47:28 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\AI_RecycleBin
[2012/08/12 21:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/12 21:47:17 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Roaming\DefaultTab
[2012/08/12 21:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/08/12 21:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/08/10 14:27:11 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\My Scans
[7 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/07 16:36:01 | 000,015,568 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 16:36:01 | 000,015,568 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 16:31:53 | 002,513,808 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/07 16:31:53 | 000,766,902 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/07 16:31:53 | 000,006,358 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/07 16:25:17 | 000,430,672 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/09/07 16:25:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/07 16:24:33 | 3117,404,160 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/07 16:21:21 | 000,181,064 | ---- | M] (Sysinternals) -- C:\windows\PSEXESVC.EXE
[2012/09/07 16:10:44 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/09/07 16:10:14 | 000,006,358 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/09/07 16:07:00 | 000,000,000 | ---- | M] () -- C:\Users\Matt Goodwin\Documents\Nuance Image Printer Writer Port
[2012/09/07 15:48:04 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/07 15:26:40 | 000,000,207 | ---- | M] () -- C:\windows\tweaking.com-regbackup-MATTGOODWIN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/09/07 14:45:25 | 000,002,258 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/09/07 14:45:06 | 005,313,275 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/09/07 14:41:23 | 001,095,748 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\Expense Report 09-07-2012.pdf
[2012/09/07 14:29:05 | 000,233,205 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\196405.pdf
[2012/09/07 14:04:11 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/09/07 10:54:02 | 000,362,882 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\SharedAccess.reg
[2012/09/07 10:54:02 | 000,176,940 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\BFE.reg
[2012/09/07 10:54:02 | 000,007,586 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\WinDefend.reg
[2012/09/07 10:54:02 | 000,006,396 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\MpsSvc.reg
[2012/09/07 10:54:02 | 000,006,288 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\BITS.reg
[2012/09/07 10:54:02 | 000,006,176 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\wuauserv.reg
[2012/09/07 10:54:02 | 000,005,256 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\wscsvc.reg
[2012/09/07 10:53:41 | 000,036,231 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\jmgoodwin74.zip
[2012/09/07 10:32:23 | 000,001,466 | ---- | M] () -- C:\Users\Matt Goodwin\Documents\PP11Thumbs.ptn2
[2012/09/06 21:14:39 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Matt Goodwin\Desktop\FSS.exe
[2012/09/06 17:05:57 | 000,226,358 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\137506.pdf
[2012/09/06 17:05:16 | 000,123,033 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\116032.pdf
[2012/09/06 10:53:52 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2012/09/06 10:53:52 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2012/09/06 10:53:52 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2012/09/06 10:53:52 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2012/09/06 10:53:52 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2012/09/06 10:53:52 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/06 09:41:53 | 000,000,071 | ---- | M] () -- C:\Users\Matt Goodwin\Documents\maxdesk.ini2
[2012/09/05 17:08:19 | 001,378,816 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\RogueKiller.exe
[2012/09/05 15:36:06 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Matt Goodwin\Desktop\OTL.exe
[2012/09/05 14:06:13 | 000,732,477 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\211263.pdf
[2012/09/05 13:58:39 | 000,003,192 | ---- | M] () -- C:\{B5FA2FC5-682E-49AC-A9C3-1AB704E86A75}
[2012/09/05 10:10:49 | 000,003,168 | ---- | M] () -- C:\{88DC289C-1C9D-460E-8EDF-AF8D9299EDF9}
[2012/09/05 10:08:51 | 000,003,192 | ---- | M] () -- C:\{426B2890-CEB9-4AC5-93F3-EE7A28599302}
[2012/09/04 20:22:08 | 000,003,192 | ---- | M] () -- C:\{E112FD48-CED0-4D0C-9584-FBDC49C593E2}
[2012/09/04 15:06:33 | 000,003,192 | ---- | M] () -- C:\{64F3BD50-87EC-44EB-8BEF-B97D910168B6}
[2012/09/04 13:46:19 | 000,003,192 | ---- | M] () -- C:\{388FFD71-34A4-4DB8-BCC5-75492A71FECE}
[2012/09/04 13:13:27 | 000,003,168 | ---- | M] () -- C:\{0611CB42-BF1E-4090-A2BC-C3B79E66992A}
[2012/09/04 13:07:58 | 000,003,192 | ---- | M] () -- C:\{1AEA1DB9-A387-4D2D-8FAC-A0F8B4E50159}
[2012/09/04 12:55:10 | 000,003,192 | ---- | M] () -- C:\{435B21CD-EC98-40A6-92B0-EF2C3712B64B}
[2012/09/04 11:12:43 | 000,003,168 | ---- | M] () -- C:\{D5D548BA-E666-4CA1-A0D2-52CF45651A45}
[2012/09/04 09:34:41 | 000,003,168 | ---- | M] () -- C:\{7799089E-E0B0-4429-9712-174BBCD61807}
[2012/09/03 15:51:13 | 000,003,168 | ---- | M] () -- C:\{1D2D849C-8EEB-482E-9953-F82581B13087}
[2012/08/30 15:32:01 | 000,003,168 | ---- | M] () -- C:\{93936D02-423B-4DAB-BC17-92A623552F3F}
[2012/08/30 13:17:02 | 000,003,168 | ---- | M] () -- C:\{31938262-EDFC-4ACE-AE35-6E632FB6236E}
[2012/08/30 13:07:43 | 000,003,168 | ---- | M] () -- C:\{76007194-A200-4AB9-AA21-2ECF29EEE6D4}
[2012/08/30 12:27:32 | 000,003,168 | ---- | M] () -- C:\{A5CA7C0F-9931-4115-9AEB-D88291E4125C}
[2012/08/30 10:55:19 | 000,003,168 | ---- | M] () -- C:\{345A6389-813B-4E25-A576-277D8C79AA9B}
[2012/08/30 10:53:35 | 000,003,192 | ---- | M] () -- C:\{BE03BC01-8873-41C8-900E-042464089E7F}
[2012/08/30 10:42:16 | 000,003,168 | ---- | M] () -- C:\{76B2AC76-E2A5-410A-BA81-0A11F2AE7042}
[2012/08/30 10:00:31 | 000,003,168 | ---- | M] () -- C:\{370C0DA4-BDE0-4694-BA49-3CA80E593737}
[2012/08/30 09:41:31 | 000,003,152 | ---- | M] () -- C:\{DB8E9FBC-AEA6-4143-ABED-A9E82C8275C0}
[2012/08/30 09:34:31 | 000,003,128 | ---- | M] () -- C:\{0B59A272-95DB-46F7-AF45-5DA35C51A8D4}
[2012/08/30 09:21:54 | 000,003,128 | ---- | M] () -- C:\{736B3B72-F853-4C7B-98F6-675516E28701}
[2012/08/30 08:30:25 | 000,003,128 | ---- | M] () -- C:\{02B0C4A6-F264-4142-8412-971E9285522A}
[2012/08/29 22:46:26 | 000,003,152 | ---- | M] () -- C:\{83A3C42D-5BA5-45D9-A7CF-A3BDA0062B4A}
[2012/08/29 22:32:39 | 000,003,128 | ---- | M] () -- C:\{310320F5-8E4E-4BAB-9761-AEB335A4377D}
[2012/08/29 22:17:09 | 000,003,128 | ---- | M] () -- C:\{5D9C7A1B-28CF-44EB-A362-D5689EB30C6A}
[2012/08/29 21:45:27 | 000,003,128 | ---- | M] () -- C:\{C87F3131-21BE-4CE3-993A-3215B9931ECF}
[2012/08/29 20:52:56 | 000,003,128 | ---- | M] () -- C:\{69951E90-408D-4B9C-ACA6-22D5FAE3FA3F}
[2012/08/29 18:30:22 | 000,003,128 | ---- | M] () -- C:\{F32460BE-E85B-4970-A4AC-D5EF451641A4}
[2012/08/29 18:27:07 | 000,003,128 | ---- | M] () -- C:\{89BEA620-732B-445F-8EB4-F21EE6910B96}
[2012/08/29 18:12:46 | 000,003,152 | ---- | M] () -- C:\{4F25CED8-9DB0-40A8-A1B2-395712CE4696}
[2012/08/29 17:17:57 | 000,003,152 | ---- | M] () -- C:\{1C448458-BA17-47ED-9729-2DDAA3B857F4}
[2012/08/29 17:15:11 | 000,003,128 | ---- | M] () -- C:\{38639907-009A-49AE-90A0-9D3497AC1EBA}
[2012/08/29 17:12:40 | 000,003,128 | ---- | M] () -- C:\{97A1072A-670B-4A7B-A3EF-D70320278FC9}
[2012/08/29 17:00:34 | 000,003,128 | ---- | M] () -- C:\{1CB26035-99AF-40FF-9D06-8EA2DDF2A5E8}
[2012/08/29 16:45:30 | 000,003,128 | ---- | M] () -- C:\{420C844B-F5F4-4889-83B2-46A66229C251}
[2012/08/29 14:09:26 | 000,003,128 | ---- | M] () -- C:\{C777B7B6-A64E-4B9B-9146-101458A4E4AB}
[2012/08/29 14:03:37 | 000,003,128 | ---- | M] () -- C:\{354F6235-80AD-48A7-B6D4-4C15643080C2}
[2012/08/29 13:39:47 | 000,003,128 | ---- | M] () -- C:\{5C553A34-1088-464B-8EB9-3D97A2A294E7}
[2012/08/29 13:34:34 | 000,003,128 | ---- | M] () -- C:\{57DE245F-655C-4571-95BF-2ED2761617F6}
[2012/08/29 13:19:21 | 000,002,240 | ---- | M] () -- C:\{58C725D2-43AA-49DB-8210-07FB1C940070}
[2012/08/29 13:05:55 | 000,002,240 | ---- | M] () -- C:\{B87C7F89-69F8-46E0-AAFC-1C7D80BF72A1}
[2012/08/29 12:48:55 | 000,003,128 | ---- | M] () -- C:\{B3E49D9F-C434-441C-BC3E-297085C1C81A}
[2012/08/29 08:51:41 | 000,003,128 | ---- | M] () -- C:\{854BE175-B0BA-4705-B64A-8B1F6B06A2E5}
[2012/08/29 08:49:01 | 000,003,128 | ---- | M] () -- C:\{99AFBCB0-38D5-4298-B121-91A3A338A1D4}
[2012/08/28 21:50:00 | 000,003,128 | ---- | M] () -- C:\{72DC70B9-5EF5-486B-94A7-0A2A1EF414E7}
[2012/08/28 09:36:46 | 000,154,332 | ---- | M] () -- C:\windows\hppins08.dat
[2012/08/28 09:36:43 | 000,000,733 | ---- | M] () -- C:\windows\hpbvspst.his
[2012/08/28 09:36:43 | 000,000,392 | ---- | M] () -- C:\windows\hpbvspst.ini
[2012/08/28 09:36:28 | 000,000,524 | ---- | M] () -- C:\windows\hpbvspst.hi1
[2012/08/28 09:36:28 | 000,000,316 | ---- | M] () -- C:\windows\hpbvspst.bu1
[2012/08/27 23:27:56 | 000,003,168 | ---- | M] () -- C:\{16155F60-CFE3-4366-B41F-BA3DC2D57B8B}
[2012/08/27 21:59:32 | 000,003,168 | ---- | M] () -- C:\{A4E99CD0-7A90-4480-AF40-F225BA00275E}
[2012/08/27 17:01:49 | 000,154,332 | ---- | M] () -- C:\windows\hppins08.dat.temp
[2012/08/27 17:01:46 | 000,000,733 | ---- | M] () -- C:\windows\hpbvspst.hi2
[2012/08/27 17:01:46 | 000,000,392 | ---- | M] () -- C:\windows\hpbvspst.bu2
[2012/08/27 07:34:50 | 000,003,168 | ---- | M] () -- C:\{4E10D4BD-7B04-48AC-8C14-5E6D25E2E0CC}
[2012/08/27 07:17:24 | 000,003,192 | ---- | M] () -- C:\{4CD07928-9D7F-4A93-8509-70FF9E9B5E16}
[2012/08/27 06:52:30 | 000,003,168 | ---- | M] () -- C:\{E7FD9D52-890D-4186-8F9C-1BB7B8B53815}
[2012/08/27 06:26:54 | 000,003,168 | ---- | M] () -- C:\{2ECC07C2-2376-453D-A024-3482934EEE94}
[2012/08/27 06:16:02 | 000,003,168 | ---- | M] () -- C:\{44E2112D-4926-4A22-ACC2-91F492C117C4}
[2012/08/27 06:13:14 | 000,003,192 | ---- | M] () -- C:\{552180D7-079B-470E-B925-C16E62055820}
[2012/08/27 05:58:43 | 000,003,192 | ---- | M] () -- C:\{54417B5D-1574-4975-B838-5A85BC35C44E}
[2012/08/27 05:54:55 | 000,003,168 | ---- | M] () -- C:\{59261EB2-D702-4F51-92A3-5AFCA98A6A3F}
[2012/08/27 05:31:13 | 000,003,192 | ---- | M] () -- C:\{3D46AAFC-420C-4157-941C-A9FDEC9C685E}
[2012/08/27 05:29:55 | 000,003,192 | ---- | M] () -- C:\{9FA1BCC7-7C64-4EBF-98AC-737AE7467DC9}
[2012/08/27 05:28:23 | 000,003,168 | ---- | M] () -- C:\{38EF06F8-DB97-4651-8E21-43E1368302E9}
[2012/08/27 05:20:41 | 000,003,192 | ---- | M] () -- C:\{31872568-8051-4EC4-9549-79B36D42ED72}
[2012/08/27 05:13:04 | 000,003,168 | ---- | M] () -- C:\{D264F097-922E-4D58-8A1A-E95526747BD8}
[2012/08/27 05:12:01 | 000,003,192 | ---- | M] () -- C:\{797B1DE8-5F2E-4501-9907-85C5E013420D}
[2012/08/27 05:10:58 | 000,003,168 | ---- | M] () -- C:\{790FB7C3-1CE7-42FF-AADD-63D6F6379AA6}
[2012/08/27 04:55:45 | 000,003,192 | ---- | M] () -- C:\{B9D7868D-FF08-42E6-809F-19F1E8E4A194}
[2012/08/27 04:40:44 | 000,003,168 | ---- | M] () -- C:\{3B2E1758-C42A-4DC6-A2D9-FC62CE2E1FC4}
[2012/08/27 04:27:11 | 000,003,192 | ---- | M] () -- C:\{9E016C95-8B89-4ECB-AA22-07261880BAFE}
[2012/08/27 04:11:33 | 000,003,168 | ---- | M] () -- C:\{7E5E009B-A596-45F6-91D1-C26EC30EF060}
[2012/08/27 03:58:56 | 000,003,192 | ---- | M] () -- C:\{8F9169D2-481E-4913-8E3E-117400ADF2AB}
[2012/08/27 03:43:34 | 000,003,168 | ---- | M] () -- C:\{18745425-3D5E-4CFC-A87F-72EDD710153C}
[2012/08/27 03:27:57 | 000,003,192 | ---- | M] () -- C:\{BD3D45C5-8BF7-4198-B845-A70B9CC0B163}
[2012/08/27 03:14:12 | 000,003,168 | ---- | M] () -- C:\{E4E2262B-492B-4C90-9514-EB9FF3AD4C57}
[2012/08/27 03:02:24 | 000,003,192 | ---- | M] () -- C:\{7F1DA728-5FF8-4CF0-942A-97B1AC4E8BD4}
[2012/08/27 02:54:44 | 000,003,168 | ---- | M] () -- C:\{22BF0279-E4FE-4B17-8417-D7768C8926D2}
[2012/08/27 02:42:29 | 000,002,360 | ---- | M] () -- C:\{51D68F4E-39A6-47C4-8BE4-434109A4F3F5}
[2012/08/27 02:37:59 | 000,002,256 | ---- | M] () -- C:\{85E7252F-AEE1-4889-AE03-2438BC724C94}
[2012/08/27 02:31:32 | 000,003,192 | ---- | M] () -- C:\{A1D87CF4-367A-4168-9389-F4AE1F663DD8}
[2012/08/27 02:25:08 | 000,003,168 | ---- | M] () -- C:\{007F42BC-BDD9-4CD0-8DA8-25732A07FFE3}
[2012/08/27 02:18:37 | 000,003,192 | ---- | M] () -- C:\{35D4D92D-61FC-4DE8-A2E9-6FB58000A91E}
[2012/08/27 02:11:55 | 000,003,168 | ---- | M] () -- C:\{09C6F392-9DFB-41F9-A7C2-A6E3614342AF}
[2012/08/27 02:04:09 | 000,003,192 | ---- | M] () -- C:\{E939DFD1-04B7-44EA-921A-F8634EA93F12}
[2012/08/27 02:00:27 | 000,003,168 | ---- | M] () -- C:\{AA7CE832-1273-488E-8704-0A10270793A6}
[2012/08/27 01:56:39 | 000,003,192 | ---- | M] () -- C:\{D7F31B1C-AE9F-4BBA-9F99-4DD2CEC30F55}
[2012/08/27 01:51:44 | 000,003,168 | ---- | M] () -- C:\{1B9FFD69-3BDC-4AAB-922F-9F190C0D0819}
[2012/08/27 01:43:28 | 000,002,424 | ---- | M] () -- C:\{06E94532-6D8D-4F1F-A834-94FEA44CFF4A}
[2012/08/27 01:38:23 | 000,002,856 | ---- | M] () -- C:\{0BE7830D-7895-4F8E-9013-6DCEBEBC7FB6}
[2012/08/27 01:29:32 | 000,003,192 | ---- | M] () -- C:\{61FB13D2-7940-4EF6-81ED-3391BC7BDDB8}
[2012/08/27 01:23:13 | 000,003,168 | ---- | M] () -- C:\{02A88FF2-2827-476D-A88E-474ACA1FC57F}
[2012/08/27 01:16:30 | 000,003,192 | ---- | M] () -- C:\{DAE744A3-3450-434C-BF1F-BBB1E75AEB97}
[2012/08/27 01:09:58 | 000,003,168 | ---- | M] () -- C:\{B2424844-1023-40A3-A610-1B20E331C877}
[2012/08/27 01:03:18 | 000,003,192 | ---- | M] () -- C:\{2D38A9B7-4C7A-4C7B-A97C-9F1A9D9CC54F}
[2012/08/27 00:56:11 | 000,003,168 | ---- | M] () -- C:\{32A37D5E-7E65-42DF-9787-CEA4154BFDBF}
[2012/08/27 00:49:40 | 000,003,192 | ---- | M] () -- C:\{3EBC872C-E6F7-4DE5-86DB-F9603E80443E}
[2012/08/27 00:43:02 | 000,003,168 | ---- | M] () -- C:\{663525C9-77A0-4FC2-BB3D-8C1FA26FDFD7}
[2012/08/27 00:36:11 | 000,003,192 | ---- | M] () -- C:\{7203AB3B-22C2-4535-96B1-6A0B7EA95F21}
[2012/08/27 00:29:26 | 000,003,168 | ---- | M] () -- C:\{0F348110-A2AA-4751-B4FC-4ED368625A8D}
[2012/08/27 00:22:44 | 000,003,192 | ---- | M] () -- C:\{E8FE0B1A-5490-4A9B-A993-180DBB473604}
[2012/08/27 00:16:08 | 000,003,168 | ---- | M] () -- C:\{4871B192-0475-4C77-A79B-B369005BCDE2}
[2012/08/27 00:09:22 | 000,003,192 | ---- | M] () -- C:\{44F642B2-A475-411F-92B8-7BAA68868F29}
[2012/08/27 00:02:53 | 000,003,168 | ---- | M] () -- C:\{E5EBBBA1-3C9A-4026-B072-AC8BCE3B515A}
[2012/08/26 23:56:37 | 000,003,168 | ---- | M] () -- C:\{A6BF8615-A99D-4ABF-AFA0-5F2ED58FDFD1}
[2012/08/26 23:49:49 | 000,003,192 | ---- | M] () -- C:\{13897D9B-8BF9-4C63-A49B-FA2507254154}
[2012/08/26 23:42:49 | 000,003,192 | ---- | M] () -- C:\{54C3433A-6975-49A7-B15D-4656AEC94308}
[2012/08/26 23:35:48 | 000,003,168 | ---- | M] () -- C:\{772B44D7-714D-4FD7-AE86-495986A00A2D}
[2012/08/26 23:27:41 | 000,003,192 | ---- | M] () -- C:\{4ED516C9-0012-44CB-B436-AC888FC23194}
[2012/08/26 23:21:07 | 000,003,168 | ---- | M] () -- C:\{59261146-4BF1-495C-A5EE-9A120693FD57}
[2012/08/26 23:14:29 | 000,003,168 | ---- | M] () -- C:\{3786DFB1-7BD6-4C45-88A1-9774B8F7819E}
[2012/08/26 23:08:01 | 000,003,192 | ---- | M] () -- C:\{16B81A89-5599-43B9-8E86-BCA917514A8E}
[2012/08/26 23:01:04 | 000,003,192 | ---- | M] () -- C:\{CAD94E47-E3B5-4B3E-95C3-19AF5A8CFA15}
[2012/08/26 22:54:37 | 000,003,168 | ---- | M] () -- C:\{8C26E315-CC85-457F-8335-D00D2DCFC42A}
[2012/08/26 22:47:54 | 000,003,192 | ---- | M] () -- C:\{ACDE1898-21CF-4981-90DB-07ECEA89624B}
[2012/08/26 22:41:20 | 000,003,168 | ---- | M] () -- C:\{94D683BB-5C78-42A1-A5FF-8D0EB6C9446F}
[2012/08/26 22:34:37 | 000,003,168 | ---- | M] () -- C:\{D532E393-D7FE-417D-9823-900DD64E70AA}
[2012/08/26 22:28:08 | 000,003,192 | ---- | M] () -- C:\{4E12E152-6A0D-4DBE-858A-439FDF1F04B0}
[2012/08/26 22:21:30 | 000,003,192 | ---- | M] () -- C:\{0672694C-2E3B-48CD-8E7C-8AA6D89098D7}
[2012/08/26 22:14:29 | 000,003,168 | ---- | M] () -- C:\{86FEF14E-9BB7-41AA-BAFD-7C27FD1CAAFB}
[2012/08/26 22:07:41 | 000,003,192 | ---- | M] () -- C:\{261CE2A9-3778-48EB-AC6B-40C46C91BAE0}
[2012/08/26 22:00:22 | 000,003,168 | ---- | M] () -- C:\{472BCEE4-02FA-4112-9CDA-FE41DDA63D41}
[2012/08/26 21:53:22 | 000,003,192 | ---- | M] () -- C:\{EC573A94-76B7-4370-810B-9184F395B960}
[2012/08/26 21:47:58 | 000,003,168 | ---- | M] () -- C:\{8AF87C00-6DB3-4ADE-8223-7C807D8235F0}
[2012/08/26 21:42:34 | 000,003,192 | ---- | M] () -- C:\{9B8D3CF4-96B2-42A1-BA9E-723F5AB1F36A}
[2012/08/26 21:36:19 | 000,003,168 | ---- | M] () -- C:\{937343FE-BDBE-4861-AF0D-4961C520FFDE}
[2012/08/26 21:30:22 | 000,003,192 | ---- | M] () -- C:\{988B1A48-675B-4892-B886-BF6DA6AFED62}
[2012/08/26 21:23:35 | 000,003,168 | ---- | M] () -- C:\{6DE38B91-9503-45CE-A11A-A6DF08836D0D}
[2012/08/26 21:19:22 | 000,003,168 | ---- | M] () -- C:\{F67C339E-9310-4845-A607-E4B4A3ECA116}
[2012/08/26 21:11:27 | 000,003,192 | ---- | M] () -- C:\{FB0C94E5-21F0-408B-98A1-A429A1504334}
[2012/08/26 21:05:10 | 000,003,192 | ---- | M] () -- C:\{93289DDB-CD97-419F-904B-3E8A88E2FBF7}
[2012/08/26 21:00:23 | 000,003,168 | ---- | M] () -- C:\{1A975C1E-0987-4E70-ACE9-BE0AEC32124D}
[2012/08/26 20:56:55 | 000,003,192 | ---- | M] () -- C:\{79390CA4-2F04-4D2D-95E3-5281B3D6BE5D}
[2012/08/26 20:50:33 | 000,003,168 | ---- | M] () -- C:\{79068B1D-655E-46A6-942C-067D2A9E3DFF}
[2012/08/26 20:44:22 | 000,003,192 | ---- | M] () -- C:\{B35FA9B7-A64B-4221-8799-69250DA69FD7}
[2012/08/26 20:38:05 | 000,003,168 | ---- | M] () -- C:\{BCC40A1C-50B4-4C43-AAEB-5EB1111D8270}
[2012/08/26 20:32:33 | 000,003,192 | ---- | M] () -- C:\{26634504-1B0C-4C4E-A57E-822AEA6A5733}
[2012/08/26 20:26:09 | 000,003,168 | ---- | M] () -- C:\{29A3860B-6290-46FA-A32C-D9D1CA659550}
[2012/08/24 16:15:49 | 000,003,168 | ---- | M] () -- C:\{B0FEF934-D317-4415-A26E-8B50E1706084}
[2012/08/23 23:00:11 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\FixZeroAccess.sys
[2012/08/23 16:51:01 | 000,001,325 | ---- | M] () -- C:\Users\Public\Desktop\VMware View Client.lnk
[2012/08/22 20:49:57 | 000,003,192 | ---- | M] () -- C:\{1C69F3EB-5739-4094-B10B-DBD8C5F5FF04}
[2012/08/22 20:45:39 | 000,003,168 | ---- | M] () -- C:\{A8491215-D97C-4039-88F3-27BCE0FCFABA}
[2012/08/22 20:31:29 | 000,003,168 | ---- | M] () -- C:\{A00FDA31-71E0-4CA7-94C0-B44A093559B8}
[2012/08/22 20:03:45 | 000,003,168 | ---- | M] () -- C:\{1393051B-A571-4241-AC4E-9128FA954CB7}
[2012/08/22 20:02:19 | 000,003,168 | ---- | M] () -- C:\{A17B9DAE-9BB3-469E-A6F7-C8E7D1FB269D}
[2012/08/22 19:35:55 | 000,003,160 | ---- | M] () -- C:\{B5383519-1BC3-4B65-9129-835E8F855564}
[2012/08/22 19:04:27 | 000,003,128 | ---- | M] () -- C:\{9B485D98-9770-43AD-89CE-B90FA125A568}
[2012/08/22 18:25:37 | 000,003,168 | ---- | M] () -- C:\{7C86F62B-7B97-45B0-96DA-13EA5C99F24D}
[2012/08/22 18:17:46 | 000,003,168 | ---- | M] () -- C:\{827AB113-E3E9-48D9-B368-4341AABC51BE}
[2012/08/22 17:30:01 | 000,003,160 | ---- | M] () -- C:\{7E52FE86-80AF-4BC3-B63F-451B032040A9}
[2012/08/22 17:23:33 | 000,003,192 | ---- | M] () -- C:\{AD91554F-2373-4F27-A7A6-CF68D994FA96}
[2012/08/22 17:17:28 | 000,003,168 | ---- | M] () -- C:\{882DFF59-1A98-475C-BC36-6DE64BB86B10}
[2012/08/22 17:10:59 | 000,003,472 | ---- | M] () -- C:\{8F1EA7DB-17C2-4A57-A9B6-19935AFF95BA}
[2012/08/22 17:04:15 | 000,003,320 | ---- | M] () -- C:\{3F22011B-48B3-4970-A2F9-1C4A3D0FF3E0}
[2012/08/22 16:57:28 | 000,003,160 | ---- | M] () -- C:\{06602612-1253-413A-B68C-FA3DEA19FA71}
[2012/08/22 16:49:49 | 000,003,192 | ---- | M] () -- C:\{E4ADB819-5699-49FC-AE8D-8283DBE20EF1}
[2012/08/22 16:42:59 | 000,003,168 | ---- | M] () -- C:\{0B8DA6EC-CEA7-4488-8E4F-6378B173EF1A}
[2012/08/22 16:36:10 | 000,003,168 | ---- | M] () -- C:\{CEC5649A-E6BD-4030-8E41-CFD839F28B6E}
[2012/08/22 16:29:30 | 000,003,160 | ---- | M] () -- C:\{6DFAB4FC-63DA-484F-A62D-9DA1E0966AEC}
[2012/08/22 16:20:15 | 000,003,192 | ---- | M] () -- C:\{2706DD1E-7A0D-42F9-9ECF-1BD7D17B39D7}
[2012/08/22 16:08:36 | 000,003,168 | ---- | M] () -- C:\{B9B01496-A7BF-40DC-9357-181921400CD3}
[2012/08/22 15:57:47 | 000,003,168 | ---- | M] () -- C:\{A8B8C87A-A5AD-4495-8C98-39959EE60FCF}
[2012/08/22 15:51:15 | 000,003,160 | ---- | M] () -- C:\{3B89C180-07E4-4582-A151-17FE5048CC72}
[2012/08/22 15:44:56 | 000,003,192 | ---- | M] () -- C:\{9AFD7FF8-536D-4DCE-9604-1FC1DE758EFA}
[2012/08/22 15:38:13 | 000,003,168 | ---- | M] () -- C:\{E545CE53-6B5B-49F5-89C0-96CE54C05B02}
[2012/08/22 15:30:39 | 000,003,168 | ---- | M] () -- C:\{FDAECA24-A9B5-490A-8199-FBEBA537F95E}
[2012/08/22 15:23:46 | 000,003,160 | ---- | M] () -- C:\{413E0413-521D-4349-A0E2-AEAC2A57CAE4}
[2012/08/22 15:16:47 | 000,003,168 | ---- | M] () -- C:\{3F6C5E6C-3D55-451C-A62E-C6B22EA71ED8}
[2012/08/22 15:09:36 | 000,003,192 | ---- | M] () -- C:\{95A17765-B72D-44DA-9322-F050020641D7}
[2012/08/22 15:03:01 | 000,003,160 | ---- | M] () -- C:\{E28A78EE-B56C-48C6-8D8D-19E7A5A894F8}
[2012/08/22 14:55:16 | 000,003,168 | ---- | M] () -- C:\{1CBC0AA7-79AB-440C-A01E-06D794D01E7D}
[2012/08/22 14:48:13 | 000,003,192 | ---- | M] () -- C:\{C6CC8BA4-2F12-460D-AE1A-D14C32EB34A9}
[2012/08/22 14:41:51 | 000,003,168 | ---- | M] () -- C:\{0D27268C-EB15-4FA6-8042-FB437A459BF5}
[2012/08/22 14:33:51 | 000,003,168 | ---- | M] () -- C:\{BCCDAAEF-F439-4207-975E-EB7D3227DD0F}
[2012/08/22 14:26:31 | 000,003,160 | ---- | M] () -- C:\{27A34C47-4460-4763-962D-8AF2DCAC036B}
[2012/08/22 14:16:08 | 000,003,192 | ---- | M] () -- C:\{DDF000FE-6102-433D-A4BF-3050172F3254}
[2012/08/22 14:06:41 | 000,003,168 | ---- | M] () -- C:\{CC23A4FB-F944-4415-B878-E9EC79720501}
[2012/08/22 13:55:12 | 000,002,360 | ---- | M] () -- C:\{3B8F8721-CC1B-4151-88E2-667BD7B81F92}
[2012/08/22 13:38:48 | 000,002,256 | ---- | M] () -- C:\{46271224-84D4-4DFF-B784-9A33AB3E8CD7}
[2012/08/22 13:28:48 | 000,003,168 | ---- | M] () -- C:\{55F02BA1-06A7-4B0E-9963-797109B6558E}
[2012/08/22 13:18:47 | 000,003,160 | ---- | M] () -- C:\{ECABE8D8-A484-4A25-943E-6D02EEE3A1A4}
[2012/08/22 13:09:04 | 000,003,192 | ---- | M] () -- C:\{34D6C40C-B3C8-469A-9E8E-CA46609EF1E8}
[2012/08/22 13:00:16 | 000,003,168 | ---- | M] () -- C:\{404C2799-5F6F-4D9C-8654-08574844585A}
[2012/08/22 12:50:28 | 000,003,168 | ---- | M] () -- C:\{B1D7B7CD-6B6A-4F53-BFE1-558339111CE2}
[2012/08/22 12:39:37 | 000,003,160 | ---- | M] () -- C:\{173D4F36-8402-448D-B712-FBA87FEE2C01}
[2012/08/22 12:30:34 | 000,003,192 | ---- | M] () -- C:\{0560BFBA-178E-4B01-AB78-41A31B0C331B}
[2012/08/22 12:21:18 | 000,003,168 | ---- | M] () -- C:\{EE7885EB-B2E8-49FD-9243-BC1E91D0790C}
[2012/08/22 11:57:39 | 000,003,168 | ---- | M] () -- C:\{E1C5E2EF-3F31-4A00-ADA0-6E4FDB6CF74E}
[2012/08/22 11:16:31 | 000,003,192 | ---- | M] () -- C:\{93A4726C-B5CB-4E46-94EC-A58FA89157F4}
[2012/08/22 11:14:59 | 000,003,168 | ---- | M] () -- C:\{DA801D02-C985-49F3-874E-617038975132}
[2012/08/22 11:03:54 | 000,003,192 | ---- | M] () -- C:\{683545E1-C95F-4F1A-BE62-4AC57BE7BB07}
[2012/08/22 10:58:09 | 000,003,168 | ---- | M] () -- C:\{85F3975B-3814-40DF-84D2-D6D9117803E1}
[2012/08/20 22:08:41 | 000,003,160 | ---- | M] () -- C:\{92D61E61-717D-4330-AA8D-C196C999CAC8}
[2012/08/20 22:05:18 | 000,003,168 | ---- | M] () -- C:\{D4CAAB1C-6BEC-4789-8448-6381A0CE9F0F}
[2012/08/20 21:57:00 | 000,003,192 | ---- | M] () -- C:\{C5A9D8DE-AEA0-47CC-8224-B359C6D64BB3}
[2012/08/20 21:47:42 | 000,003,168 | ---- | M] () -- C:\{81BB429E-31E4-4A02-8F6F-EB1566E8A237}
[2012/08/20 21:15:52 | 000,003,168 | ---- | M] () -- C:\{B3FE7E9C-5EAE-4CC3-98EA-43B23AA64D8A}
[2012/08/19 12:58:08 | 000,003,192 | ---- | M] () -- C:\{9334061B-8657-4959-9CA5-6B4AFDD6B6DB}
[2012/08/19 12:43:29 | 000,003,168 | ---- | M] () -- C:\{4B6A520C-53D3-4D1E-A555-1F13FFEE3249}
[2012/08/19 12:40:01 | 000,003,168 | ---- | M] () -- C:\{37750AEC-AA8B-4E99-85AF-18EF33B6793E}
[2012/08/19 12:14:25 | 000,003,168 | ---- | M] () -- C:\{ED1BCF3C-12BC-40B1-87A6-7B6226D930E8}
[2012/08/19 12:05:30 | 000,003,168 | ---- | M] () -- C:\{74F6E4F8-3357-4F52-BE21-C1B6585A8993}
[2012/08/19 11:25:11 | 000,003,192 | ---- | M] () -- C:\{8331D4A7-FA9A-449A-993B-8A54174B53B2}
[2012/08/18 20:28:55 | 000,003,192 | ---- | M] () -- C:\{B41BCE8B-8327-4027-9D00-19FE4A000E0D}
[2012/08/18 20:25:23 | 000,003,168 | ---- | M] () -- C:\{6A48205F-D6FA-4B2F-85A7-3A1E4F49AD87}
[2012/08/18 20:15:41 | 000,003,168 | ---- | M] () -- C:\{870E820D-4737-485E-8C20-3363AA2968CB}
[2012/08/15 10:48:14 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 10:48:14 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/14 14:39:00 | 000,003,168 | ---- | M] () -- C:\{5F43D11C-968B-4FC2-8033-853DDA105279}
[2012/08/14 14:28:30 | 000,003,168 | ---- | M] () -- C:\{7EAA41B2-BAFC-48FF-9DD1-835736ACB458}
[2012/08/14 14:25:45 | 000,003,168 | ---- | M] () -- C:\{3BBB27CF-EF53-4C93-A8B0-4DA74AB93423}
[2012/08/14 13:03:10 | 000,003,168 | ---- | M] () -- C:\{97476F37-2466-4CA9-8208-C1E1C41AF0EF}
[2012/08/14 12:58:10 | 000,003,192 | ---- | M] () -- C:\{94C3A42A-1F86-418B-AD0A-007DCBBA01C6}
[2012/08/14 12:57:01 | 000,003,168 | ---- | M] () -- C:\{914EB9D7-E303-4BAF-8A78-4B7F10F20CEE}
[2012/08/14 12:55:32 | 000,003,168 | ---- | M] () -- C:\{1E12AFF7-C1B1-48DB-A7F9-8AF399D10CEE}
[2012/08/14 11:57:06 | 000,003,168 | ---- | M] () -- C:\{6683579B-4F07-4D42-8E1F-F2434F58F006}
[2012/08/14 11:55:39 | 000,003,168 | ---- | M] () -- C:\{0284EB07-E85C-426F-849B-2440CFF00573}
[7 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/07 16:08:19 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/09/07 15:26:40 | 000,000,207 | ---- | C] () -- C:\windows\tweaking.com-regbackup-MATTGOODWIN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/09/07 14:45:25 | 000,002,258 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/09/07 14:45:04 | 005,313,275 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/09/07 14:41:34 | 001,095,748 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\Expense Report 09-07-2012.pdf
[2012/09/07 14:29:15 | 000,233,205 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\196405.pdf
[2012/09/07 13:34:30 | 000,362,882 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\SharedAccess.reg
[2012/09/07 13:34:10 | 000,007,586 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\WinDefend.reg
[2012/09/07 13:33:50 | 000,006,288 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\BITS.reg
[2012/09/07 13:33:32 | 000,006,176 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\wuauserv.reg
[2012/09/07 13:33:12 | 000,005,256 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\wscsvc.reg
[2012/09/07 13:32:50 | 000,176,940 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\BFE.reg
[2012/09/07 13:32:32 | 000,006,396 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\MpsSvc.reg
[2012/09/07 10:53:41 | 000,036,231 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\jmgoodwin74.zip
[2012/09/06 17:06:25 | 000,226,358 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\137506.pdf
[2012/09/06 17:05:25 | 000,123,033 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\116032.pdf
[2012/09/05 17:08:13 | 001,378,816 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\RogueKiller.exe
[2012/09/05 14:06:22 | 000,732,477 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\211263.pdf
[2012/09/05 13:58:38 | 000,003,192 | ---- | C] () -- C:\{B5FA2FC5-682E-49AC-A9C3-1AB704E86A75}
[2012/09/05 10:10:38 | 000,003,168 | ---- | C] () -- C:\{88DC289C-1C9D-460E-8EDF-AF8D9299EDF9}
[2012/09/05 10:08:46 | 000,003,192 | ---- | C] () -- C:\{426B2890-CEB9-4AC5-93F3-EE7A28599302}
[2012/09/04 20:21:55 | 000,003,192 | ---- | C] () -- C:\{E112FD48-CED0-4D0C-9584-FBDC49C593E2}
[2012/09/04 15:06:33 | 000,003,192 | ---- | C] () -- C:\{64F3BD50-87EC-44EB-8BEF-B97D910168B6}
[2012/09/04 13:46:19 | 000,003,192 | ---- | C] () -- C:\{388FFD71-34A4-4DB8-BCC5-75492A71FECE}
[2012/09/04 13:13:25 | 000,003,168 | ---- | C] () -- C:\{0611CB42-BF1E-4090-A2BC-C3B79E66992A}
[2012/09/04 13:07:56 | 000,003,192 | ---- | C] () -- C:\{1AEA1DB9-A387-4D2D-8FAC-A0F8B4E50159}
[2012/09/04 12:55:10 | 000,003,192 | ---- | C] () -- C:\{435B21CD-EC98-40A6-92B0-EF2C3712B64B}
[2012/09/04 11:12:42 | 000,003,168 | ---- | C] () -- C:\{D5D548BA-E666-4CA1-A0D2-52CF45651A45}
[2012/09/04 09:34:41 | 000,003,168 | ---- | C] () -- C:\{7799089E-E0B0-4429-9712-174BBCD61807}
[2012/09/03 15:51:13 | 000,003,168 | ---- | C] () -- C:\{1D2D849C-8EEB-482E-9953-F82581B13087}
[2012/08/30 15:32:01 | 000,003,168 | ---- | C] () -- C:\{93936D02-423B-4DAB-BC17-92A623552F3F}
[2012/08/30 13:17:02 | 000,003,168 | ---- | C] () -- C:\{31938262-EDFC-4ACE-AE35-6E632FB6236E}
[2012/08/30 13:07:42 | 000,003,168 | ---- | C] () -- C:\{76007194-A200-4AB9-AA21-2ECF29EEE6D4}
[2012/08/30 12:27:30 | 000,003,168 | ---- | C] () -- C:\{A5CA7C0F-9931-4115-9AEB-D88291E4125C}
[2012/08/30 10:55:19 | 000,003,168 | ---- | C] () -- C:\{345A6389-813B-4E25-A576-277D8C79AA9B}
[2012/08/30 10:53:34 | 000,003,192 | ---- | C] () -- C:\{BE03BC01-8873-41C8-900E-042464089E7F}
[2012/08/30 10:42:15 | 000,003,168 | ---- | C] () -- C:\{76B2AC76-E2A5-410A-BA81-0A11F2AE7042}
[2012/08/30 10:00:31 | 000,003,168 | ---- | C] () -- C:\{370C0DA4-BDE0-4694-BA49-3CA80E593737}
[2012/08/30 09:41:30 | 000,003,152 | ---- | C] () -- C:\{DB8E9FBC-AEA6-4143-ABED-A9E82C8275C0}
[2012/08/30 09:34:30 | 000,003,128 | ---- | C] () -- C:\{0B59A272-95DB-46F7-AF45-5DA35C51A8D4}
[2012/08/30 09:21:52 | 000,003,128 | ---- | C] () -- C:\{736B3B72-F853-4C7B-98F6-675516E28701}
[2012/08/30 08:30:25 | 000,003,128 | ---- | C] () -- C:\{02B0C4A6-F264-4142-8412-971E9285522A}
[2012/08/29 22:46:25 | 000,003,152 | ---- | C] () -- C:\{83A3C42D-5BA5-45D9-A7CF-A3BDA0062B4A}
[2012/08/29 22:32:37 | 000,003,128 | ---- | C] () -- C:\{310320F5-8E4E-4BAB-9761-AEB335A4377D}
[2012/08/29 22:17:08 | 000,003,128 | ---- | C] () -- C:\{5D9C7A1B-28CF-44EB-A362-D5689EB30C6A}
[2012/08/29 21:45:25 | 000,003,128 | ---- | C] () -- C:\{C87F3131-21BE-4CE3-993A-3215B9931ECF}
[2012/08/29 20:52:56 | 000,003,128 | ---- | C] () -- C:\{69951E90-408D-4B9C-ACA6-22D5FAE3FA3F}
[2012/08/29 18:30:22 | 000,003,128 | ---- | C] () -- C:\{F32460BE-E85B-4970-A4AC-D5EF451641A4}
[2012/08/29 18:27:06 | 000,003,128 | ---- | C] () -- C:\{89BEA620-732B-445F-8EB4-F21EE6910B96}
[2012/08/29 18:12:44 | 000,003,152 | ---- | C] () -- C:\{4F25CED8-9DB0-40A8-A1B2-395712CE4696}
[2012/08/29 17:17:57 | 000,003,152 | ---- | C] () -- C:\{1C448458-BA17-47ED-9729-2DDAA3B857F4}
[2012/08/29 17:15:09 | 000,003,128 | ---- | C] () -- C:\{38639907-009A-49AE-90A0-9D3497AC1EBA}
[2012/08/29 17:12:39 | 000,003,128 | ---- | C] () -- C:\{97A1072A-670B-4A7B-A3EF-D70320278FC9}
[2012/08/29 17:00:33 | 000,003,128 | ---- | C] () -- C:\{1CB26035-99AF-40FF-9D06-8EA2DDF2A5E8}
[2012/08/29 16:45:30 | 000,003,128 | ---- | C] () -- C:\{420C844B-F5F4-4889-83B2-46A66229C251}
[2012/08/29 14:09:26 | 000,003,128 | ---- | C] () -- C:\{C777B7B6-A64E-4B9B-9146-101458A4E4AB}
[2012/08/29 14:03:36 | 000,003,128 | ---- | C] () -- C:\{354F6235-80AD-48A7-B6D4-4C15643080C2}
[2012/08/29 13:39:45 | 000,003,128 | ---- | C] () -- C:\{5C553A34-1088-464B-8EB9-3D97A2A294E7}
[2012/08/29 13:34:33 | 000,003,128 | ---- | C] () -- C:\{57DE245F-655C-4571-95BF-2ED2761617F6}
[2012/08/29 13:19:19 | 000,002,240 | ---- | C] () -- C:\{58C725D2-43AA-49DB-8210-07FB1C940070}
[2012/08/29 13:05:52 | 000,002,240 | ---- | C] () -- C:\{B87C7F89-69F8-46E0-AAFC-1C7D80BF72A1}
[2012/08/29 12:48:55 | 000,003,128 | ---- | C] () -- C:\{B3E49D9F-C434-441C-BC3E-297085C1C81A}
[2012/08/29 08:51:40 | 000,003,128 | ---- | C] () -- C:\{854BE175-B0BA-4705-B64A-8B1F6B06A2E5}
[2012/08/29 08:49:00 | 000,003,128 | ---- | C] () -- C:\{99AFBCB0-38D5-4298-B121-91A3A338A1D4}
[2012/08/28 21:49:59 | 000,003,128 | ---- | C] () -- C:\{72DC70B9-5EF5-486B-94A7-0A2A1EF414E7}
[2012/08/27 23:27:56 | 000,003,168 | ---- | C] () -- C:\{16155F60-CFE3-4366-B41F-BA3DC2D57B8B}
[2012/08/27 21:59:32 | 000,003,168 | ---- | C] () -- C:\{A4E99CD0-7A90-4480-AF40-F225BA00275E}
[2012/08/27 07:34:50 | 000,003,168 | ---- | C] () -- C:\{4E10D4BD-7B04-48AC-8C14-5E6D25E2E0CC}
[2012/08/27 07:17:24 | 000,003,192 | ---- | C] () -- C:\{4CD07928-9D7F-4A93-8509-70FF9E9B5E16}
[2012/08/27 06:52:29 | 000,003,168 | ---- | C] () -- C:\{E7FD9D52-890D-4186-8F9C-1BB7B8B53815}
[2012/08/27 06:26:53 | 000,003,168 | ---- | C] () -- C:\{2ECC07C2-2376-453D-A024-3482934EEE94}
[2012/08/27 06:16:00 | 000,003,168 | ---- | C] () -- C:\{44E2112D-4926-4A22-ACC2-91F492C117C4}
[2012/08/27 06:13:12 | 000,003,192 | ---- | C] () -- C:\{552180D7-079B-470E-B925-C16E62055820}
[2012/08/27 05:58:42 | 000,003,192 | ---- | C] () -- C:\{54417B5D-1574-4975-B838-5A85BC35C44E}
[2012/08/27 05:54:54 | 000,003,168 | ---- | C] () -- C:\{59261EB2-D702-4F51-92A3-5AFCA98A6A3F}
[2012/08/27 05:31:03 | 000,003,192 | ---- | C] () -- C:\{3D46AAFC-420C-4157-941C-A9FDEC9C685E}
[2012/08/27 05:29:39 | 000,003,192 | ---- | C] () -- C:\{9FA1BCC7-7C64-4EBF-98AC-737AE7467DC9}
[2012/08/27 05:28:20 | 000,003,168 | ---- | C] () -- C:\{38EF06F8-DB97-4651-8E21-43E1368302E9}
[2012/08/27 05:20:33 | 000,003,192 | ---- | C] () -- C:\{31872568-8051-4EC4-9549-79B36D42ED72}
[2012/08/27 05:13:02 | 000,003,168 | ---- | C] () -- C:\{D264F097-922E-4D58-8A1A-E95526747BD8}
[2012/08/27 05:11:58 | 000,003,192 | ---- | C] () -- C:\{797B1DE8-5F2E-4501-9907-85C5E013420D}
[2012/08/27 05:10:55 | 000,003,168 | ---- | C] () -- C:\{790FB7C3-1CE7-42FF-AADD-63D6F6379AA6}
[2012/08/27 04:55:41 | 000,003,192 | ---- | C] () -- C:\{B9D7868D-FF08-42E6-809F-19F1E8E4A194}
[2012/08/27 04:40:43 | 000,003,168 | ---- | C] () -- C:\{3B2E1758-C42A-4DC6-A2D9-FC62CE2E1FC4}
[2012/08/27 04:27:10 | 000,003,192 | ---- | C] () -- C:\{9E016C95-8B89-4ECB-AA22-07261880BAFE}
[2012/08/27 04:11:31 | 000,003,168 | ---- | C] () -- C:\{7E5E009B-A596-45F6-91D1-C26EC30EF060}
[2012/08/27 03:58:54 | 000,003,192 | ---- | C] () -- C:\{8F9169D2-481E-4913-8E3E-117400ADF2AB}
[2012/08/27 03:43:30 | 000,003,168 | ---- | C] () -- C:\{18745425-3D5E-4CFC-A87F-72EDD710153C}
[2012/08/27 03:27:56 | 000,003,192 | ---- | C] () -- C:\{BD3D45C5-8BF7-4198-B845-A70B9CC0B163}
[2012/08/27 03:14:10 | 000,003,168 | ---- | C] () -- C:\{E4E2262B-492B-4C90-9514-EB9FF3AD4C57}
[2012/08/27 03:02:23 | 000,003,192 | ---- | C] () -- C:\{7F1DA728-5FF8-4CF0-942A-97B1AC4E8BD4}
[2012/08/27 02:54:42 | 000,003,168 | ---- | C] () -- C:\{22BF0279-E4FE-4B17-8417-D7768C8926D2}
[2012/08/27 02:42:28 | 000,002,360 | ---- | C] () -- C:\{51D68F4E-39A6-47C4-8BE4-434109A4F3F5}
[2012/08/27 02:37:58 | 000,002,256 | ---- | C] () -- C:\{85E7252F-AEE1-4889-AE03-2438BC724C94}
[2012/08/27 02:31:31 | 000,003,192 | ---- | C] () -- C:\{A1D87CF4-367A-4168-9389-F4AE1F663DD8}
[2012/08/27 02:25:07 | 000,003,168 | ---- | C] () -- C:\{007F42BC-BDD9-4CD0-8DA8-25732A07FFE3}
[2012/08/27 02:18:36 | 000,003,192 | ---- | C] () -- C:\{35D4D92D-61FC-4DE8-A2E9-6FB58000A91E}
[2012/08/27 02:11:53 | 000,003,168 | ---- | C] () -- C:\{09C6F392-9DFB-41F9-A7C2-A6E3614342AF}
[2012/08/27 02:04:08 | 000,003,192 | ---- | C] () -- C:\{E939DFD1-04B7-44EA-921A-F8634EA93F12}
[2012/08/27 02:00:26 | 000,003,168 | ---- | C] () -- C:\{AA7CE832-1273-488E-8704-0A10270793A6}
[2012/08/27 01:56:38 | 000,003,192 | ---- | C] () -- C:\{D7F31B1C-AE9F-4BBA-9F99-4DD2CEC30F55}
[2012/08/27 01:51:43 | 000,003,168 | ---- | C] () -- C:\{1B9FFD69-3BDC-4AAB-922F-9F190C0D0819}
[2012/08/27 01:43:27 | 000,002,424 | ---- | C] () -- C:\{06E94532-6D8D-4F1F-A834-94FEA44CFF4A}
[2012/08/27 01:38:22 | 000,002,856 | ---- | C] () -- C:\{0BE7830D-7895-4F8E-9013-6DCEBEBC7FB6}
[2012/08/27 01:29:31 | 000,003,192 | ---- | C] () -- C:\{61FB13D2-7940-4EF6-81ED-3391BC7BDDB8}
[2012/08/27 01:23:12 | 000,003,168 | ---- | C] () -- C:\{02A88FF2-2827-476D-A88E-474ACA1FC57F}
[2012/08/27 01:16:28 | 000,003,192 | ---- | C] () -- C:\{DAE744A3-3450-434C-BF1F-BBB1E75AEB97}
[2012/08/27 01:09:57 | 000,003,168 | ---- | C] () -- C:\{B2424844-1023-40A3-A610-1B20E331C877}
[2012/08/27 01:03:16 | 000,003,192 | ---- | C] () -- C:\{2D38A9B7-4C7A-4C7B-A97C-9F1A9D9CC54F}
[2012/08/27 00:56:10 | 000,003,168 | ---- | C] () -- C:\{32A37D5E-7E65-42DF-9787-CEA4154BFDBF}
[2012/08/27 00:49:38 | 000,003,192 | ---- | C] () -- C:\{3EBC872C-E6F7-4DE5-86DB-F9603E80443E}
[2012/08/27 00:43:01 | 000,003,168 | ---- | C] () -- C:\{663525C9-77A0-4FC2-BB3D-8C1FA26FDFD7}
[2012/08/27 00:36:10 | 000,003,192 | ---- | C] () -- C:\{7203AB3B-22C2-4535-96B1-6A0B7EA95F21}
[2012/08/27 00:29:25 | 000,003,168 | ---- | C] () -- C:\{0F348110-A2AA-4751-B4FC-4ED368625A8D}
[2012/08/27 00:22:43 | 000,003,192 | ---- | C] () -- C:\{E8FE0B1A-5490-4A9B-A993-180DBB473604}
[2012/08/27 00:16:06 | 000,003,168 | ---- | C] () -- C:\{4871B192-0475-4C77-A79B-B369005BCDE2}
[2012/08/27 00:09:21 | 000,003,192 | ---- | C] () -- C:\{44F642B2-A475-411F-92B8-7BAA68868F29}
[2012/08/27 00:02:52 | 000,003,168 | ---- | C] () -- C:\{E5EBBBA1-3C9A-4026-B072-AC8BCE3B515A}
[2012/08/26 23:56:36 | 000,003,168 | ---- | C] () -- C:\{A6BF8615-A99D-4ABF-AFA0-5F2ED58FDFD1}
[2012/08/26 23:49:48 | 000,003,192 | ---- | C] () -- C:\{13897D9B-8BF9-4C63-A49B-FA2507254154}
[2012/08/26 23:42:47 | 000,003,192 | ---- | C] () -- C:\{54C3433A-6975-49A7-B15D-4656AEC94308}
[2012/08/26 23:35:46 | 000,003,168 | ---- | C] () -- C:\{772B44D7-714D-4FD7-AE86-495986A00A2D}
[2012/08/26 23:27:40 | 000,003,192 | ---- | C] () -- C:\{4ED516C9-0012-44CB-B436-AC888FC23194}
[2012/08/26 23:21:05 | 000,003,168 | ---- | C] () -- C:\{59261146-4BF1-495C-A5EE-9A120693FD57}
[2012/08/26 23:14:28 | 000,003,168 | ---- | C] () -- C:\{3786DFB1-7BD6-4C45-88A1-9774B8F7819E}
[2012/08/26 23:07:59 | 000,003,192 | ---- | C] () -- C:\{16B81A89-5599-43B9-8E86-BCA917514A8E}
[2012/08/26 23:01:03 | 000,003,192 | ---- | C] () -- C:\{CAD94E47-E3B5-4B3E-95C3-19AF5A8CFA15}
[2012/08/26 22:54:36 | 000,003,168 | ---- | C] () -- C:\{8C26E315-CC85-457F-8335-D00D2DCFC42A}
[2012/08/26 22:47:53 | 000,003,192 | ---- | C] () -- C:\{ACDE1898-21CF-4981-90DB-07ECEA89624B}
[2012/08/26 22:41:19 | 000,003,168 | ---- | C] () -- C:\{94D683BB-5C78-42A1-A5FF-8D0EB6C9446F}
[2012/08/26 22:34:36 | 000,003,168 | ---- | C] () -- C:\{D532E393-D7FE-417D-9823-900DD64E70AA}
[2012/08/26 22:28:07 | 000,003,192 | ---- | C] () -- C:\{4E12E152-6A0D-4DBE-858A-439FDF1F04B0}
[2012/08/26 22:21:29 | 000,003,192 | ---- | C] () -- C:\{0672694C-2E3B-48CD-8E7C-8AA6D89098D7}
[2012/08/26 22:14:28 | 000,003,168 | ---- | C] () -- C:\{86FEF14E-9BB7-41AA-BAFD-7C27FD1CAAFB}
[2012/08/26 22:07:40 | 000,003,192 | ---- | C] () -- C:\{261CE2A9-3778-48EB-AC6B-40C46C91BAE0}
[2012/08/26 22:00:21 | 000,003,168 | ---- | C] () -- C:\{472BCEE4-02FA-4112-9CDA-FE41DDA63D41}
[2012/08/26 21:53:20 | 000,003,192 | ---- | C] () -- C:\{EC573A94-76B7-4370-810B-9184F395B960}
[2012/08/26 21:47:57 | 000,003,168 | ---- | C] () -- C:\{8AF87C00-6DB3-4ADE-8223-7C807D8235F0}
[2012/08/26 21:42:33 | 000,003,192 | ---- | C] () -- C:\{9B8D3CF4-96B2-42A1-BA9E-723F5AB1F36A}
[2012/08/26 21:36:17 | 000,003,168 | ---- | C] () -- C:\{937343FE-BDBE-4861-AF0D-4961C520FFDE}
[2012/08/26 21:30:21 | 000,003,192 | ---- | C] () -- C:\{988B1A48-675B-4892-B886-BF6DA6AFED62}
[2012/08/26 21:23:34 | 000,003,168 | ---- | C] () -- C:\{6DE38B91-9503-45CE-A11A-A6DF08836D0D}
[2012/08/26 21:19:19 | 000,003,168 | ---- | C] () -- C:\{F67C339E-9310-4845-A607-E4B4A3ECA116}
[2012/08/26 21:11:26 | 000,003,192 | ---- | C] () -- C:\{FB0C94E5-21F0-408B-98A1-A429A1504334}
[2012/08/26 21:05:09 | 000,003,192 | ---- | C] () -- C:\{93289DDB-CD97-419F-904B-3E8A88E2FBF7}
[2012/08/26 21:00:23 | 000,003,168 | ---- | C] () -- C:\{1A975C1E-0987-4E70-ACE9-BE0AEC32124D}
[2012/08/26 20:56:54 | 000,003,192 | ---- | C] () -- C:\{79390CA4-2F04-4D2D-95E3-5281B3D6BE5D}
[2012/08/26 20:50:32 | 000,003,168 | ---- | C] () -- C:\{79068B1D-655E-46A6-942C-067D2A9E3DFF}
[2012/08/26 20:44:21 | 000,003,192 | ---- | C] () -- C:\{B35FA9B7-A64B-4221-8799-69250DA69FD7}
[2012/08/26 20:38:04 | 000,003,168 | ---- | C] () -- C:\{BCC40A1C-50B4-4C43-AAEB-5EB1111D8270}
[2012/08/26 20:32:32 | 000,003,192 | ---- | C] () -- C:\{26634504-1B0C-4C4E-A57E-822AEA6A5733}
[2012/08/26 20:26:08 | 000,003,168 | ---- | C] () -- C:\{29A3860B-6290-46FA-A32C-D9D1CA659550}
[2012/08/24 16:15:49 | 000,003,168 | ---- | C] () -- C:\{B0FEF934-D317-4415-A26E-8B50E1706084}
[2012/08/23 16:50:57 | 000,001,325 | ---- | C] () -- C:\Users\Public\Desktop\VMware View Client.lnk
[2012/08/22 20:49:55 | 000,003,192 | ---- | C] () -- C:\{1C69F3EB-5739-4094-B10B-DBD8C5F5FF04}
[2012/08/22 20:45:37 | 000,003,168 | ---- | C] () -- C:\{A8491215-D97C-4039-88F3-27BCE0FCFABA}
[2012/08/22 20:31:25 | 000,003,168 | ---- | C] () -- C:\{A00FDA31-71E0-4CA7-94C0-B44A093559B8}
[2012/08/22 20:03:45 | 000,003,168 | ---- | C] () -- C:\{1393051B-A571-4241-AC4E-9128FA954CB7}
[2012/08/22 20:02:16 | 000,003,168 | ---- | C] () -- C:\{A17B9DAE-9BB3-469E-A6F7-C8E7D1FB269D}
[2012/08/22 19:35:52 | 000,003,160 | ---- | C] () -- C:\{B5383519-1BC3-4B65-9129-835E8F855564}
[2012/08/22 19:04:25 | 000,003,128 | ---- | C] () -- C:\{9B485D98-9770-43AD-89CE-B90FA125A568}
[2012/08/22 18:25:35 | 000,003,168 | ---- | C] () -- C:\{7C86F62B-7B97-45B0-96DA-13EA5C99F24D}
[2012/08/22 18:17:44 | 000,003,168 | ---- | C] () -- C:\{827AB113-E3E9-48D9-B368-4341AABC51BE}
[2012/08/22 17:30:00 | 000,003,160 | ---- | C] () -- C:\{7E52FE86-80AF-4BC3-B63F-451B032040A9}
[2012/08/22 17:23:31 | 000,003,192 | ---- | C] () -- C:\{AD91554F-2373-4F27-A7A6-CF68D994FA96}
[2012/08/22 17:17:27 | 000,003,168 | ---- | C] () -- C:\{882DFF59-1A98-475C-BC36-6DE64BB86B10}
[2012/08/22 17:10:58 | 000,003,472 | ---- | C] () -- C:\{8F1EA7DB-17C2-4A57-A9B6-19935AFF95BA}
[2012/08/22 17:04:14 | 000,003,320 | ---- | C] () -- C:\{3F22011B-48B3-4970-A2F9-1C4A3D0FF3E0}
[2012/08/22 16:57:27 | 000,003,160 | ---- | C] () -- C:\{06602612-1253-413A-B68C-FA3DEA19FA71}
[2012/08/22 16:49:48 | 000,003,192 | ---- | C] () -- C:\{E4ADB819-5699-49FC-AE8D-8283DBE20EF1}
[2012/08/22 16:42:58 | 000,003,168 | ---- | C] () -- C:\{0B8DA6EC-CEA7-4488-8E4F-6378B173EF1A}
[2012/08/22 16:36:10 | 000,003,168 | ---- | C] () -- C:\{CEC5649A-E6BD-4030-8E41-CFD839F28B6E}
[2012/08/22 16:29:29 | 000,003,160 | ---- | C] () -- C:\{6DFAB4FC-63DA-484F-A62D-9DA1E0966AEC}
[2012/08/22 16:20:13 | 000,003,192 | ---- | C] () -- C:\{2706DD1E-7A0D-42F9-9ECF-1BD7D17B39D7}
[2012/08/22 16:08:34 | 000,003,168 | ---- | C] () -- C:\{B9B01496-A7BF-40DC-9357-181921400CD3}
[2012/08/22 15:57:44 | 000,003,168 | ---- | C] () -- C:\{A8B8C87A-A5AD-4495-8C98-39959EE60FCF}
[2012/08/22 15:51:14 | 000,003,160 | ---- | C] () -- C:\{3B89C180-07E4-4582-A151-17FE5048CC72}
[2012/08/22 15:44:55 | 000,003,192 | ---- | C] () -- C:\{9AFD7FF8-536D-4DCE-9604-1FC1DE758EFA}
[2012/08/22 15:38:12 | 000,003,168 | ---- | C] () -- C:\{E545CE53-6B5B-49F5-89C0-96CE54C05B02}
[2012/08/22 15:30:38 | 000,003,168 | ---- | C] () -- C:\{FDAECA24-A9B5-490A-8199-FBEBA537F95E}
[2012/08/22 15:23:43 | 000,003,160 | ---- | C] () -- C:\{413E0413-521D-4349-A0E2-AEAC2A57CAE4}
[2012/08/22 15:16:46 | 000,003,168 | ---- | C] () -- C:\{3F6C5E6C-3D55-451C-A62E-C6B22EA71ED8}
[2012/08/22 15:09:35 | 000,003,192 | ---- | C] () -- C:\{95A17765-B72D-44DA-9322-F050020641D7}
[2012/08/22 15:03:00 | 000,003,160 | ---- | C] () -- C:\{E28A78EE-B56C-48C6-8D8D-19E7A5A894F8}
[2012/08/22 14:55:14 | 000,003,168 | ---- | C] () -- C:\{1CBC0AA7-79AB-440C-A01E-06D794D01E7D}
[2012/08/22 14:48:11 | 000,003,192 | ---- | C] () -- C:\{C6CC8BA4-2F12-460D-AE1A-D14C32EB34A9}
[2012/08/22 14:41:50 | 000,003,168 | ---- | C] () -- C:\{0D27268C-EB15-4FA6-8042-FB437A459BF5}
[2012/08/22 14:33:49 | 000,003,168 | ---- | C] () -- C:\{BCCDAAEF-F439-4207-975E-EB7D3227DD0F}
[2012/08/22 14:26:30 | 000,003,160 | ---- | C] () -- C:\{27A34C47-4460-4763-962D-8AF2DCAC036B}
[2012/08/22 14:16:08 | 000,003,192 | ---- | C] () -- C:\{DDF000FE-6102-433D-A4BF-3050172F3254}
[2012/08/22 14:06:40 | 000,003,168 | ---- | C] () -- C:\{CC23A4FB-F944-4415-B878-E9EC79720501}
[2012/08/22 13:55:04 | 000,002,360 | ---- | C] () -- C:\{3B8F8721-CC1B-4151-88E2-667BD7B81F92}
[2012/08/22 13:38:46 | 000,002,256 | ---- | C] () -- C:\{46271224-84D4-4DFF-B784-9A33AB3E8CD7}
[2012/08/22 13:28:45 | 000,003,168 | ---- | C] () -- C:\{55F02BA1-06A7-4B0E-9963-797109B6558E}
[2012/08/22 13:18:44 | 000,003,160 | ---- | C] () -- C:\{ECABE8D8-A484-4A25-943E-6D02EEE3A1A4}
[2012/08/22 13:09:02 | 000,003,192 | ---- | C] () -- C:\{34D6C40C-B3C8-469A-9E8E-CA46609EF1E8}
[2012/08/22 13:00:14 | 000,003,168 | ---- | C] () -- C:\{404C2799-5F6F-4D9C-8654-08574844585A}
[2012/08/22 12:50:26 | 000,003,168 | ---- | C] () -- C:\{B1D7B7CD-6B6A-4F53-BFE1-558339111CE2}
[2012/08/22 12:39:36 | 000,003,160 | ---- | C] () -- C:\{173D4F36-8402-448D-B712-FBA87FEE2C01}
[2012/08/22 12:30:33 | 000,003,192 | ---- | C] () -- C:\{0560BFBA-178E-4B01-AB78-41A31B0C331B}
[2012/08/22 12:21:16 | 000,003,168 | ---- | C] () -- C:\{EE7885EB-B2E8-49FD-9243-BC1E91D0790C}
[2012/08/22 11:57:38 | 000,003,168 | ---- | C] () -- C:\{E1C5E2EF-3F31-4A00-ADA0-6E4FDB6CF74E}
[2012/08/22 11:16:31 | 000,003,192 | ---- | C] () -- C:\{93A4726C-B5CB-4E46-94EC-A58FA89157F4}
[2012/08/22 11:14:58 | 000,003,168 | ---- | C] () -- C:\{DA801D02-C985-49F3-874E-617038975132}
[2012/08/22 11:03:53 | 000,003,192 | ---- | C] () -- C:\{683545E1-C95F-4F1A-BE62-4AC57BE7BB07}
[2012/08/22 10:58:08 | 000,003,168 | ---- | C] () -- C:\{85F3975B-3814-40DF-84D2-D6D9117803E1}
[2012/08/20 22:08:39 | 000,003,160 | ---- | C] () -- C:\{92D61E61-717D-4330-AA8D-C196C999CAC8}
[2012/08/20 22:05:16 | 000,003,168 | ---- | C] () -- C:\{D4CAAB1C-6BEC-4789-8448-6381A0CE9F0F}
[2012/08/20 21:56:57 | 000,003,192 | ---- | C] () -- C:\{C5A9D8DE-AEA0-47CC-8224-B359C6D64BB3}
[2012/08/20 21:47:39 | 000,003,168 | ---- | C] () -- C:\{81BB429E-31E4-4A02-8F6F-EB1566E8A237}
[2012/08/20 21:15:51 | 000,003,168 | ---- | C] () -- C:\{B3FE7E9C-5EAE-4CC3-98EA-43B23AA64D8A}
[2012/08/19 12:58:05 | 000,003,192 | ---- | C] () -- C:\{9334061B-8657-4959-9CA5-6B4AFDD6B6DB}
[2012/08/19 12:43:25 | 000,003,168 | ---- | C] () -- C:\{4B6A520C-53D3-4D1E-A555-1F13FFEE3249}
[2012/08/19 12:39:57 | 000,003,168 | ---- | C] () -- C:\{37750AEC-AA8B-4E99-85AF-18EF33B6793E}
[2012/08/19 12:14:18 | 000,003,168 | ---- | C] () -- C:\{ED1BCF3C-12BC-40B1-87A6-7B6226D930E8}
[2012/08/19 12:05:20 | 000,003,168 | ---- | C] () -- C:\{74F6E4F8-3357-4F52-BE21-C1B6585A8993}
[2012/08/19 11:25:10 | 000,003,192 | ---- | C] () -- C:\{8331D4A7-FA9A-449A-993B-8A54174B53B2}
[2012/08/18 20:28:55 | 000,003,192 | ---- | C] () -- C:\{B41BCE8B-8327-4027-9D00-19FE4A000E0D}
[2012/08/18 20:25:19 | 000,003,168 | ---- | C] () -- C:\{6A48205F-D6FA-4B2F-85A7-3A1E4F49AD87}
[2012/08/18 20:15:38 | 000,003,168 | ---- | C] () -- C:\{870E820D-4737-485E-8C20-3363AA2968CB}
[2012/08/14 14:38:56 | 000,003,168 | ---- | C] () -- C:\{5F43D11C-968B-4FC2-8033-853DDA105279}
[2012/08/14 14:28:26 | 000,003,168 | ---- | C] () -- C:\{7EAA41B2-BAFC-48FF-9DD1-835736ACB458}
[2012/08/14 14:25:35 | 000,003,168 | ---- | C] () -- C:\{3BBB27CF-EF53-4C93-A8B0-4DA74AB93423}
[2012/08/14 13:03:08 | 000,003,168 | ---- | C] () -- C:\{97476F37-2466-4CA9-8208-C1E1C41AF0EF}
[2012/08/14 12:58:07 | 000,003,192 | ---- | C] () -- C:\{94C3A42A-1F86-418B-AD0A-007DCBBA01C6}
[2012/08/14 12:57:00 | 000,003,168 | ---- | C] () -- C:\{914EB9D7-E303-4BAF-8A78-4B7F10F20CEE}
[2012/08/14 12:55:29 | 000,003,168 | ---- | C] () -- C:\{1E12AFF7-C1B1-48DB-A7F9-8AF399D10CEE}
[2012/08/14 11:57:03 | 000,003,168 | ---- | C] () -- C:\{6683579B-4F07-4D42-8E1F-F2434F58F006}
[2012/08/14 11:55:35 | 000,003,168 | ---- | C] () -- C:\{0284EB07-E85C-426F-849B-2440CFF00573}
[2012/08/08 17:07:59 | 000,000,000 | ---- | C] () -- C:\Users\Matt Goodwin\Documents\Nuance Image Printer Writer Port
[2012/08/01 20:16:30 | 000,006,358 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/07/18 23:22:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\Standard
[2012/07/18 23:22:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\Soundtrack
[2012/07/15 22:43:02 | 000,000,000 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Roaming\Standard Tool
[2012/07/15 22:43:02 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2012/07/15 22:24:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/07/15 22:23:45 | 000,000,000 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Roaming\SupportPrinters
[2012/07/15 22:23:45 | 000,000,000 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Roaming\Strings
[2012/07/15 22:23:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/07/15 22:23:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/06/05 14:04:48 | 000,021,120 | ---- | C] () -- C:\windows\SysWow64\drivers\AQFileRestore.sys
[2012/03/05 12:04:04 | 000,154,332 | ---- | C] () -- C:\windows\hppins08.dat
[2012/03/05 12:04:04 | 000,001,116 | ---- | C] () -- C:\windows\hppmdl08.dat
[2012/03/05 11:23:08 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2012/03/05 11:22:55 | 000,316,928 | ---- | C] () -- C:\windows\SysWow64\hpcc3118.dll
[2012/01/09 18:00:31 | 000,000,376 | ---- | C] () -- C:\windows\AAA9de.ini
[2011/05/18 17:42:28 | 000,001,940 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/13 19:06:30 | 000,000,036 | ---- | C] () -- C:\windows\SysWow64\f9t.dat
[2010/10/30 14:07:21 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2010/10/30 14:00:41 | 000,000,019 | ---- | C] () -- C:\windows\popcinfo.dat
[2010/04/04 23:03:37 | 000,004,284 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Roaming\wklnhst.dat
[2010/02/26 00:47:03 | 000,000,824 | ---- | C] () -- C:\Users\Matt Goodwin\hosts
[2010/01/03 16:35:24 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/01 21:27:01 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/01 21:01:05 | 008,126,464 | --S- | C] () -- C:\Users\Matt Goodwin\NTUSER.BK1
[2010/01/01 21:01:05 | 006,299,648 | ---- | C] () -- C:\Users\Matt Goodwin\NTUSER.BAK

< End of report >
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK now for the big question... How is the computer running ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2260173
    IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\URLSearchHook: {3bbd3c14-4c16-4989-8366-95bc9179779d} - No CLSID value found
    IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
    IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar....ale.underscore}
    IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\SearchScopes\{29311076-292B-4DB7-B34B-C01604B408CB}: "URL" = http://search.condui...&ctid=CT3201318
    IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\SearchScopes\{7351FD46-C273-4897-B664-A661BCE51A5E}: "URL" = http://search.freeca...p={searchTerms}
    IE - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\SearchScopes\{7545FDB5-E450-47EA-A7E0-AB1C5C1365AE}: "URL" = http://swagbucks.com...q={searchTerms}
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
    O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
    O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\Toolbar\WebBrowser: (no name) - {3BBD3C14-4C16-4989-8366-95BC9179779D} - No CLSID value found.
    O3 - HKU\S-1-5-21-101742770-2194829681-279417830-1000\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [] File not found
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-21-101742770-2194829681-279417830-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (Reg Error: Key error.)
    [2012/08/12 21:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
    [2012/08/12 21:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
    [2012/08/12 21:47:17 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Roaming\DefaultTab
    [2012/08/12 21:48:53 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Local\visi_coupon
    [2012/09/07 10:54:02 | 000,362,882 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\SharedAccess.reg
    [2012/09/07 10:54:02 | 000,176,940 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\BFE.reg
    [2012/09/07 10:54:02 | 000,007,586 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\WinDefend.reg
    [2012/09/07 10:54:02 | 000,006,396 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\MpsSvc.reg
    [2012/09/07 10:54:02 | 000,006,288 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\BITS.reg
    [2012/09/07 10:54:02 | 000,006,176 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\wuauserv.reg
    [2012/09/07 10:54:02 | 000,005,256 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\wscsvc.reg
    [2012/09/07 10:53:41 | 000,036,231 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\jmgoodwin74.zip
    [2012/09/05 13:58:39 | 000,003,192 | ---- | M] () -- C:\{B5FA2FC5-682E-49AC-A9C3-1AB704E86A75}
    [2012/09/05 10:10:49 | 000,003,168 | ---- | M] () -- C:\{88DC289C-1C9D-460E-8EDF-AF8D9299EDF9}
    [2012/09/05 10:08:51 | 000,003,192 | ---- | M] () -- C:\{426B2890-CEB9-4AC5-93F3-EE7A28599302}
    [2012/09/04 20:22:08 | 000,003,192 | ---- | M] () -- C:\{E112FD48-CED0-4D0C-9584-FBDC49C593E2}
    [2012/09/04 15:06:33 | 000,003,192 | ---- | M] () -- C:\{64F3BD50-87EC-44EB-8BEF-B97D910168B6}
    [2012/09/04 13:46:19 | 000,003,192 | ---- | M] () -- C:\{388FFD71-34A4-4DB8-BCC5-75492A71FECE}
    [2012/09/04 13:13:27 | 000,003,168 | ---- | M] () -- C:\{0611CB42-BF1E-4090-A2BC-C3B79E66992A}
    [2012/09/04 13:07:58 | 000,003,192 | ---- | M] () -- C:\{1AEA1DB9-A387-4D2D-8FAC-A0F8B4E50159}
    [2012/09/04 12:55:10 | 000,003,192 | ---- | M] () -- C:\{435B21CD-EC98-40A6-92B0-EF2C3712B64B}
    [2012/09/04 11:12:43 | 000,003,168 | ---- | M] () -- C:\{D5D548BA-E666-4CA1-A0D2-52CF45651A45}
    [2012/09/04 09:34:41 | 000,003,168 | ---- | M] () -- C:\{7799089E-E0B0-4429-9712-174BBCD61807}
    [2012/09/03 15:51:13 | 000,003,168 | ---- | M] () -- C:\{1D2D849C-8EEB-482E-9953-F82581B13087}
    [2012/08/30 15:32:01 | 000,003,168 | ---- | M] () -- C:\{93936D02-423B-4DAB-BC17-92A623552F3F}
    [2012/08/30 13:17:02 | 000,003,168 | ---- | M] () -- C:\{31938262-EDFC-4ACE-AE35-6E632FB6236E}
    [2012/08/30 13:07:43 | 000,003,168 | ---- | M] () -- C:\{76007194-A200-4AB9-AA21-2ECF29EEE6D4}
    [2012/08/30 12:27:32 | 000,003,168 | ---- | M] () -- C:\{A5CA7C0F-9931-4115-9AEB-D88291E4125C}
    [2012/08/30 10:55:19 | 000,003,168 | ---- | M] () -- C:\{345A6389-813B-4E25-A576-277D8C79AA9B}
    [2012/08/30 10:53:35 | 000,003,192 | ---- | M] () -- C:\{BE03BC01-8873-41C8-900E-042464089E7F}
    [2012/08/30 10:42:16 | 000,003,168 | ---- | M] () -- C:\{76B2AC76-E2A5-410A-BA81-0A11F2AE7042}
    [2012/08/30 10:00:31 | 000,003,168 | ---- | M] () -- C:\{370C0DA4-BDE0-4694-BA49-3CA80E593737}
    [2012/08/30 09:41:31 | 000,003,152 | ---- | M] () -- C:\{DB8E9FBC-AEA6-4143-ABED-A9E82C8275C0}
    [2012/08/30 09:34:31 | 000,003,128 | ---- | M] () -- C:\{0B59A272-95DB-46F7-AF45-5DA35C51A8D4}
    [2012/08/30 09:21:54 | 000,003,128 | ---- | M] () -- C:\{736B3B72-F853-4C7B-98F6-675516E28701}
    [2012/08/30 08:30:25 | 000,003,128 | ---- | M] () -- C:\{02B0C4A6-F264-4142-8412-971E9285522A}
    [2012/08/29 22:46:26 | 000,003,152 | ---- | M] () -- C:\{83A3C42D-5BA5-45D9-A7CF-A3BDA0062B4A}
    [2012/08/29 22:32:39 | 000,003,128 | ---- | M] () -- C:\{310320F5-8E4E-4BAB-9761-AEB335A4377D}
    [2012/08/29 22:17:09 | 000,003,128 | ---- | M] () -- C:\{5D9C7A1B-28CF-44EB-A362-D5689EB30C6A}
    [2012/08/29 21:45:27 | 000,003,128 | ---- | M] () -- C:\{C87F3131-21BE-4CE3-993A-3215B9931ECF}
    [2012/08/29 20:52:56 | 000,003,128 | ---- | M] () -- C:\{69951E90-408D-4B9C-ACA6-22D5FAE3FA3F}
    [2012/08/29 18:30:22 | 000,003,128 | ---- | M] () -- C:\{F32460BE-E85B-4970-A4AC-D5EF451641A4}
    [2012/08/29 18:27:07 | 000,003,128 | ---- | M] () -- C:\{89BEA620-732B-445F-8EB4-F21EE6910B96}
    [2012/08/29 18:12:46 | 000,003,152 | ---- | M] () -- C:\{4F25CED8-9DB0-40A8-A1B2-395712CE4696}
    [2012/08/29 17:17:57 | 000,003,152 | ---- | M] () -- C:\{1C448458-BA17-47ED-9729-2DDAA3B857F4}
    [2012/08/29 17:15:11 | 000,003,128 | ---- | M] () -- C:\{38639907-009A-49AE-90A0-9D3497AC1EBA}
    [2012/08/29 17:12:40 | 000,003,128 | ---- | M] () -- C:\{97A1072A-670B-4A7B-A3EF-D70320278FC9}
    [2012/08/29 17:00:34 | 000,003,128 | ---- | M] () -- C:\{1CB26035-99AF-40FF-9D06-8EA2DDF2A5E8}
    [2012/08/29 16:45:30 | 000,003,128 | ---- | M] () -- C:\{420C844B-F5F4-4889-83B2-46A66229C251}
    [2012/08/29 14:09:26 | 000,003,128 | ---- | M] () -- C:\{C777B7B6-A64E-4B9B-9146-101458A4E4AB}
    [2012/08/29 14:03:37 | 000,003,128 | ---- | M] () -- C:\{354F6235-80AD-48A7-B6D4-4C15643080C2}
    [2012/08/29 13:39:47 | 000,003,128 | ---- | M] () -- C:\{5C553A34-1088-464B-8EB9-3D97A2A294E7}
    [2012/08/29 13:34:34 | 000,003,128 | ---- | M] () -- C:\{57DE245F-655C-4571-95BF-2ED2761617F6}
    [2012/08/29 13:19:21 | 000,002,240 | ---- | M] () -- C:\{58C725D2-43AA-49DB-8210-07FB1C940070}
    [2012/08/29 13:05:55 | 000,002,240 | ---- | M] () -- C:\{B87C7F89-69F8-46E0-AAFC-1C7D80BF72A1}
    [2012/08/29 12:48:55 | 000,003,128 | ---- | M] () -- C:\{B3E49D9F-C434-441C-BC3E-297085C1C81A}
    [2012/08/29 08:51:41 | 000,003,128 | ---- | M] () -- C:\{854BE175-B0BA-4705-B64A-8B1F6B06A2E5}
    [2012/08/29 08:49:01 | 000,003,128 | ---- | M] () -- C:\{99AFBCB0-38D5-4298-B121-91A3A338A1D4}
    [2012/08/28 21:50:00 | 000,003,128 | ---- | M] () -- C:\{72DC70B9-5EF5-486B-94A7-0A2A1EF414E7}
    [2012/08/27 23:27:56 | 000,003,168 | ---- | M] () -- C:\{16155F60-CFE3-4366-B41F-BA3DC2D57B8B}
    [2012/08/27 21:59:32 | 000,003,168 | ---- | M] () -- C:\{A4E99CD0-7A90-4480-AF40-F225BA00275E}
    [2012/08/27 07:34:50 | 000,003,168 | ---- | M] () -- C:\{4E10D4BD-7B04-48AC-8C14-5E6D25E2E0CC}
    [2012/08/27 07:17:24 | 000,003,192 | ---- | M] () -- C:\{4CD07928-9D7F-4A93-8509-70FF9E9B5E16}
    [2012/08/27 06:52:30 | 000,003,168 | ---- | M] () -- C:\{E7FD9D52-890D-4186-8F9C-1BB7B8B53815}
    [2012/08/27 06:26:54 | 000,003,168 | ---- | M] () -- C:\{2ECC07C2-2376-453D-A024-3482934EEE94}
    [2012/08/27 06:16:02 | 000,003,168 | ---- | M] () -- C:\{44E2112D-4926-4A22-ACC2-91F492C117C4}
    [2012/08/27 06:13:14 | 000,003,192 | ---- | M] () -- C:\{552180D7-079B-470E-B925-C16E62055820}
    [2012/08/27 05:58:43 | 000,003,192 | ---- | M] () -- C:\{54417B5D-1574-4975-B838-5A85BC35C44E}
    [2012/08/27 05:54:55 | 000,003,168 | ---- | M] () -- C:\{59261EB2-D702-4F51-92A3-5AFCA98A6A3F}
    [2012/08/27 05:31:13 | 000,003,192 | ---- | M] () -- C:\{3D46AAFC-420C-4157-941C-A9FDEC9C685E}
    [2012/08/27 05:29:55 | 000,003,192 | ---- | M] () -- C:\{9FA1BCC7-7C64-4EBF-98AC-737AE7467DC9}
    [2012/08/27 05:28:23 | 000,003,168 | ---- | M] () -- C:\{38EF06F8-DB97-4651-8E21-43E1368302E9}
    [2012/08/27 05:20:41 | 000,003,192 | ---- | M] () -- C:\{31872568-8051-4EC4-9549-79B36D42ED72}
    [2012/08/27 05:13:04 | 000,003,168 | ---- | M] () -- C:\{D264F097-922E-4D58-8A1A-E95526747BD8}
    [2012/08/27 05:12:01 | 000,003,192 | ---- | M] () -- C:\{797B1DE8-5F2E-4501-9907-85C5E013420D}
    [2012/08/27 05:10:58 | 000,003,168 | ---- | M] () -- C:\{790FB7C3-1CE7-42FF-AADD-63D6F6379AA6}
    [2012/08/27 04:55:45 | 000,003,192 | ---- | M] () -- C:\{B9D7868D-FF08-42E6-809F-19F1E8E4A194}
    [2012/08/27 04:40:44 | 000,003,168 | ---- | M] () -- C:\{3B2E1758-C42A-4DC6-A2D9-FC62CE2E1FC4}
    [2012/08/27 04:27:11 | 000,003,192 | ---- | M] () -- C:\{9E016C95-8B89-4ECB-AA22-07261880BAFE}
    [2012/08/27 04:11:33 | 000,003,168 | ---- | M] () -- C:\{7E5E009B-A596-45F6-91D1-C26EC30EF060}
    [2012/08/27 03:58:56 | 000,003,192 | ---- | M] () -- C:\{8F9169D2-481E-4913-8E3E-117400ADF2AB}
    [2012/08/27 03:43:34 | 000,003,168 | ---- | M] () -- C:\{18745425-3D5E-4CFC-A87F-72EDD710153C}
    [2012/08/27 03:27:57 | 000,003,192 | ---- | M] () -- C:\{BD3D45C5-8BF7-4198-B845-A70B9CC0B163}
    [2012/08/27 03:14:12 | 000,003,168 | ---- | M] () -- C:\{E4E2262B-492B-4C90-9514-EB9FF3AD4C57}
    [2012/08/27 03:02:24 | 000,003,192 | ---- | M] () -- C:\{7F1DA728-5FF8-4CF0-942A-97B1AC4E8BD4}
    [2012/08/27 02:54:44 | 000,003,168 | ---- | M] () -- C:\{22BF0279-E4FE-4B17-8417-D7768C8926D2}
    [2012/08/27 02:42:29 | 000,002,360 | ---- | M] () -- C:\{51D68F4E-39A6-47C4-8BE4-434109A4F3F5}
    [2012/08/27 02:37:59 | 000,002,256 | ---- | M] () -- C:\{85E7252F-AEE1-4889-AE03-2438BC724C94}
    [2012/08/27 02:31:32 | 000,003,192 | ---- | M] () -- C:\{A1D87CF4-367A-4168-9389-F4AE1F663DD8}
    [2012/08/27 02:25:08 | 000,003,168 | ---- | M] () -- C:\{007F42BC-BDD9-4CD0-8DA8-25732A07FFE3}
    [2012/08/27 02:18:37 | 000,003,192 | ---- | M] () -- C:\{35D4D92D-61FC-4DE8-A2E9-6FB58000A91E}
    [2012/08/27 02:11:55 | 000,003,168 | ---- | M] () -- C:\{09C6F392-9DFB-41F9-A7C2-A6E3614342AF}
    [2012/08/27 02:04:09 | 000,003,192 | ---- | M] () -- C:\{E939DFD1-04B7-44EA-921A-F8634EA93F12}
    [2012/08/27 02:00:27 | 000,003,168 | ---- | M] () -- C:\{AA7CE832-1273-488E-8704-0A10270793A6}
    [2012/08/27 01:56:39 | 000,003,192 | ---- | M] () -- C:\{D7F31B1C-AE9F-4BBA-9F99-4DD2CEC30F55}
    [2012/08/27 01:51:44 | 000,003,168 | ---- | M] () -- C:\{1B9FFD69-3BDC-4AAB-922F-9F190C0D0819}
    [2012/08/27 01:43:28 | 000,002,424 | ---- | M] () -- C:\{06E94532-6D8D-4F1F-A834-94FEA44CFF4A}
    [2012/08/27 01:38:23 | 000,002,856 | ---- | M] () -- C:\{0BE7830D-7895-4F8E-9013-6DCEBEBC7FB6}
    [2012/08/27 01:29:32 | 000,003,192 | ---- | M] () -- C:\{61FB13D2-7940-4EF6-81ED-3391BC7BDDB8}
    [2012/08/27 01:23:13 | 000,003,168 | ---- | M] () -- C:\{02A88FF2-2827-476D-A88E-474ACA1FC57F}
    [2012/08/27 01:16:30 | 000,003,192 | ---- | M] () -- C:\{DAE744A3-3450-434C-BF1F-BBB1E75AEB97}
    [2012/08/27 01:09:58 | 000,003,168 | ---- | M] () -- C:\{B2424844-1023-40A3-A610-1B20E331C877}
    [2012/08/27 01:03:18 | 000,003,192 | ---- | M] () -- C:\{2D38A9B7-4C7A-4C7B-A97C-9F1A9D9CC54F}
    [2012/08/27 00:56:11 | 000,003,168 | ---- | M] () -- C:\{32A37D5E-7E65-42DF-9787-CEA4154BFDBF}
    [2012/08/27 00:49:40 | 000,003,192 | ---- | M] () -- C:\{3EBC872C-E6F7-4DE5-86DB-F9603E80443E}
    [2012/08/27 00:43:02 | 000,003,168 | ---- | M] () -- C:\{663525C9-77A0-4FC2-BB3D-8C1FA26FDFD7}
    [2012/08/27 00:36:11 | 000,003,192 | ---- | M] () -- C:\{7203AB3B-22C2-4535-96B1-6A0B7EA95F21}
    [2012/08/27 00:29:26 | 000,003,168 | ---- | M] () -- C:\{0F348110-A2AA-4751-B4FC-4ED368625A8D}
    [2012/08/27 00:22:44 | 000,003,192 | ---- | M] () -- C:\{E8FE0B1A-5490-4A9B-A993-180DBB473604}
    [2012/08/27 00:16:08 | 000,003,168 | ---- | M] () -- C:\{4871B192-0475-4C77-A79B-B369005BCDE2}
    [2012/08/27 00:09:22 | 000,003,192 | ---- | M] () -- C:\{44F642B2-A475-411F-92B8-7BAA68868F29}
    [2012/08/27 00:02:53 | 000,003,168 | ---- | M] () -- C:\{E5EBBBA1-3C9A-4026-B072-AC8BCE3B515A}
    [2012/08/26 23:56:37 | 000,003,168 | ---- | M] () -- C:\{A6BF8615-A99D-4ABF-AFA0-5F2ED58FDFD1}
    [2012/08/26 23:49:49 | 000,003,192 | ---- | M] () -- C:\{13897D9B-8BF9-4C63-A49B-FA2507254154}
    [2012/08/26 23:42:49 | 000,003,192 | ---- | M] () -- C:\{54C3433A-6975-49A7-B15D-4656AEC94308}
    [2012/08/26 23:35:48 | 000,003,168 | ---- | M] () -- C:\{772B44D7-714D-4FD7-AE86-495986A00A2D}
    [2012/08/26 23:27:41 | 000,003,192 | ---- | M] () -- C:\{4ED516C9-0012-44CB-B436-AC888FC23194}
    [2012/08/26 23:21:07 | 000,003,168 | ---- | M] () -- C:\{59261146-4BF1-495C-A5EE-9A120693FD57}
    [2012/08/26 23:14:29 | 000,003,168 | ---- | M] () -- C:\{3786DFB1-7BD6-4C45-88A1-9774B8F7819E}
    [2012/08/26 23:08:01 | 000,003,192 | ---- | M] () -- C:\{16B81A89-5599-43B9-8E86-BCA917514A8E}
    [2012/08/26 23:01:04 | 000,003,192 | ---- | M] () -- C:\{CAD94E47-E3B5-4B3E-95C3-19AF5A8CFA15}
    [2012/08/26 22:54:37 | 000,003,168 | ---- | M] () -- C:\{8C26E315-CC85-457F-8335-D00D2DCFC42A}
    [2012/08/26 22:47:54 | 000,003,192 | ---- | M] () -- C:\{ACDE1898-21CF-4981-90DB-07ECEA89624B}
    [2012/08/26 22:41:20 | 000,003,168 | ---- | M] () -- C:\{94D683BB-5C78-42A1-A5FF-8D0EB6C9446F}
    [2012/08/26 22:34:37 | 000,003,168 | ---- | M] () -- C:\{D532E393-D7FE-417D-9823-900DD64E70AA}
    [2012/08/26 22:28:08 | 000,003,192 | ---- | M] () -- C:\{4E12E152-6A0D-4DBE-858A-439FDF1F04B0}
    [2012/08/26 22:21:30 | 000,003,192 | ---- | M] () -- C:\{0672694C-2E3B-48CD-8E7C-8AA6D89098D7}
    [2012/08/26 22:14:29 | 000,003,168 | ---- | M] () -- C:\{86FEF14E-9BB7-41AA-BAFD-7C27FD1CAAFB}
    [2012/08/26 22:07:41 | 000,003,192 | ---- | M] () -- C:\{261CE2A9-3778-48EB-AC6B-40C46C91BAE0}
    [2012/08/26 22:00:22 | 000,003,168 | ---- | M] () -- C:\{472BCEE4-02FA-4112-9CDA-FE41DDA63D41}
    [2012/08/26 21:53:22 | 000,003,192 | ---- | M] () -- C:\{EC573A94-76B7-4370-810B-9184F395B960}
    [2012/08/26 21:47:58 | 000,003,168 | ---- | M] () -- C:\{8AF87C00-6DB3-4ADE-8223-7C807D8235F0}
    [2012/08/26 21:42:34 | 000,003,192 | ---- | M] () -- C:\{9B8D3CF4-96B2-42A1-BA9E-723F5AB1F36A}
    [2012/08/26 21:36:19 | 000,003,168 | ---- | M] () -- C:\{937343FE-BDBE-4861-AF0D-4961C520FFDE}
    [2012/08/26 21:30:22 | 000,003,192 | ---- | M] () -- C:\{988B1A48-675B-4892-B886-BF6DA6AFED62}
    [2012/08/26 21:23:35 | 000,003,168 | ---- | M] () -- C:\{6DE38B91-9503-45CE-A11A-A6DF08836D0D}
    [2012/08/26 21:19:22 | 000,003,168 | ---- | M] () -- C:\{F67C339E-9310-4845-A607-E4B4A3ECA116}
    [2012/08/26 21:11:27 | 000,003,192 | ---- | M] () -- C:\{FB0C94E5-21F0-408B-98A1-A429A1504334}
    [2012/08/26 21:05:10 | 000,003,192 | ---- | M] () -- C:\{93289DDB-CD97-419F-904B-3E8A88E2FBF7}
    [2012/08/26 21:00:23 | 000,003,168 | ---- | M] () -- C:\{1A975C1E-0987-4E70-ACE9-BE0AEC32124D}
    [2012/08/26 20:56:55 | 000,003,192 | ---- | M] () -- C:\{79390CA4-2F04-4D2D-95E3-5281B3D6BE5D}
    [2012/08/26 20:50:33 | 000,003,168 | ---- | M] () -- C:\{79068B1D-655E-46A6-942C-067D2A9E3DFF}
    [2012/08/26 20:44:22 | 000,003,192 | ---- | M] () -- C:\{B35FA9B7-A64B-4221-8799-69250DA69FD7}
    [2012/08/26 20:38:05 | 000,003,168 | ---- | M] () -- C:\{BCC40A1C-50B4-4C43-AAEB-5EB1111D8270}
    [2012/08/26 20:32:33 | 000,003,192 | ---- | M] () -- C:\{26634504-1B0C-4C4E-A57E-822AEA6A5733}
    [2012/08/26 20:26:09 | 000,003,168 | ---- | M] () -- C:\{29A3860B-6290-46FA-A32C-D9D1CA659550}
    [2012/08/24 16:15:49 | 000,003,168 | ---- | M] () -- C:\{B0FEF934-D317-4415-A26E-8B50E1706084}
    [2012/08/23 23:00:11 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\FixZeroAccess.sys
    [2012/08/22 20:49:57 | 000,003,192 | ---- | M] () -- C:\{1C69F3EB-5739-4094-B10B-DBD8C5F5FF04}
    [2012/08/22 20:45:39 | 000,003,168 | ---- | M] () -- C:\{A8491215-D97C-4039-88F3-27BCE0FCFABA}
    [2012/08/22 20:31:29 | 000,003,168 | ---- | M] () -- C:\{A00FDA31-71E0-4CA7-94C0-B44A093559B8}
    [2012/08/22 20:03:45 | 000,003,168 | ---- | M] () -- C:\{1393051B-A571-4241-AC4E-9128FA954CB7}
    [2012/08/22 20:02:19 | 000,003,168 | ---- | M] () -- C:\{A17B9DAE-9BB3-469E-A6F7-C8E7D1FB269D}
    [2012/08/22 19:35:55 | 000,003,160 | ---- | M] () -- C:\{B5383519-1BC3-4B65-9129-835E8F855564}
    [2012/08/22 19:04:27 | 000,003,128 | ---- | M] () -- C:\{9B485D98-9770-43AD-89CE-B90FA125A568}
    [2012/08/22 18:25:37 | 000,003,168 | ---- | M] () -- C:\{7C86F62B-7B97-45B0-96DA-13EA5C99F24D}
    [2012/08/22 18:17:46 | 000,003,168 | ---- | M] () -- C:\{827AB113-E3E9-48D9-B368-4341AABC51BE}
    [2012/08/22 17:30:01 | 000,003,160 | ---- | M] () -- C:\{7E52FE86-80AF-4BC3-B63F-451B032040A9}
    [2012/08/22 17:23:33 | 000,003,192 | ---- | M] () -- C:\{AD91554F-2373-4F27-A7A6-CF68D994FA96}
    [2012/08/22 17:17:28 | 000,003,168 | ---- | M] () -- C:\{882DFF59-1A98-475C-BC36-6DE64BB86B10}
    [2012/08/22 17:10:59 | 000,003,472 | ---- | M] () -- C:\{8F1EA7DB-17C2-4A57-A9B6-19935AFF95BA}
    [2012/08/22 17:04:15 | 000,003,320 | ---- | M] () -- C:\{3F22011B-48B3-4970-A2F9-1C4A3D0FF3E0}
    [2012/08/22 16:57:28 | 000,003,160 | ---- | M] () -- C:\{06602612-1253-413A-B68C-FA3DEA19FA71}
    [2012/08/22 16:49:49 | 000,003,192 | ---- | M] () -- C:\{E4ADB819-5699-49FC-AE8D-8283DBE20EF1}
    [2012/08/22 16:42:59 | 000,003,168 | ---- | M] () -- C:\{0B8DA6EC-CEA7-4488-8E4F-6378B173EF1A}
    [2012/08/22 16:36:10 | 000,003,168 | ---- | M] () -- C:\{CEC5649A-E6BD-4030-8E41-CFD839F28B6E}
    [2012/08/22 16:29:30 | 000,003,160 | ---- | M] () -- C:\{6DFAB4FC-63DA-484F-A62D-9DA1E0966AEC}
    [2012/08/22 16:20:15 | 000,003,192 | ---- | M] () -- C:\{2706DD1E-7A0D-42F9-9ECF-1BD7D17B39D7}
    [2012/08/22 16:08:36 | 000,003,168 | ---- | M] () -- C:\{B9B01496-A7BF-40DC-9357-181921400CD3}
    [2012/08/22 15:57:47 | 000,003,168 | ---- | M] () -- C:\{A8B8C87A-A5AD-4495-8C98-39959EE60FCF}
    [2012/08/22 15:51:15 | 000,003,160 | ---- | M] () -- C:\{3B89C180-07E4-4582-A151-17FE5048CC72}
    [2012/08/22 15:44:56 | 000,003,192 | ---- | M] () -- C:\{9AFD7FF8-536D-4DCE-9604-1FC1DE758EFA}
    [2012/08/22 15:38:13 | 000,003,168 | ---- | M] () -- C:\{E545CE53-6B5B-49F5-89C0-96CE54C05B02}
    [2012/08/22 15:30:39 | 000,003,168 | ---- | M] () -- C:\{FDAECA24-A9B5-490A-8199-FBEBA537F95E}
    [2012/08/22 15:23:46 | 000,003,160 | ---- | M] () -- C:\{413E0413-521D-4349-A0E2-AEAC2A57CAE4}
    [2012/08/22 15:16:47 | 000,003,168 | ---- | M] () -- C:\{3F6C5E6C-3D55-451C-A62E-C6B22EA71ED8}
    [2012/08/22 15:09:36 | 000,003,192 | ---- | M] () -- C:\{95A17765-B72D-44DA-9322-F050020641D7}
    [2012/08/22 15:03:01 | 000,003,160 | ---- | M] () -- C:\{E28A78EE-B56C-48C6-8D8D-19E7A5A894F8}
    [2012/08/22 14:55:16 | 000,003,168 | ---- | M] () -- C:\{1CBC0AA7-79AB-440C-A01E-06D794D01E7D}
    [2012/08/22 14:48:13 | 000,003,192 | ---- | M] () -- C:\{C6CC8BA4-2F12-460D-AE1A-D14C32EB34A9}
    [2012/08/22 14:41:51 | 000,003,168 | ---- | M] () -- C:\{0D27268C-EB15-4FA6-8042-FB437A459BF5}
    [2012/08/22 14:33:51 | 000,003,168 | ---- | M] () -- C:\{BCCDAAEF-F439-4207-975E-EB7D3227DD0F}
    [2012/08/22 14:26:31 | 000,003,160 | ---- | M] () -- C:\{27A34C47-4460-4763-962D-8AF2DCAC036B}
    [2012/08/22 14:16:08 | 000,003,192 | ---- | M] () -- C:\{DDF000FE-6102-433D-A4BF-3050172F3254}
    [2012/08/22 14:06:41 | 000,003,168 | ---- | M] () -- C:\{CC23A4FB-F944-4415-B878-E9EC79720501}
    [2012/08/22 13:55:12 | 000,002,360 | ---- | M] () -- C:\{3B8F8721-CC1B-4151-88E2-667BD7B81F92}
    [2012/08/22 13:38:48 | 000,002,256 | ---- | M] () -- C:\{46271224-84D4-4DFF-B784-9A33AB3E8CD7}
    [2012/08/22 13:28:48 | 000,003,168 | ---- | M] () -- C:\{55F02BA1-06A7-4B0E-9963-797109B6558E}
    [2012/08/22 13:18:47 | 000,003,160 | ---- | M] () -- C:\{ECABE8D8-A484-4A25-943E-6D02EEE3A1A4}
    [2012/08/22 13:09:04 | 000,003,192 | ---- | M] () -- C:\{34D6C40C-B3C8-469A-9E8E-CA46609EF1E8}
    [2012/08/22 13:00:16 | 000,003,168 | ---- | M] () -- C:\{404C2799-5F6F-4D9C-8654-08574844585A}
    [2012/08/22 12:50:28 | 000,003,168 | ---- | M] () -- C:\{B1D7B7CD-6B6A-4F53-BFE1-558339111CE2}
    [2012/08/22 12:39:37 | 000,003,160 | ---- | M] () -- C:\{173D4F36-8402-448D-B712-FBA87FEE2C01}
    [2012/08/22 12:30:34 | 000,003,192 | ---- | M] () -- C:\{0560BFBA-178E-4B01-AB78-41A31B0C331B}
    [2012/08/22 12:21:18 | 000,003,168 | ---- | M] () -- C:\{EE7885EB-B2E8-49FD-9243-BC1E91D0790C}
    [2012/08/22 11:57:39 | 000,003,168 | ---- | M] () -- C:\{E1C5E2EF-3F31-4A00-ADA0-6E4FDB6CF74E}
    [2012/08/22 11:16:31 | 000,003,192 | ---- | M] () -- C:\{93A4726C-B5CB-4E46-94EC-A58FA89157F4}
    [2012/08/22 11:14:59 | 000,003,168 | ---- | M] () -- C:\{DA801D02-C985-49F3-874E-617038975132}
    [2012/08/22 11:03:54 | 000,003,192 | ---- | M] () -- C:\{683545E1-C95F-4F1A-BE62-4AC57BE7BB07}
    [2012/08/22 10:58:09 | 000,003,168 | ---- | M] () -- C:\{85F3975B-3814-40DF-84D2-D6D9117803E1}
    [2012/08/20 22:08:41 | 000,003,160 | ---- | M] () -- C:\{92D61E61-717D-4330-AA8D-C196C999CAC8}
    [2012/08/20 22:05:18 | 000,003,168 | ---- | M] () -- C:\{D4CAAB1C-6BEC-4789-8448-6381A0CE9F0F}
    [2012/08/20 21:57:00 | 000,003,192 | ---- | M] () -- C:\{C5A9D8DE-AEA0-47CC-8224-B359C6D64BB3}
    [2012/08/20 21:47:42 | 000,003,168 | ---- | M] () -- C:\{81BB429E-31E4-4A02-8F6F-EB1566E8A237}
    [2012/08/20 21:15:52 | 000,003,168 | ---- | M] () -- C:\{B3FE7E9C-5EAE-4CC3-98EA-43B23AA64D8A}
    [2012/08/19 12:58:08 | 000,003,192 | ---- | M] () -- C:\{9334061B-8657-4959-9CA5-6B4AFDD6B6DB}
    [2012/08/19 12:43:29 | 000,003,168 | ---- | M] () -- C:\{4B6A520C-53D3-4D1E-A555-1F13FFEE3249}
    [2012/08/19 12:40:01 | 000,003,168 | ---- | M] () -- C:\{37750AEC-AA8B-4E99-85AF-18EF33B6793E}
    [2012/08/19 12:14:25 | 000,003,168 | ---- | M] () -- C:\{ED1BCF3C-12BC-40B1-87A6-7B6226D930E8}
    [2012/08/19 12:05:30 | 000,003,168 | ---- | M] () -- C:\{74F6E4F8-3357-4F52-BE21-C1B6585A8993}
    [2012/08/19 11:25:11 | 000,003,192 | ---- | M] () -- C:\{8331D4A7-FA9A-449A-993B-8A54174B53B2}
    [2012/08/18 20:28:55 | 000,003,192 | ---- | M] () -- C:\{B41BCE8B-8327-4027-9D00-19FE4A000E0D}
    [2012/08/18 20:25:23 | 000,003,168 | ---- | M] () -- C:\{6A48205F-D6FA-4B2F-85A7-3A1E4F49AD87}
    [2012/08/18 20:15:41 | 000,003,168 | ---- | M] () -- C:\{870E820D-4737-485E-8C20-3363AA2968CB}
    [2012/08/14 14:39:00 | 000,003,168 | ---- | M] () -- C:\{5F43D11C-968B-4FC2-8033-853DDA105279}
    [2012/08/14 14:28:30 | 000,003,168 | ---- | M] () -- C:\{7EAA41B2-BAFC-48FF-9DD1-835736ACB458}
    [2012/08/14 14:25:45 | 000,003,168 | ---- | M] () -- C:\{3BBB27CF-EF53-4C93-A8B0-4DA74AB93423}
    [2012/08/14 13:03:10 | 000,003,168 | ---- | M] () -- C:\{97476F37-2466-4CA9-8208-C1E1C41AF0EF}
    [2012/08/14 12:58:10 | 000,003,192 | ---- | M] () -- C:\{94C3A42A-1F86-418B-AD0A-007DCBBA01C6}
    [2012/08/14 12:57:01 | 000,003,168 | ---- | M] () -- C:\{914EB9D7-E303-4BAF-8A78-4B7F10F20CEE}
    [2012/08/14 12:55:32 | 000,003,168 | ---- | M] () -- C:\{1E12AFF7-C1B1-48DB-A7F9-8AF399D10CEE}
    [2012/08/14 11:57:06 | 000,003,168 | ---- | M] () -- C:\{6683579B-4F07-4D42-8E1F-F2434F58F006}
    [2012/08/14 11:55:39 | 000,003,168 | ---- | M] () -- C:\{0284EB07-E85C-426F-849B-2440CFF00573}
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#25
jmgoodwin74

jmgoodwin74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Listed below is the log from the most recent OTL scan. The computer seems to be doing better. Still a little slow, but better overall. Hope you had a nice weekend.

OTL logfile created on: 9/9/2012 9:38:56 PM - Run 4
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Matt Goodwin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 59.21% Memory free
4.12 Gb Paging File | 2.44 Gb Available in Paging File | 59.17% Paging File free
Paging file location(s): c:\pagefile.sys 256 512

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.62 Gb Total Space | 3.03 Gb Free Space | 0.67% Space Free | Partition Type: NTFS

Computer Name: MATTGOODWIN-PC | User Name: Matt Goodwin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/05 15:36:06 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Matt Goodwin\Desktop\OTL.exe
PRC - [2012/08/15 09:48:42 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/05 18:50:30 | 000,295,304 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2012/07/05 18:41:08 | 007,392,136 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/06/08 11:32:44 | 000,531,928 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe
PRC - [2012/06/08 11:32:44 | 000,310,008 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe
PRC - [2012/06/08 11:32:44 | 000,211,104 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\MXTask2.exe
PRC - [2012/06/05 13:16:40 | 000,080,816 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe
PRC - [2012/05/04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/03/02 16:48:30 | 000,494,192 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2011/11/13 07:53:42 | 002,996,592 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
PRC - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
PRC - [2011/11/13 07:53:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
PRC - [2011/11/13 07:53:28 | 001,687,408 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
PRC - [2011/11/07 15:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
PRC - [2011/11/07 15:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010/11/20 08:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/03/03 10:41:40 | 000,053,248 | ---- | M] (HP) -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2009/12/02 15:51:12 | 000,136,192 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2009/09/22 14:30:42 | 000,632,096 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfPro5Hook.exe
PRC - [2009/09/10 00:53:10 | 000,027,736 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2009/09/10 00:42:44 | 000,142,424 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2009/08/11 15:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/07/14 23:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/08/31 09:59:28 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/02 18:08:09 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012/08/02 18:08:06 | 001,806,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
MOD - [2012/08/02 18:08:05 | 000,310,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2012/08/02 18:08:03 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/08/02 18:07:34 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/08/02 18:07:24 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/08/02 01:45:29 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/08/02 01:45:17 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/08/02 01:45:08 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/08/02 01:44:48 | 001,016,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ca1ff0fd5eade2211db56512252c0365\System.Configuration.ni.dll
MOD - [2012/08/02 01:44:45 | 005,767,680 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\6305ef37f34d6758947b5156121aa401\System.Xml.ni.dll
MOD - [2012/03/05 12:08:06 | 000,010,752 | ---- | M] () -- C:\windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll
MOD - [2010/03/03 10:41:06 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPFaxUtilities.dll
MOD - [2010/03/03 10:41:04 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\Alerts.dll
MOD - [2010/03/03 10:40:50 | 000,516,096 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPAppTools.dll
MOD - [2010/03/03 10:40:48 | 000,840,192 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\PLSDMXMLObjects.dll
MOD - [2010/03/03 10:40:46 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\AppConstants.dll
MOD - [2010/03/03 10:40:44 | 000,130,560 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\DMBaseObjects.dll
MOD - [2010/03/03 10:40:44 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPToolkit.dll
MOD - [2010/03/03 10:40:42 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTools.dll
MOD - [2009/10/15 08:25:30 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\NativeUtils.dll
MOD - [2007/08/31 09:59:28 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPUsageTracking.dll
MOD - [2007/08/31 09:59:28 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
MOD - [2007/08/31 09:59:26 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPToolkit.dll
MOD - [2007/08/31 09:59:26 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\Enumeration.dll
MOD - [2007/08/31 09:59:10 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPTools.dll
MOD - [2007/08/31 09:59:04 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPStreamsInterface.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/02 16:52:08 | 001,125,488 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe -- (wsnm_usbctrl)
SRV:64bit: - [2012/03/02 16:48:30 | 000,494,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV:64bit: - [2009/09/17 16:41:36 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/08/11 20:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/05 18:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 15:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 13:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2012/08/15 10:48:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/05 18:41:08 | 007,392,136 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/06/08 11:32:44 | 000,531,928 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe -- (Fix-It Task Manager)
SRV - [2012/06/08 11:32:44 | 000,310,008 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe -- (.AVQWindowsMonitorService)
SRV - [2012/06/05 13:16:40 | 000,080,816 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe -- (AQFileRestoreSrv)
SRV - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/11/07 15:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/11/07 15:36:13 | 000,135,608 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/02 15:51:12 | 000,136,192 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/09/10 00:42:44 | 000,142,424 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009/08/10 23:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 23:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/07/26 01:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/02 16:52:08 | 000,048,240 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmwvusb.sys -- (vmwvusb)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/21 09:16:31 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/15 21:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/01/20 15:18:26 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV:64bit: - [2009/11/10 10:27:06 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2009/10/26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/02 13:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/27 12:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/07 09:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 23:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/28 22:24:12 | 000,081,408 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/24 19:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 21:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/10 10:45:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/07/04 23:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 12:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/06/29 20:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 14:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 21:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/07/16 17:29:33 | 000,023,064 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64fax.sys -- (HPFXFAX)
DRV:64bit: - [2007/07/16 17:29:23 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPFXBULK)
DRV:64bit: - [2007/01/18 16:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120907.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/31 18:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120905.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/22 09:12:27 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120909.008\ex64.sys -- (NAVEX15)
DRV - [2012/08/22 09:12:27 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/22 09:12:27 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120909.008\eng64.sys -- (NAVENG)
DRV - [2012/08/09 08:54:10 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E113DADB-2393-4213-91BA-105D4072AA4E}
IE:64bit: - HKLM\..\SearchScopes\{E113DADB-2393-4213-91BA-105D4072AA4E}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{576E30E7-120E-47A7-80FD-42325F4B5513}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\..\SearchScopes,DefaultScope = Comcast
IE - HKCU\..\SearchScopes\{576E30E7-120E-47A7-80FD-42325F4B5513}: "URL" = http://www.google.co...&rlz=1I7TSNA_en
IE - HKCU\..\SearchScopes\{A4C9B0F2-3EF3-4F88-A97A-4121A423F183}: "URL" = http://search.yahoo....33,17118,0,18,0
IE - HKCU\..\SearchScopes\{C570F98B-2728-4D63-A268-8C1F4E199788}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Matt Goodwin\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Matt Goodwin\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 17:26:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_12_1 [2012/09/09 21:28:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Matt Goodwin\AppData\Roaming\Move Networks [2010/05/24 13:48:45 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Matt Goodwin\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Matt Goodwin\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_1\
CHR - Extension: Angry Birds = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: 3D Baseball II = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlogndjagpkddpfdjehblbmkmkbpdnhh\1.0_0\
CHR - Extension: JDoodle Jump = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegnpclfpgemhfmgfobelglidonaopc\1.4_1\
CHR - Extension: Space Invaders = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkolofikfmgppihdahfkbgpdgkocapbp\1.4_0\
CHR - Extension: Poppit = C:\Users\Matt Goodwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_1\

O1 HOSTS File: ([2012/09/09 21:18:14 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP LaserJet M1522 MFP Series Fax] C:\Program Files (x86)\HP\hp LaserJet M1522\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDFViewerPlus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" File not found
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...x-w32-2.0.2.cab (AlternaTIFF ActiveX)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse...se/ghplayer.cab (GameHouse Games Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27ACFC9C-112C-4294-9376-BAD7D87427B2}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (wsauth) - C:\windows\SysNative\wsauth.dll (VMware, Inc.)
O30 - LSA: Security Packages - (wsauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/09 20:57:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/07 15:28:02 | 000,181,064 | ---- | C] (Sysinternals) -- C:\windows\PSEXESVC.EXE
[2012/09/07 15:25:25 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/09/07 14:45:30 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/09/07 14:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/09/07 14:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/09/07 10:32:23 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 09-07-212
[2012/09/06 21:14:36 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Matt Goodwin\Desktop\FSS.exe
[2012/09/06 10:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/06 09:41:53 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 09-06-2012
[2012/09/05 17:08:23 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Desktop\RK_Quarantine
[2012/09/05 15:35:59 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Matt Goodwin\Desktop\OTL.exe
[2012/09/05 08:58:44 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 09-05-2012
[2012/09/04 10:10:07 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 09-04-2012
[2012/09/03 16:13:33 | 000,000,000 | ---D | C] -- C:\Firefox
[2012/09/03 16:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/09/03 16:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012/09/03 16:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/08/30 21:40:46 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-31-2012
[2012/08/30 10:59:55 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-30-2012
[2012/08/29 10:42:14 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-29-2012
[2012/08/28 10:21:53 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-28-2012
[2012/08/27 10:11:48 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-27-2012
[2012/08/24 11:04:44 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-24-2012
[2012/08/23 23:11:25 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/23 22:45:30 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/08/23 21:35:00 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/08/23 16:51:16 | 000,048,240 | ---- | C] (VMware, Inc.) -- C:\windows\SysNative\drivers\vmwvusb.sys
[2012/08/23 16:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2012/08/23 16:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2012/08/23 16:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
[2012/08/23 16:34:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/08/23 10:52:42 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-23-2012
[2012/08/22 13:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/22 13:41:17 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Roaming\DriverCure
[2012/08/22 13:41:13 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Roaming\SpeedyPC Software
[2012/08/22 13:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/08/22 13:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/22 10:35:36 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-22-2012
[2012/08/21 10:38:09 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-21-2012
[2012/08/20 10:56:16 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-20-2012
[2012/08/16 22:51:56 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-17-2012
[2012/08/16 09:47:39 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-16-2012
[2012/08/15 10:31:21 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
[2012/08/15 09:58:03 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-15-2012
[2012/08/14 15:07:44 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Local\NPE
[2012/08/14 10:03:28 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-14-2012
[2012/08/13 09:49:55 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\Documents\Searches for 08-13-2012
[2012/08/12 21:47:28 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\AI_RecycleBin
[2012/08/12 21:47:17 | 000,000,000 | ---D | C] -- C:\Users\Matt Goodwin\AppData\Roaming\DefaultTab
[2012/08/12 21:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/08/12 21:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!

========== Files - Modified Within 30 Days ==========

[2012/09/09 21:33:51 | 000,015,568 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 21:33:51 | 000,015,568 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 21:33:22 | 002,539,072 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/09 21:33:22 | 000,775,710 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/09 21:33:22 | 000,006,358 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/09 21:26:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/09 21:26:25 | 3117,404,160 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/09 21:18:14 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2012/09/09 20:48:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/07 17:26:57 | 000,000,000 | ---- | M] () -- C:\Users\Matt Goodwin\Documents\Nuance Image Printer Writer Port
[2012/09/07 16:25:17 | 000,430,672 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/09/07 16:21:21 | 000,181,064 | ---- | M] (Sysinternals) -- C:\windows\PSEXESVC.EXE
[2012/09/07 16:10:14 | 000,006,358 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/09/07 15:26:40 | 000,000,207 | ---- | M] () -- C:\windows\tweaking.com-regbackup-MATTGOODWIN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/09/07 14:45:25 | 000,002,258 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/09/07 14:45:06 | 005,313,275 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/09/07 14:41:23 | 001,095,748 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\Expense Report 09-07-2012.pdf
[2012/09/07 14:29:05 | 000,233,205 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\196405.pdf
[2012/09/07 14:04:11 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/09/07 10:32:23 | 000,001,466 | ---- | M] () -- C:\Users\Matt Goodwin\Documents\PP11Thumbs.ptn2
[2012/09/06 21:14:39 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Matt Goodwin\Desktop\FSS.exe
[2012/09/06 17:05:57 | 000,226,358 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\137506.pdf
[2012/09/06 17:05:16 | 000,123,033 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\116032.pdf
[2012/09/06 09:41:53 | 000,000,071 | ---- | M] () -- C:\Users\Matt Goodwin\Documents\maxdesk.ini2
[2012/09/05 17:08:19 | 001,378,816 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\RogueKiller.exe
[2012/09/05 15:36:06 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Matt Goodwin\Desktop\OTL.exe
[2012/09/05 14:06:13 | 000,732,477 | ---- | M] () -- C:\Users\Matt Goodwin\Desktop\211263.pdf
[2012/08/28 09:36:46 | 000,154,332 | ---- | M] () -- C:\windows\hppins08.dat
[2012/08/28 09:36:43 | 000,000,733 | ---- | M] () -- C:\windows\hpbvspst.his
[2012/08/28 09:36:43 | 000,000,392 | ---- | M] () -- C:\windows\hpbvspst.ini
[2012/08/28 09:36:28 | 000,000,524 | ---- | M] () -- C:\windows\hpbvspst.hi1
[2012/08/28 09:36:28 | 000,000,316 | ---- | M] () -- C:\windows\hpbvspst.bu1
[2012/08/27 17:01:49 | 000,154,332 | ---- | M] () -- C:\windows\hppins08.dat.temp
[2012/08/27 17:01:46 | 000,000,733 | ---- | M] () -- C:\windows\hpbvspst.hi2
[2012/08/27 17:01:46 | 000,000,392 | ---- | M] () -- C:\windows\hpbvspst.bu2
[2012/08/23 16:51:01 | 000,001,325 | ---- | M] () -- C:\Users\Public\Desktop\VMware View Client.lnk

========== Files Created - No Company Name ==========

[2012/09/07 16:08:19 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/09/07 15:26:40 | 000,000,207 | ---- | C] () -- C:\windows\tweaking.com-regbackup-MATTGOODWIN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/09/07 14:45:25 | 000,002,258 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/09/07 14:45:04 | 005,313,275 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/09/07 14:41:34 | 001,095,748 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\Expense Report 09-07-2012.pdf
[2012/09/07 14:29:15 | 000,233,205 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\196405.pdf
[2012/09/06 17:06:25 | 000,226,358 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\137506.pdf
[2012/09/06 17:05:25 | 000,123,033 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\116032.pdf
[2012/09/05 17:08:13 | 001,378,816 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\RogueKiller.exe
[2012/09/05 14:06:22 | 000,732,477 | ---- | C] () -- C:\Users\Matt Goodwin\Desktop\211263.pdf
[2012/08/23 16:50:57 | 000,001,325 | ---- | C] () -- C:\Users\Public\Desktop\VMware View Client.lnk
[2012/08/01 20:16:30 | 000,006,358 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/07/18 23:22:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\Standard
[2012/07/18 23:22:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\Soundtrack
[2012/07/15 22:43:02 | 000,000,000 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Roaming\Standard Tool
[2012/07/15 22:43:02 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2012/07/15 22:24:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/07/15 22:23:45 | 000,000,000 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Roaming\SupportPrinters
[2012/07/15 22:23:45 | 000,000,000 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Roaming\Strings
[2012/07/15 22:23:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/07/15 22:23:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/06/05 14:04:48 | 000,021,120 | ---- | C] () -- C:\windows\SysWow64\drivers\AQFileRestore.sys
[2012/03/05 12:04:04 | 000,154,332 | ---- | C] () -- C:\windows\hppins08.dat
[2012/03/05 12:04:04 | 000,001,116 | ---- | C] () -- C:\windows\hppmdl08.dat
[2012/03/05 11:23:08 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2012/03/05 11:22:55 | 000,316,928 | ---- | C] () -- C:\windows\SysWow64\hpcc3118.dll
[2012/01/09 18:00:31 | 000,000,376 | ---- | C] () -- C:\windows\AAA9de.ini
[2011/05/18 17:42:28 | 000,001,940 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/13 19:06:30 | 000,000,036 | ---- | C] () -- C:\windows\SysWow64\f9t.dat
[2010/10/30 14:07:21 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2010/10/30 14:00:41 | 000,000,019 | ---- | C] () -- C:\windows\popcinfo.dat
[2010/04/04 23:03:37 | 000,004,284 | ---- | C] () -- C:\Users\Matt Goodwin\AppData\Roaming\wklnhst.dat
[2010/02/26 00:47:03 | 000,000,824 | ---- | C] () -- C:\Users\Matt Goodwin\hosts
[2010/01/03 16:35:24 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/01 21:27:01 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/01 21:01:05 | 008,126,464 | --S- | C] () -- C:\Users\Matt Goodwin\NTUSER.BK1
[2010/01/01 21:01:05 | 006,299,648 | ---- | C] () -- C:\Users\Matt Goodwin\NTUSER.BAK

========== LOP Check ==========

[2012/05/12 10:03:13 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\.minecraft
[2012/08/08 09:22:49 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\.oit
[2012/08/01 22:42:29 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Avanquest
[2010/10/03 14:39:18 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Catalina Marketing Corp
[2010/01/21 09:48:50 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2012/09/09 21:18:06 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\DefaultTab
[2012/08/22 13:41:17 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\DriverCure
[2010/02/22 18:32:18 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\E-centives
[2012/07/15 22:48:19 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Nikon
[2010/01/05 10:37:04 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Nuance
[2010/04/12 21:42:24 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\OverDrive
[2010/01/23 14:14:19 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Snood
[2012/08/22 13:41:13 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\SpeedyPC Software
[2011/01/13 19:08:07 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Stamps.com Internet Postage
[2010/10/08 23:34:49 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Teleca
[2010/04/04 23:03:39 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Template
[2011/03/02 00:04:25 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Tific
[2010/01/06 10:09:34 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\TOSHIBA
[2010/05/23 13:14:46 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Ulead Systems
[2010/01/01 21:01:38 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\WinBatch
[2010/12/03 16:11:47 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Windows Live Writer
[2010/01/03 16:33:53 | 000,000,000 | ---D | M] -- C:\Users\Matt Goodwin\AppData\Roaming\Zeon
[2012/06/06 15:27:13 | 000,032,550 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will remove my tools now, and once the clean up is done defragment the drive and let m eknow how it is running

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#27
jmgoodwin74

jmgoodwin74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I can't thank you enough for all of your help. Computer is doing much better now.
  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP