Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Delta Search Hijacker and Yontoo Malware? [Solved]


  • This topic is locked This topic is locked

#1
dontmutemeplz

dontmutemeplz

    New Member

  • Member
  • Pip
  • 5 posts
Hello all,

Today I somehow managed to pick up two pieces of malware (the Delta Search browser hijacker and the Yontoo Malware). I am not sure how I managed to get it, possibly due to downloading things...

Any help would be appreciated!

Here is the OTL file:

OTL logfile created on: 4/28/2013 2:53:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 48.80% Memory free
11.90 Gb Paging File | 8.50 Gb Available in Paging File | 71.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.02 Gb Total Space | 521.99 Gb Free Space | 89.69% Space Free | Partition Type: NTFS
Drive D: | 13.85 Gb Total Space | 1.55 Gb Free Space | 11.17% Space Free | Partition Type: NTFS

Computer Name: CHRIS-HPDM | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/28 14:53:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
PRC - [2013/04/17 23:52:14 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/04/16 21:17:26 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\Chris\AppData\Roaming\Yontoo\YontooDesktop.exe
PRC - [2013/04/16 21:17:26 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
PRC - [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/04/04 18:41:44 | 025,863,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/01/14 12:56:42 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2011/12/28 16:29:18 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
PRC - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
PRC - [2011/03/11 14:28:38 | 001,502,776 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011/03/10 23:29:12 | 000,227,984 | R-S- | M] (Tarma Software Research Pty Ltd) -- C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
PRC - [2011/02/28 18:08:30 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/18 01:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/18 01:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/18 01:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/01/27 15:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/01/12 21:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 21:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/11/23 14:26:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/11/23 14:26:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/09 18:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Chris\Local Settings\Apps\F.lux\flux.exe
PRC - [2007/12/19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/28 14:26:24 | 000,013,600 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll
MOD - [2013/04/16 21:19:31 | 000,635,392 | R-S- | M] () -- C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
MOD - [2013/04/16 21:19:11 | 000,459,264 | R-S- | M] () -- C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
MOD - [2013/04/09 04:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 04:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 04:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 04:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 04:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 04:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/03/24 16:48:10 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
MOD - [2013/03/24 16:48:10 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
MOD - [2013/03/24 15:31:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/03/24 15:30:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/03/24 15:30:34 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/03/24 15:30:23 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/03/24 15:30:20 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/03/24 15:30:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/03/24 15:30:16 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/03/24 15:29:51 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/10/05 06:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/01/14 12:56:42 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2011/12/28 16:29:18 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
MOD - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
MOD - [2010/11/20 23:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/11/20 23:23:56 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2010/11/20 23:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Chris\Local Settings\Apps\F.lux\flux.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/02/15 01:23:52 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/05 16:41:38 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/01/05 16:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/01/05 16:26:56 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/12 19:24:30 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/04/17 10:33:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/29 15:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/04 15:15:48 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/02/28 18:08:30 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/18 01:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/01/12 21:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/11/23 14:26:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/11/23 14:26:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/13 15:30:36 | 000,025,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PerformanceTest\DirectIo64.sys -- (DIRECTIO)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 07:54:22 | 000,351,864 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/02/16 20:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/02/15 15:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/02/15 01:23:52 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/25 15:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/01/12 20:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/07 21:42:34 | 012,262,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/04 14:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/08/12 19:24:30 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/08/12 19:24:30 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/03/23 16:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/07/03 23:49:26 | 000,252,928 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTwindrvr6.sys -- (VSTWinDriver6)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rchTerms}&r=948
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-se...8622C413809DD1E
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..browser.startup.homepage:


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll (Wolfram Research, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/17 10:33:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/17 10:33:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/03/24 16:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2013/04/28 14:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\avb1ug22.default\extensions
[2013/04/28 14:26:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\avb1ug22.default\extensions\[email protected]
[2013/04/28 14:26:15 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\avb1ug22.default\extensions\[email protected]
[2013/04/11 11:54:38 | 000,199,543 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\avb1ug22.default\extensions\[email protected]
[2013/04/17 10:32:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/17 10:32:47 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/04/17 10:33:09 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/28 14:26:29 | 000,006,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Delta Search (Enabled)
CHR - default_search_provider: search_url = http://www2.delta-se...8622C413809DD1E
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www2.delta-se...8622C413809DD1E
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Website Logon = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\
CHR - Extension: Google Docs = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: After the Deadline = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjadjbdihbaodagojiomdljhjhjfho\1.2_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.2.0.1_0\
CHR - Extension: PutLockerDownloader V3.0 = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\koalekbhpbggkcfhkkbolikjoaobbppi\3.0_0\
CHR - Extension: Illimitux = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnihopcnbfnbfnnneplcohmnkkpipb\1.0_0\
CHR - Extension: Yontoo = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: zen temple = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmiiioabolbmhbhphhfjbohiiijmkee\1_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: unedditreddit = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppgcnpiddlbiemncalhbpgkcgecfofpj\1.5_0\

O1 HOSTS File: ([2013/02/25 02:13:22 | 000,572,148 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 15484 more lines...
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [F.lux] C:\Users\Chris\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [Spotify] C:\Users\Chris\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\Chris\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{328DEDB1-8FE6-41A6-9C4B-414474478382}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/28 14:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013/04/28 14:26:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Babylon
[2013/04/28 14:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/04/28 14:26:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Yontoo
[2013/04/28 14:26:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2013/04/28 14:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/04/28 14:25:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\PutLockerDownloader
[2013/04/28 14:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PutLockerDownloader
[2013/04/28 14:25:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com
[2013/04/28 14:25:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PutLockerDownloader.com
[2013/04/27 16:28:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\.idlerc
[2013/04/27 16:27:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.5
[2013/04/27 16:27:13 | 000,000,000 | ---D | C] -- C:\Python25
[2013/04/26 19:45:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\gfgfgfg_data
[2013/04/26 19:45:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\gfgfg_data
[2013/04/26 19:45:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\ggfg_data
[2013/04/26 19:45:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\g_data
[2013/04/26 13:38:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Audacity
[2013/04/26 13:30:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013/04/23 11:02:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Mathematica
[2013/04/23 11:02:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Mathematica
[2013/04/23 11:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wolfram Research
[2013/04/23 11:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wolfram Research
[2013/04/23 11:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ResearchSoft
[2013/04/23 11:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mathematica
[2013/04/23 11:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Extras
[2013/04/23 11:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica
[2013/04/23 10:55:04 | 000,437,552 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\ml64i3.dll
[2013/04/23 10:55:04 | 000,426,288 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\mltcpip64.mlp
[2013/04/23 10:55:04 | 000,369,968 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\ml32i3.dll
[2013/04/23 10:55:04 | 000,360,752 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mltcpip32.mlp
[2013/04/23 10:55:04 | 000,303,408 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\ml64i2.dll
[2013/04/23 10:55:04 | 000,258,864 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\ml32i2.dll
[2013/04/23 10:55:04 | 000,252,720 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\ml32i1.dll
[2013/04/23 10:55:04 | 000,181,040 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\mlmodule64.dll
[2013/04/23 10:55:04 | 000,173,360 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mlmodule32.dll
[2013/04/23 10:55:04 | 000,104,240 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\mltcp64.mlp
[2013/04/23 10:55:04 | 000,099,632 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\mlshm64.mlp
[2013/04/23 10:55:04 | 000,095,536 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mltcp32.mlp
[2013/04/23 10:55:04 | 000,088,368 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mlshm32.mlp
[2013/04/23 10:55:04 | 000,078,128 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mlmap32.mlp
[2013/04/23 10:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Wolfram Research
[2013/04/18 14:36:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\4-11-2013Tower
[2013/04/17 10:32:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/12 08:15:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Racket
[2013/04/11 15:14:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\.thumbnails
[2013/04/08 20:54:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/04/08 20:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2013/04/08 20:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2013/04/08 09:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Racket
[2013/04/08 09:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Racket
[2013/04/08 07:12:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\4-5-2013Railroad+ Building
[2013/04/06 12:07:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
[2013/04/02 15:20:39 | 006,963,594 | ---- | C] (Carl Burch, Hendrix College) -- C:\Users\Chris\Desktop\logisim-win-2.7.1.exe
[2013/04/02 10:43:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Spotify
[2013/04/02 10:43:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Spotify
[2013/04/01 07:15:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\3-29-2013Ralphs
[2013/04/01 07:14:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Aperture
[2013/04/01 07:13:36 | 000,312,320 | ---- | C] (RealWorld Graphics) -- C:\Users\Chris\Desktop\PhotoResize1024Q90.exe
[2013/04/01 07:12:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Shutter
[2013/03/31 15:38:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\My Cheat Tables
[2013/03/31 15:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2013/03/31 15:35:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2
[2013/03/31 15:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\CrashDumps
[2013/03/31 15:11:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\SteveAndrewSoftware
[2013/03/31 15:10:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\bhopallday
[2013/03/30 13:17:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe

========== Files - Modified Within 30 Days ==========

[2013/04/28 14:31:38 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/28 14:26:11 | 018,172,973 | ---- | M] () -- C:\Users\Chris\Desktop\84E7A0B8FCCB47AA
[2013/04/28 14:25:43 | 000,000,948 | ---- | M] () -- C:\Users\Chris\Desktop\PutLockerDownloader.lnk
[2013/04/28 14:05:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/28 13:29:14 | 000,164,260 | ---- | M] () -- C:\Users\Chris\Desktop\largeFile.jpg
[2013/04/28 13:28:24 | 000,064,023 | ---- | M] () -- C:\Users\Chris\Desktop\spamcarver.jpg
[2013/04/28 12:27:42 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/28 12:15:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/26 19:45:53 | 000,000,881 | ---- | M] () -- C:\Users\Chris\Desktop\gfgfgfg.aup
[2013/04/26 19:45:49 | 000,001,571 | ---- | M] () -- C:\Users\Chris\Desktop\gfgfg.aup
[2013/04/26 19:45:47 | 000,000,879 | ---- | M] () -- C:\Users\Chris\Desktop\ggfg.aup
[2013/04/26 19:45:40 | 000,000,875 | ---- | M] () -- C:\Users\Chris\Desktop\g.aup
[2013/04/26 17:25:00 | 000,014,112 | ---- | M] () -- C:\Users\Chris\Desktop\make-student-template.rkt
[2013/04/26 17:24:57 | 000,022,256 | ---- | M] () -- C:\Users\Chris\Desktop\structuresracketlab.rkt
[2013/04/26 14:22:57 | 000,264,772 | ---- | M] () -- C:\Users\Chris\Desktop\decode2.wav
[2013/04/26 14:19:17 | 000,441,044 | ---- | M] () -- C:\Users\Chris\Desktop\decode.wav
[2013/04/26 11:01:55 | 000,001,562 | ---- | M] () -- C:\Users\Chris\Desktop\racketlab3.rkt
[2013/04/26 10:06:45 | 000,020,771 | ---- | M] () -- C:\Users\Chris\Desktop\structuresracketlab.bak
[2013/04/26 01:18:24 | 000,020,730 | ---- | M] () -- C:\Users\Chris\Desktop\racketlab2.rkt
[2013/04/25 14:49:13 | 000,000,786 | ---- | M] () -- C:\Users\Chris\Desktop\racketlab2.bak
[2013/04/25 14:44:46 | 000,013,246 | ---- | M] () -- C:\Users\Chris\Desktop\make-student-template.bak
[2013/04/23 20:44:24 | 000,000,089 | ---- | M] () -- C:\Users\Chris\AppData\Local\msmathematics.qat.Chris
[2013/04/22 15:59:40 | 001,161,256 | ---- | M] () -- C:\Users\Chris\Documents\ipodguy.xcf
[2013/04/22 15:59:40 | 000,006,385 | ---- | M] () -- C:\Users\Chris\AppData\Local\recently-used.xbel
[2013/04/22 15:58:03 | 000,132,419 | ---- | M] () -- C:\Users\Chris\Desktop\iPodGuy.jpg
[2013/04/22 15:08:24 | 000,257,061 | ---- | M] () -- C:\Users\Chris\Desktop\IMG_9686-1024.jpg
[2013/04/22 15:06:05 | 000,857,971 | ---- | M] () -- C:\Users\Chris\Desktop\run-1-orig.jpg
[2013/04/22 12:42:49 | 000,045,456 | ---- | M] () -- C:\Users\Chris\Desktop\twilight_sparkle_wallpaper_by_tehnomad-d3ykare.jpg
[2013/04/22 09:28:36 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/22 09:28:36 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/22 09:25:54 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/22 09:25:54 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/22 09:25:54 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/22 09:21:03 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/21 20:10:30 | 000,004,107 | ---- | M] () -- C:\Users\Chris\Desktop\HAHAHAHAHAHAHAHAHAHA.png
[2013/04/18 23:59:40 | 000,002,770 | ---- | M] () -- C:\Users\Chris\Desktop\racketlab.rkt
[2013/04/18 15:20:52 | 000,067,264 | ---- | M] () -- C:\Users\Chris\Desktop\man-horn.jpg
[2013/04/17 19:44:54 | 000,233,397 | ---- | M] () -- C:\Users\Chris\Desktop\SolenoidNotez.pdf
[2013/04/17 19:40:30 | 001,587,708 | ---- | M] () -- C:\Users\Chris\Desktop\09.pdf
[2013/04/17 17:10:56 | 000,251,604 | ---- | M] () -- C:\Users\Chris\Desktop\ch19-day05-FaradayLenz-Notes.pdf
[2013/04/17 16:34:04 | 000,001,218 | ---- | M] () -- C:\Users\Chris\Desktop\paycheck.rkt
[2013/04/16 21:16:12 | 000,104,654 | ---- | M] () -- C:\Users\Chris\Desktop\2013 Engineering_Pipeline_Program_Application (1).pdf
[2013/04/15 17:24:22 | 000,031,198 | ---- | M] () -- C:\Users\Chris\Desktop\swagtothemaximum.png
[2013/04/12 21:22:09 | 000,000,246 | ---- | M] () -- C:\Users\Chris\Desktop\swag.rkt
[2013/04/12 11:24:33 | 000,194,977 | ---- | M] () -- C:\Users\Chris\Desktop\waldenchambers1.png
[2013/04/12 11:21:02 | 000,196,973 | ---- | M] () -- C:\Users\Chris\Desktop\waldenchambers.png
[2013/04/12 11:14:46 | 000,033,255 | ---- | M] () -- C:\Users\Chris\Desktop\Walden-Chamber-Players-logo2.jpg
[2013/04/12 08:39:26 | 000,000,129 | ---- | M] () -- C:\Users\Chris\Desktop\paycheck.bak
[2013/04/11 15:58:55 | 000,602,150 | ---- | M] () -- C:\Users\Chris\Desktop\antibioticsGIMPD.jpeg
[2013/04/11 15:38:59 | 000,409,596 | ---- | M] () -- C:\Users\Chris\Desktop\flavoriceGIMPd.png
[2013/04/11 15:12:08 | 000,022,996 | ---- | M] () -- C:\Users\Chris\Desktop\flavorice.jpg
[2013/04/10 00:06:31 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 17:19:48 | 000,000,600 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\winscp.rnd
[2013/04/08 23:32:12 | 000,002,475 | ---- | M] () -- C:\Users\Chris\Documents\kylie.html
[2013/04/08 23:24:59 | 000,024,244 | ---- | M] () -- C:\Users\Chris\Desktop\Manual.pdf
[2013/04/08 22:35:58 | 000,610,437 | ---- | M] () -- C:\Users\Chris\Desktop\CodeAndComponentDocumentation.pdf
[2013/04/08 22:19:58 | 000,056,108 | ---- | M] () -- C:\Users\Chris\Desktop\SidescrollingCanvas.png
[2013/04/08 22:14:23 | 000,074,973 | ---- | M] () -- C:\Users\Chris\Desktop\KylieTheBloquettaBlock.png
[2013/04/08 22:06:14 | 000,060,635 | ---- | M] () -- C:\Users\Chris\Desktop\ButtonArrangement.png
[2013/04/08 21:58:42 | 000,067,645 | ---- | M] () -- C:\Users\Chris\Desktop\StartCanvas.png
[2013/04/08 21:41:19 | 000,113,848 | ---- | M] () -- C:\Users\Chris\Desktop\screeninitialize.png
[2013/04/08 21:30:02 | 000,027,817 | ---- | M] () -- C:\Users\Chris\Desktop\KylieTheBloquetta.png
[2013/04/08 21:21:49 | 000,092,376 | ---- | M] () -- C:\Users\Chris\Desktop\Chris Chiang and Nayana Thimmiah.pdf
[2013/04/08 20:40:31 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\WinSCP.lnk
[2013/04/05 23:48:42 | 000,054,422 | ---- | M] () -- C:\Users\Chris\Desktop\Instructions.jpg
[2013/04/05 23:48:19 | 000,061,767 | ---- | M] () -- C:\Users\Chris\Desktop\StoryLine(300x217).jpg
[2013/04/05 21:49:02 | 000,016,951 | ---- | M] () -- C:\Users\Chris\Desktop\Instructions1.png
[2013/04/05 20:23:11 | 000,022,621 | ---- | M] () -- C:\Users\Chris\Desktop\Story.png
[2013/04/04 20:38:52 | 000,001,051 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/04 20:38:45 | 000,001,019 | ---- | M] () -- C:\Users\Chris\Desktop\Dropbox.lnk
[2013/04/04 10:01:13 | 000,606,750 | ---- | M] () -- C:\Users\Chris\Desktop\spacetime.jpg
[2013/04/03 21:28:27 | 000,009,797 | ---- | M] () -- C:\Users\Chris\Desktop\144p.png
[2013/04/03 10:58:48 | 000,010,405 | ---- | M] () -- C:\Users\Chris\Documents\sad.circ
[2013/04/03 08:43:20 | 000,540,241 | ---- | M] () -- C:\Users\Chris\Desktop\GreatWallDeChina-2048.jpg
[2013/04/03 08:42:48 | 000,001,201 | ---- | M] () -- C:\Users\Chris\Desktop\Downloads - Shortcut.lnk
[2013/04/03 08:42:46 | 012,832,616 | ---- | M] () -- C:\Users\Chris\Desktop\GreatWallDeChina.jpg
[2013/04/02 22:56:04 | 003,330,637 | ---- | M] () -- C:\Users\Chris\Desktop\x.jpg
[2013/04/02 15:54:07 | 000,415,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/02 15:21:39 | 006,963,594 | ---- | M] (Carl Burch, Hendrix College) -- C:\Users\Chris\Desktop\logisim-win-2.7.1.exe
[2013/04/02 10:43:54 | 000,001,807 | ---- | M] () -- C:\Users\Chris\Desktop\Spotify.lnk
[2013/04/01 21:26:28 | 000,061,758 | ---- | M] () -- C:\Users\Chris\Desktop\electrongettingitin.png
[2013/04/01 07:13:28 | 000,312,320 | ---- | M] (RealWorld Graphics) -- C:\Users\Chris\Desktop\PhotoResize1024Q90.exe
[2013/03/31 16:48:31 | 000,000,803 | ---- | M] () -- C:\Users\Chris\Documents\a.xml
[2013/03/31 16:28:38 | 017,203,712 | ---- | M] () -- C:\Users\Chris\Documents\z.PTR.1
[2013/03/31 16:28:38 | 013,545,120 | ---- | M] () -- C:\Users\Chris\Documents\z.PTR.0
[2013/03/31 16:28:38 | 012,165,248 | ---- | M] () -- C:\Users\Chris\Documents\z.PTR.2
[2013/03/31 16:28:34 | 000,002,324 | ---- | M] () -- C:\Users\Chris\Documents\z.PTR

========== Files Created - No Company Name ==========

[2013/04/28 14:25:54 | 018,172,973 | ---- | C] () -- C:\Users\Chris\Desktop\84E7A0B8FCCB47AA
[2013/04/28 14:25:43 | 000,000,948 | ---- | C] () -- C:\Users\Chris\Desktop\PutLockerDownloader.lnk
[2013/04/28 13:29:14 | 000,164,260 | ---- | C] () -- C:\Users\Chris\Desktop\largeFile.jpg
[2013/04/28 13:26:02 | 000,064,023 | ---- | C] () -- C:\Users\Chris\Desktop\spamcarver.jpg
[2013/04/26 19:45:53 | 000,000,881 | ---- | C] () -- C:\Users\Chris\Desktop\gfgfgfg.aup
[2013/04/26 19:45:49 | 000,001,571 | ---- | C] () -- C:\Users\Chris\Desktop\gfgfg.aup
[2013/04/26 19:45:47 | 000,000,879 | ---- | C] () -- C:\Users\Chris\Desktop\ggfg.aup
[2013/04/26 19:45:40 | 000,000,875 | ---- | C] () -- C:\Users\Chris\Desktop\g.aup
[2013/04/26 17:25:00 | 000,013,246 | ---- | C] () -- C:\Users\Chris\Desktop\make-student-template.bak
[2013/04/26 17:24:57 | 000,020,771 | ---- | C] () -- C:\Users\Chris\Desktop\structuresracketlab.bak
[2013/04/26 14:22:57 | 000,264,772 | ---- | C] () -- C:\Users\Chris\Desktop\decode2.wav
[2013/04/26 14:19:16 | 000,441,044 | ---- | C] () -- C:\Users\Chris\Desktop\decode.wav
[2013/04/26 13:30:56 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013/04/26 11:01:55 | 000,001,562 | ---- | C] () -- C:\Users\Chris\Desktop\racketlab3.rkt
[2013/04/26 10:06:45 | 000,022,256 | ---- | C] () -- C:\Users\Chris\Desktop\structuresracketlab.rkt
[2013/04/26 01:18:24 | 000,000,786 | ---- | C] () -- C:\Users\Chris\Desktop\racketlab2.bak
[2013/04/25 14:49:13 | 000,020,730 | ---- | C] () -- C:\Users\Chris\Desktop\racketlab2.rkt
[2013/04/25 14:44:46 | 000,014,112 | ---- | C] () -- C:\Users\Chris\Desktop\make-student-template.rkt
[2013/04/23 20:44:24 | 000,000,089 | ---- | C] () -- C:\Users\Chris\AppData\Local\msmathematics.qat.Chris
[2013/04/22 15:59:40 | 001,161,256 | ---- | C] () -- C:\Users\Chris\Documents\ipodguy.xcf
[2013/04/22 15:59:40 | 000,006,385 | ---- | C] () -- C:\Users\Chris\AppData\Local\recently-used.xbel
[2013/04/22 15:43:38 | 000,132,419 | ---- | C] () -- C:\Users\Chris\Desktop\iPodGuy.jpg
[2013/04/22 15:08:24 | 000,257,061 | ---- | C] () -- C:\Users\Chris\Desktop\IMG_9686-1024.jpg
[2013/04/22 15:06:04 | 000,857,971 | ---- | C] () -- C:\Users\Chris\Desktop\run-1-orig.jpg
[2013/04/22 12:42:48 | 000,045,456 | ---- | C] () -- C:\Users\Chris\Desktop\twilight_sparkle_wallpaper_by_tehnomad-d3ykare.jpg
[2013/04/21 20:10:30 | 000,004,107 | ---- | C] () -- C:\Users\Chris\Desktop\HAHAHAHAHAHAHAHAHAHA.png
[2013/04/18 23:59:40 | 000,002,770 | ---- | C] () -- C:\Users\Chris\Desktop\racketlab.rkt
[2013/04/18 15:20:52 | 000,067,264 | ---- | C] () -- C:\Users\Chris\Desktop\man-horn.jpg
[2013/04/17 19:44:54 | 000,233,397 | ---- | C] () -- C:\Users\Chris\Desktop\SolenoidNotez.pdf
[2013/04/17 19:40:30 | 001,587,708 | ---- | C] () -- C:\Users\Chris\Desktop\09.pdf
[2013/04/17 17:10:55 | 000,251,604 | ---- | C] () -- C:\Users\Chris\Desktop\ch19-day05-FaradayLenz-Notes.pdf
[2013/04/16 21:16:12 | 000,104,654 | ---- | C] () -- C:\Users\Chris\Desktop\2013 Engineering_Pipeline_Program_Application (1).pdf
[2013/04/15 17:24:21 | 000,031,198 | ---- | C] () -- C:\Users\Chris\Desktop\swagtothemaximum.png
[2013/04/12 21:22:09 | 000,000,246 | ---- | C] () -- C:\Users\Chris\Desktop\swag.rkt
[2013/04/12 21:22:02 | 000,000,129 | ---- | C] () -- C:\Users\Chris\Desktop\paycheck.bak
[2013/04/12 11:24:33 | 000,194,977 | ---- | C] () -- C:\Users\Chris\Desktop\waldenchambers1.png
[2013/04/12 11:21:02 | 000,196,973 | ---- | C] () -- C:\Users\Chris\Desktop\waldenchambers.png
[2013/04/12 11:14:46 | 000,033,255 | ---- | C] () -- C:\Users\Chris\Desktop\Walden-Chamber-Players-logo2.jpg
[2013/04/12 08:39:26 | 000,001,218 | ---- | C] () -- C:\Users\Chris\Desktop\paycheck.rkt
[2013/04/11 15:58:55 | 000,602,150 | ---- | C] () -- C:\Users\Chris\Desktop\antibioticsGIMPD.jpeg
[2013/04/11 15:38:58 | 000,409,596 | ---- | C] () -- C:\Users\Chris\Desktop\flavoriceGIMPd.png
[2013/04/11 15:12:08 | 000,022,996 | ---- | C] () -- C:\Users\Chris\Desktop\flavorice.jpg
[2013/04/09 17:19:48 | 000,000,600 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\winscp.rnd
[2013/04/08 23:24:58 | 000,024,244 | ---- | C] () -- C:\Users\Chris\Desktop\Manual.pdf
[2013/04/08 22:35:55 | 000,610,437 | ---- | C] () -- C:\Users\Chris\Desktop\CodeAndComponentDocumentation.pdf
[2013/04/08 22:19:58 | 000,056,108 | ---- | C] () -- C:\Users\Chris\Desktop\SidescrollingCanvas.png
[2013/04/08 22:14:23 | 000,074,973 | ---- | C] () -- C:\Users\Chris\Desktop\KylieTheBloquettaBlock.png
[2013/04/08 22:06:14 | 000,060,635 | ---- | C] () -- C:\Users\Chris\Desktop\ButtonArrangement.png
[2013/04/08 21:49:29 | 000,067,645 | ---- | C] () -- C:\Users\Chris\Desktop\StartCanvas.png
[2013/04/08 21:41:19 | 000,113,848 | ---- | C] () -- C:\Users\Chris\Desktop\screeninitialize.png
[2013/04/08 21:21:48 | 000,092,376 | ---- | C] () -- C:\Users\Chris\Desktop\Chris Chiang and Nayana Thimmiah.pdf
[2013/04/08 20:59:11 | 000,027,817 | ---- | C] () -- C:\Users\Chris\Desktop\KylieTheBloquetta.png
[2013/04/08 20:47:45 | 000,001,247 | ---- | C] () -- C:\Users\Chris\Documents\gangnamstyle.css
[2013/04/08 20:47:16 | 000,002,475 | ---- | C] () -- C:\Users\Chris\Documents\kylie.html
[2013/04/08 20:40:31 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\WinSCP.lnk
[2013/04/05 23:43:48 | 000,061,767 | ---- | C] () -- C:\Users\Chris\Desktop\StoryLine(300x217).jpg
[2013/04/05 23:42:37 | 000,054,422 | ---- | C] () -- C:\Users\Chris\Desktop\Instructions.jpg
[2013/04/05 21:45:04 | 000,016,951 | ---- | C] () -- C:\Users\Chris\Desktop\Instructions1.png
[2013/04/05 20:23:11 | 000,022,621 | ---- | C] () -- C:\Users\Chris\Desktop\Story.png
[2013/04/04 10:01:13 | 000,606,750 | ---- | C] () -- C:\Users\Chris\Desktop\spacetime.jpg
[2013/04/03 21:28:27 | 000,009,797 | ---- | C] () -- C:\Users\Chris\Desktop\144p.png
[2013/04/03 10:58:48 | 000,010,405 | ---- | C] () -- C:\Users\Chris\Documents\sad.circ
[2013/04/03 08:42:46 | 012,832,616 | ---- | C] () -- C:\Users\Chris\Desktop\GreatWallDeChina.jpg
[2013/04/03 08:42:46 | 000,540,241 | ---- | C] () -- C:\Users\Chris\Desktop\GreatWallDeChina-2048.jpg
[2013/04/02 22:56:03 | 003,330,637 | ---- | C] () -- C:\Users\Chris\Desktop\x.jpg
[2013/04/02 10:43:54 | 000,001,807 | ---- | C] () -- C:\Users\Chris\Desktop\Spotify.lnk
[2013/04/02 10:43:54 | 000,001,793 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/04/01 21:26:28 | 000,061,758 | ---- | C] () -- C:\Users\Chris\Desktop\electrongettingitin.png
[2013/03/31 16:33:51 | 000,000,803 | ---- | C] () -- C:\Users\Chris\Documents\a.xml
[2013/03/31 16:25:01 | 017,203,712 | ---- | C] () -- C:\Users\Chris\Documents\z.PTR.1
[2013/03/31 16:25:01 | 013,545,120 | ---- | C] () -- C:\Users\Chris\Documents\z.PTR.0
[2013/03/31 16:25:01 | 012,165,248 | ---- | C] () -- C:\Users\Chris\Documents\z.PTR.2
[2013/03/31 16:25:01 | 000,002,324 | ---- | C] () -- C:\Users\Chris\Documents\z.PTR

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/27 13:03:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\.minecraft
[2013/04/26 19:45:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Audacity
[2013/04/28 14:26:22 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Babylon
[2013/04/22 09:21:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Dropbox
[2013/04/26 17:25:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Racket
[2013/03/25 19:57:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Razer
[2013/04/22 09:21:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Spotify
[2013/03/31 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SteveAndrewSoftware
[2013/04/28 14:26:24 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Yontoo

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
dontmutemeplz

dontmutemeplz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Update: I uninstalled the Delta Search toolbar and such, but I'm pretty sure it just downloaded backdoor.

Any help wuld be appreciated
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets get you cleaned up

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-se...8622C413809DD1E
[2013/04/28 14:26:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\avb1ug22.default\extensions\[email protected]
[2013/04/28 14:26:15 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\avb1ug22.default\extensions\[email protected]
[2013/04/28 14:26:29 | 000,006,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\Chris\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
[2013/04/28 14:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013/04/28 14:26:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Babylon
[2013/04/28 14:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/04/28 14:26:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Yontoo
[2013/04/28 14:26:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2013/04/28 14:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/04/28 14:26:22 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Babylon
[2013/04/28 14:26:24 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Yontoo

:Files
C:\Program Files (x86)\Yontoo
C:\ProgramData\Tarma Installer
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#4
dontmutemeplz

dontmutemeplz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Essexboy, thank you for the help and fast reply!

Here is the OTL Log, I will attach the AdwCleaner log after I finish running it:
OTL logfile created on: 4/29/2013 4:57:06 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 3.57 Gb Available Physical Memory | 60.03% Memory free
11.90 Gb Paging File | 9.41 Gb Available in Paging File | 79.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.02 Gb Total Space | 526.62 Gb Free Space | 90.48% Space Free | Partition Type: NTFS
Drive D: | 13.85 Gb Total Space | 1.55 Gb Free Space | 11.17% Space Free | Partition Type: NTFS

Computer Name: CHRIS-HPDM | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/28 14:53:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
PRC - [2013/04/17 23:52:21 | 004,555,776 | ---- | M] (Spotify Ltd) -- C:\Users\Chris\AppData\Roaming\Spotify\spotify.exe
PRC - [2013/04/17 23:52:14 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/04/04 18:41:44 | 025,863,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/03/29 15:53:56 | 001,631,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/03/29 15:53:56 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/01/14 12:56:42 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2011/12/28 16:29:18 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
PRC - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
PRC - [2011/03/11 14:28:38 | 001,502,776 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011/03/08 15:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/28 18:08:30 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/18 01:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/18 01:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/18 01:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/01/27 15:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/01/12 21:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 21:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/11/23 14:26:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/11/23 14:26:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/09 18:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Chris\Local Settings\Apps\F.lux\flux.exe
PRC - [2007/12/19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/17 23:52:14 | 024,985,600 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2013/04/09 04:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 04:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 04:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 04:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 04:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/03/29 15:53:56 | 001,114,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/03/26 20:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/03/25 18:23:34 | 000,651,776 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/03/24 16:48:10 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
MOD - [2013/03/24 16:48:10 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
MOD - [2013/03/24 15:31:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/03/24 15:30:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/03/24 15:30:34 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/03/24 15:30:23 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/03/24 15:30:20 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/03/24 15:30:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/03/24 15:30:16 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/03/24 15:29:51 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/12/11 13:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 13:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/11 13:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/01/14 12:56:42 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2011/12/28 16:29:18 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
MOD - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
MOD - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Chris\Local Settings\Apps\F.lux\flux.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/02/15 01:23:52 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/05 16:41:38 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/01/05 16:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/01/05 16:26:56 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/12 19:24:30 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/04/17 10:33:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/29 15:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/04 15:15:48 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/02/28 18:08:30 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/18 01:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/01/12 21:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/11/23 14:26:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/11/23 14:26:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/13 15:30:36 | 000,025,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PerformanceTest\DirectIo64.sys -- (DIRECTIO)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 07:54:22 | 000,351,864 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/02/16 20:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/02/15 15:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/02/15 01:23:52 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/25 15:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/01/12 20:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/07 21:42:34 | 012,262,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/04 14:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/08/12 19:24:30 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/08/12 19:24:30 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/03/23 16:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/07/03 23:49:26 | 000,252,928 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTwindrvr6.sys -- (VSTWinDriver6)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rchTerms}&r=948
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll (Wolfram Research, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/17 10:33:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/17 10:33:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/03/24 16:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2013/04/29 16:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\avb1ug22.default\extensions
[2013/04/11 11:54:38 | 000,199,543 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\avb1ug22.default\extensions\[email protected]
[2013/04/17 10:32:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/17 10:32:47 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/04/17 10:33:09 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www2.delta-se...8622C413809DD1E
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Website Logon = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\
CHR - Extension: Google Docs = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: After the Deadline = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjadjbdihbaodagojiomdljhjhjfho\1.2_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.2.0.1_0\
CHR - Extension: PutLockerDownloader V3.0 = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\koalekbhpbggkcfhkkbolikjoaobbppi\3.0_0\
CHR - Extension: Illimitux = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnihopcnbfnbfnnneplcohmnkkpipb\1.0_0\
CHR - Extension: zen temple = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmiiioabolbmhbhphhfjbohiiijmkee\1_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: unedditreddit = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppgcnpiddlbiemncalhbpgkcgecfofpj\1.5_0\

O1 HOSTS File: ([2013/04/29 16:49:06 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [F.lux] C:\Users\Chris\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [Spotify] C:\Users\Chris\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{328DEDB1-8FE6-41A6-9C4B-414474478382}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/29 16:48:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/28 14:25:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\PutLockerDownloader
[2013/04/28 14:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PutLockerDownloader
[2013/04/28 14:25:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com
[2013/04/28 14:25:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PutLockerDownloader.com
[2013/04/27 16:28:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\.idlerc
[2013/04/27 16:27:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.5
[2013/04/27 16:27:13 | 000,000,000 | ---D | C] -- C:\Python25
[2013/04/26 19:45:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\gfgfgfg_data
[2013/04/26 19:45:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\gfgfg_data
[2013/04/26 19:45:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\ggfg_data
[2013/04/26 19:45:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\g_data
[2013/04/26 13:38:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Audacity
[2013/04/26 13:30:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013/04/23 11:02:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Mathematica
[2013/04/23 11:02:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Mathematica
[2013/04/23 11:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wolfram Research
[2013/04/23 11:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wolfram Research
[2013/04/23 11:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ResearchSoft
[2013/04/23 11:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mathematica
[2013/04/23 11:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Extras
[2013/04/23 11:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica
[2013/04/23 10:55:04 | 000,437,552 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\ml64i3.dll
[2013/04/23 10:55:04 | 000,426,288 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\mltcpip64.mlp
[2013/04/23 10:55:04 | 000,369,968 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\ml32i3.dll
[2013/04/23 10:55:04 | 000,360,752 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mltcpip32.mlp
[2013/04/23 10:55:04 | 000,303,408 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\ml64i2.dll
[2013/04/23 10:55:04 | 000,258,864 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\ml32i2.dll
[2013/04/23 10:55:04 | 000,252,720 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\ml32i1.dll
[2013/04/23 10:55:04 | 000,181,040 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\mlmodule64.dll
[2013/04/23 10:55:04 | 000,173,360 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mlmodule32.dll
[2013/04/23 10:55:04 | 000,104,240 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\mltcp64.mlp
[2013/04/23 10:55:04 | 000,099,632 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysNative\mlshm64.mlp
[2013/04/23 10:55:04 | 000,095,536 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mltcp32.mlp
[2013/04/23 10:55:04 | 000,088,368 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mlshm32.mlp
[2013/04/23 10:55:04 | 000,078,128 | ---- | C] (Wolfram Research, Inc.) -- C:\Windows\SysWow64\mlmap32.mlp
[2013/04/23 10:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Wolfram Research
[2013/04/18 14:36:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\4-11-2013Tower
[2013/04/17 10:32:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/12 08:15:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Racket
[2013/04/11 15:14:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\.thumbnails
[2013/04/08 20:54:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/04/08 20:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2013/04/08 20:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2013/04/08 09:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Racket
[2013/04/08 09:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Racket
[2013/04/08 07:12:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\4-5-2013Railroad+ Building
[2013/04/06 12:07:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
[2013/04/02 15:20:39 | 006,963,594 | ---- | C] (Carl Burch, Hendrix College) -- C:\Users\Chris\Desktop\logisim-win-2.7.1.exe
[2013/04/02 10:43:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Spotify
[2013/04/02 10:43:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Spotify
[2013/04/01 07:15:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\3-29-2013Ralphs
[2013/04/01 07:14:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Aperture
[2013/04/01 07:13:36 | 000,312,320 | ---- | C] (RealWorld Graphics) -- C:\Users\Chris\Desktop\PhotoResize1024Q90.exe
[2013/04/01 07:12:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Shutter
[2013/03/31 15:38:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\My Cheat Tables
[2013/03/31 15:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2013/03/31 15:35:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2
[2013/03/31 15:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\CrashDumps
[2013/03/31 15:11:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\SteveAndrewSoftware
[2013/03/31 15:10:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\bhopallday

========== Files - Modified Within 30 Days ==========

[2013/04/29 16:59:37 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/29 16:59:37 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/29 16:56:33 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/29 16:56:33 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/29 16:56:33 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/29 16:52:13 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/29 16:52:12 | 000,441,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/29 16:51:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/29 16:51:29 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/29 16:49:06 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/04/29 16:46:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/29 08:48:14 | 000,233,032 | ---- | M] () -- C:\Users\Chris\Desktop\steg.png
[2013/04/28 14:31:38 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/28 14:26:11 | 018,172,973 | ---- | M] () -- C:\Users\Chris\Desktop\84E7A0B8FCCB47AA
[2013/04/28 14:25:43 | 000,000,948 | ---- | M] () -- C:\Users\Chris\Desktop\PutLockerDownloader.lnk
[2013/04/28 13:29:14 | 000,164,260 | ---- | M] () -- C:\Users\Chris\Desktop\largeFile.jpg
[2013/04/28 13:28:24 | 000,064,023 | ---- | M] () -- C:\Users\Chris\Desktop\spamcarver.jpg
[2013/04/26 19:45:53 | 000,000,881 | ---- | M] () -- C:\Users\Chris\Desktop\gfgfgfg.aup
[2013/04/26 19:45:49 | 000,001,571 | ---- | M] () -- C:\Users\Chris\Desktop\gfgfg.aup
[2013/04/26 19:45:47 | 000,000,879 | ---- | M] () -- C:\Users\Chris\Desktop\ggfg.aup
[2013/04/26 19:45:40 | 000,000,875 | ---- | M] () -- C:\Users\Chris\Desktop\g.aup
[2013/04/26 17:25:00 | 000,014,112 | ---- | M] () -- C:\Users\Chris\Desktop\make-student-template.rkt
[2013/04/26 17:24:57 | 000,022,256 | ---- | M] () -- C:\Users\Chris\Desktop\structuresracketlab.rkt
[2013/04/26 14:22:57 | 000,264,772 | ---- | M] () -- C:\Users\Chris\Desktop\decode2.wav
[2013/04/26 14:19:17 | 000,441,044 | ---- | M] () -- C:\Users\Chris\Desktop\decode.wav
[2013/04/26 11:01:55 | 000,001,562 | ---- | M] () -- C:\Users\Chris\Desktop\racketlab3.rkt
[2013/04/26 10:06:45 | 000,020,771 | ---- | M] () -- C:\Users\Chris\Desktop\structuresracketlab.bak
[2013/04/26 01:18:24 | 000,020,730 | ---- | M] () -- C:\Users\Chris\Desktop\racketlab2.rkt
[2013/04/25 14:49:13 | 000,000,786 | ---- | M] () -- C:\Users\Chris\Desktop\racketlab2.bak
[2013/04/25 14:44:46 | 000,013,246 | ---- | M] () -- C:\Users\Chris\Desktop\make-student-template.bak
[2013/04/23 20:44:24 | 000,000,089 | ---- | M] () -- C:\Users\Chris\AppData\Local\msmathematics.qat.Chris
[2013/04/22 15:59:40 | 001,161,256 | ---- | M] () -- C:\Users\Chris\Documents\ipodguy.xcf
[2013/04/22 15:59:40 | 000,006,385 | ---- | M] () -- C:\Users\Chris\AppData\Local\recently-used.xbel
[2013/04/22 15:58:03 | 000,132,419 | ---- | M] () -- C:\Users\Chris\Desktop\iPodGuy.jpg
[2013/04/22 15:08:24 | 000,257,061 | ---- | M] () -- C:\Users\Chris\Desktop\IMG_9686-1024.jpg
[2013/04/22 15:06:05 | 000,857,971 | ---- | M] () -- C:\Users\Chris\Desktop\run-1-orig.jpg
[2013/04/22 12:42:49 | 000,045,456 | ---- | M] () -- C:\Users\Chris\Desktop\twilight_sparkle_wallpaper_by_tehnomad-d3ykare.jpg
[2013/04/21 20:10:30 | 000,004,107 | ---- | M] () -- C:\Users\Chris\Desktop\HAHAHAHAHAHAHAHAHAHA.png
[2013/04/18 23:59:40 | 000,002,770 | ---- | M] () -- C:\Users\Chris\Desktop\racketlab.rkt
[2013/04/18 15:20:52 | 000,067,264 | ---- | M] () -- C:\Users\Chris\Desktop\man-horn.jpg
[2013/04/17 19:44:54 | 000,233,397 | ---- | M] () -- C:\Users\Chris\Desktop\SolenoidNotez.pdf
[2013/04/17 19:40:30 | 001,587,708 | ---- | M] () -- C:\Users\Chris\Desktop\09.pdf
[2013/04/17 17:10:56 | 000,251,604 | ---- | M] () -- C:\Users\Chris\Desktop\ch19-day05-FaradayLenz-Notes.pdf
[2013/04/17 16:34:04 | 000,001,218 | ---- | M] () -- C:\Users\Chris\Desktop\paycheck.rkt
[2013/04/16 21:16:12 | 000,104,654 | ---- | M] () -- C:\Users\Chris\Desktop\2013 Engineering_Pipeline_Program_Application (1).pdf
[2013/04/15 17:24:22 | 000,031,198 | ---- | M] () -- C:\Users\Chris\Desktop\swagtothemaximum.png
[2013/04/12 21:22:09 | 000,000,246 | ---- | M] () -- C:\Users\Chris\Desktop\swag.rkt
[2013/04/12 11:24:33 | 000,194,977 | ---- | M] () -- C:\Users\Chris\Desktop\waldenchambers1.png
[2013/04/12 11:21:02 | 000,196,973 | ---- | M] () -- C:\Users\Chris\Desktop\waldenchambers.png
[2013/04/12 11:14:46 | 000,033,255 | ---- | M] () -- C:\Users\Chris\Desktop\Walden-Chamber-Players-logo2.jpg
[2013/04/12 08:39:26 | 000,000,129 | ---- | M] () -- C:\Users\Chris\Desktop\paycheck.bak
[2013/04/11 15:58:55 | 000,602,150 | ---- | M] () -- C:\Users\Chris\Desktop\antibioticsGIMPD.jpeg
[2013/04/11 15:38:59 | 000,409,596 | ---- | M] () -- C:\Users\Chris\Desktop\flavoriceGIMPd.png
[2013/04/11 15:12:08 | 000,022,996 | ---- | M] () -- C:\Users\Chris\Desktop\flavorice.jpg
[2013/04/10 00:06:31 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 17:19:48 | 000,000,600 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\winscp.rnd
[2013/04/08 23:32:12 | 000,002,475 | ---- | M] () -- C:\Users\Chris\Documents\kylie.html
[2013/04/08 23:24:59 | 000,024,244 | ---- | M] () -- C:\Users\Chris\Desktop\Manual.pdf
[2013/04/08 22:35:58 | 000,610,437 | ---- | M] () -- C:\Users\Chris\Desktop\CodeAndComponentDocumentation.pdf
[2013/04/08 22:19:58 | 000,056,108 | ---- | M] () -- C:\Users\Chris\Desktop\SidescrollingCanvas.png
[2013/04/08 22:14:23 | 000,074,973 | ---- | M] () -- C:\Users\Chris\Desktop\KylieTheBloquettaBlock.png
[2013/04/08 22:06:14 | 000,060,635 | ---- | M] () -- C:\Users\Chris\Desktop\ButtonArrangement.png
[2013/04/08 21:58:42 | 000,067,645 | ---- | M] () -- C:\Users\Chris\Desktop\StartCanvas.png
[2013/04/08 21:41:19 | 000,113,848 | ---- | M] () -- C:\Users\Chris\Desktop\screeninitialize.png
[2013/04/08 21:30:02 | 000,027,817 | ---- | M] () -- C:\Users\Chris\Desktop\KylieTheBloquetta.png
[2013/04/08 21:21:49 | 000,092,376 | ---- | M] () -- C:\Users\Chris\Desktop\Chris Chiang and Nayana Thimmiah.pdf
[2013/04/08 20:40:31 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\WinSCP.lnk
[2013/04/05 23:48:42 | 000,054,422 | ---- | M] () -- C:\Users\Chris\Desktop\Instructions.jpg
[2013/04/05 23:48:19 | 000,061,767 | ---- | M] () -- C:\Users\Chris\Desktop\StoryLine(300x217).jpg
[2013/04/05 21:49:02 | 000,016,951 | ---- | M] () -- C:\Users\Chris\Desktop\Instructions1.png
[2013/04/05 20:23:11 | 000,022,621 | ---- | M] () -- C:\Users\Chris\Desktop\Story.png
[2013/04/04 20:38:52 | 000,001,051 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/04 20:38:45 | 000,001,019 | ---- | M] () -- C:\Users\Chris\Desktop\Dropbox.lnk
[2013/04/04 10:01:13 | 000,606,750 | ---- | M] () -- C:\Users\Chris\Desktop\spacetime.jpg
[2013/04/03 21:28:27 | 000,009,797 | ---- | M] () -- C:\Users\Chris\Desktop\144p.png
[2013/04/03 10:58:48 | 000,010,405 | ---- | M] () -- C:\Users\Chris\Documents\sad.circ
[2013/04/03 08:43:20 | 000,540,241 | ---- | M] () -- C:\Users\Chris\Desktop\GreatWallDeChina-2048.jpg
[2013/04/03 08:42:48 | 000,001,201 | ---- | M] () -- C:\Users\Chris\Desktop\Downloads - Shortcut.lnk
[2013/04/03 08:42:46 | 012,832,616 | ---- | M] () -- C:\Users\Chris\Desktop\GreatWallDeChina.jpg
[2013/04/02 22:56:04 | 003,330,637 | ---- | M] () -- C:\Users\Chris\Desktop\x.jpg
[2013/04/02 15:21:39 | 006,963,594 | ---- | M] (Carl Burch, Hendrix College) -- C:\Users\Chris\Desktop\logisim-win-2.7.1.exe
[2013/04/02 10:43:54 | 000,001,807 | ---- | M] () -- C:\Users\Chris\Desktop\Spotify.lnk
[2013/04/01 21:26:28 | 000,061,758 | ---- | M] () -- C:\Users\Chris\Desktop\electrongettingitin.png
[2013/04/01 07:13:28 | 000,312,320 | ---- | M] (RealWorld Graphics) -- C:\Users\Chris\Desktop\PhotoResize1024Q90.exe
[2013/03/31 16:48:31 | 000,000,803 | ---- | M] () -- C:\Users\Chris\Documents\a.xml
[2013/03/31 16:28:38 | 017,203,712 | ---- | M] () -- C:\Users\Chris\Documents\z.PTR.1
[2013/03/31 16:28:38 | 013,545,120 | ---- | M] () -- C:\Users\Chris\Documents\z.PTR.0
[2013/03/31 16:28:38 | 012,165,248 | ---- | M] () -- C:\Users\Chris\Documents\z.PTR.2
[2013/03/31 16:28:34 | 000,002,324 | ---- | M] () -- C:\Users\Chris\Documents\z.PTR

========== Files Created - No Company Name ==========

[2013/04/29 08:48:14 | 000,233,032 | ---- | C] () -- C:\Users\Chris\Desktop\steg.png
[2013/04/28 14:25:54 | 018,172,973 | ---- | C] () -- C:\Users\Chris\Desktop\84E7A0B8FCCB47AA
[2013/04/28 14:25:43 | 000,000,948 | ---- | C] () -- C:\Users\Chris\Desktop\PutLockerDownloader.lnk
[2013/04/28 13:29:14 | 000,164,260 | ---- | C] () -- C:\Users\Chris\Desktop\largeFile.jpg
[2013/04/28 13:26:02 | 000,064,023 | ---- | C] () -- C:\Users\Chris\Desktop\spamcarver.jpg
[2013/04/26 19:45:53 | 000,000,881 | ---- | C] () -- C:\Users\Chris\Desktop\gfgfgfg.aup
[2013/04/26 19:45:49 | 000,001,571 | ---- | C] () -- C:\Users\Chris\Desktop\gfgfg.aup
[2013/04/26 19:45:47 | 000,000,879 | ---- | C] () -- C:\Users\Chris\Desktop\ggfg.aup
[2013/04/26 19:45:40 | 000,000,875 | ---- | C] () -- C:\Users\Chris\Desktop\g.aup
[2013/04/26 17:25:00 | 000,013,246 | ---- | C] () -- C:\Users\Chris\Desktop\make-student-template.bak
[2013/04/26 17:24:57 | 000,020,771 | ---- | C] () -- C:\Users\Chris\Desktop\structuresracketlab.bak
[2013/04/26 14:22:57 | 000,264,772 | ---- | C] () -- C:\Users\Chris\Desktop\decode2.wav
[2013/04/26 14:19:16 | 000,441,044 | ---- | C] () -- C:\Users\Chris\Desktop\decode.wav
[2013/04/26 13:30:56 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013/04/26 11:01:55 | 000,001,562 | ---- | C] () -- C:\Users\Chris\Desktop\racketlab3.rkt
[2013/04/26 10:06:45 | 000,022,256 | ---- | C] () -- C:\Users\Chris\Desktop\structuresracketlab.rkt
[2013/04/26 01:18:24 | 000,000,786 | ---- | C] () -- C:\Users\Chris\Desktop\racketlab2.bak
[2013/04/25 14:49:13 | 000,020,730 | ---- | C] () -- C:\Users\Chris\Desktop\racketlab2.rkt
[2013/04/25 14:44:46 | 000,014,112 | ---- | C] () -- C:\Users\Chris\Desktop\make-student-template.rkt
[2013/04/23 20:44:24 | 000,000,089 | ---- | C] () -- C:\Users\Chris\AppData\Local\msmathematics.qat.Chris
[2013/04/22 15:59:40 | 001,161,256 | ---- | C] () -- C:\Users\Chris\Documents\ipodguy.xcf
[2013/04/22 15:59:40 | 000,006,385 | ---- | C] () -- C:\Users\Chris\AppData\Local\recently-used.xbel
[2013/04/22 15:43:38 | 000,132,419 | ---- | C] () -- C:\Users\Chris\Desktop\iPodGuy.jpg
[2013/04/22 15:08:24 | 000,257,061 | ---- | C] () -- C:\Users\Chris\Desktop\IMG_9686-1024.jpg
[2013/04/22 15:06:04 | 000,857,971 | ---- | C] () -- C:\Users\Chris\Desktop\run-1-orig.jpg
[2013/04/22 12:42:48 | 000,045,456 | ---- | C] () -- C:\Users\Chris\Desktop\twilight_sparkle_wallpaper_by_tehnomad-d3ykare.jpg
[2013/04/21 20:10:30 | 000,004,107 | ---- | C] () -- C:\Users\Chris\Desktop\HAHAHAHAHAHAHAHAHAHA.png
[2013/04/18 23:59:40 | 000,002,770 | ---- | C] () -- C:\Users\Chris\Desktop\racketlab.rkt
[2013/04/18 15:20:52 | 000,067,264 | ---- | C] () -- C:\Users\Chris\Desktop\man-horn.jpg
[2013/04/17 19:44:54 | 000,233,397 | ---- | C] () -- C:\Users\Chris\Desktop\SolenoidNotez.pdf
[2013/04/17 19:40:30 | 001,587,708 | ---- | C] () -- C:\Users\Chris\Desktop\09.pdf
[2013/04/17 17:10:55 | 000,251,604 | ---- | C] () -- C:\Users\Chris\Desktop\ch19-day05-FaradayLenz-Notes.pdf
[2013/04/16 21:16:12 | 000,104,654 | ---- | C] () -- C:\Users\Chris\Desktop\2013 Engineering_Pipeline_Program_Application (1).pdf
[2013/04/15 17:24:21 | 000,031,198 | ---- | C] () -- C:\Users\Chris\Desktop\swagtothemaximum.png
[2013/04/12 21:22:09 | 000,000,246 | ---- | C] () -- C:\Users\Chris\Desktop\swag.rkt
[2013/04/12 21:22:02 | 000,000,129 | ---- | C] () -- C:\Users\Chris\Desktop\paycheck.bak
[2013/04/12 11:24:33 | 000,194,977 | ---- | C] () -- C:\Users\Chris\Desktop\waldenchambers1.png
[2013/04/12 11:21:02 | 000,196,973 | ---- | C] () -- C:\Users\Chris\Desktop\waldenchambers.png
[2013/04/12 11:14:46 | 000,033,255 | ---- | C] () -- C:\Users\Chris\Desktop\Walden-Chamber-Players-logo2.jpg
[2013/04/12 08:39:26 | 000,001,218 | ---- | C] () -- C:\Users\Chris\Desktop\paycheck.rkt
[2013/04/11 15:58:55 | 000,602,150 | ---- | C] () -- C:\Users\Chris\Desktop\antibioticsGIMPD.jpeg
[2013/04/11 15:38:58 | 000,409,596 | ---- | C] () -- C:\Users\Chris\Desktop\flavoriceGIMPd.png
[2013/04/11 15:12:08 | 000,022,996 | ---- | C] () -- C:\Users\Chris\Desktop\flavorice.jpg
[2013/04/09 17:19:48 | 000,000,600 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\winscp.rnd
[2013/04/08 23:24:58 | 000,024,244 | ---- | C] () -- C:\Users\Chris\Desktop\Manual.pdf
[2013/04/08 22:35:55 | 000,610,437 | ---- | C] () -- C:\Users\Chris\Desktop\CodeAndComponentDocumentation.pdf
[2013/04/08 22:19:58 | 000,056,108 | ---- | C] () -- C:\Users\Chris\Desktop\SidescrollingCanvas.png
[2013/04/08 22:14:23 | 000,074,973 | ---- | C] () -- C:\Users\Chris\Desktop\KylieTheBloquettaBlock.png
[2013/04/08 22:06:14 | 000,060,635 | ---- | C] () -- C:\Users\Chris\Desktop\ButtonArrangement.png
[2013/04/08 21:49:29 | 000,067,645 | ---- | C] () -- C:\Users\Chris\Desktop\StartCanvas.png
[2013/04/08 21:41:19 | 000,113,848 | ---- | C] () -- C:\Users\Chris\Desktop\screeninitialize.png
[2013/04/08 21:21:48 | 000,092,376 | ---- | C] () -- C:\Users\Chris\Desktop\Chris Chiang and Nayana Thimmiah.pdf
[2013/04/08 20:59:11 | 000,027,817 | ---- | C] () -- C:\Users\Chris\Desktop\KylieTheBloquetta.png
[2013/04/08 20:47:45 | 000,001,247 | ---- | C] () -- C:\Users\Chris\Documents\gangnamstyle.css
[2013/04/08 20:47:16 | 000,002,475 | ---- | C] () -- C:\Users\Chris\Documents\kylie.html
[2013/04/08 20:40:31 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\WinSCP.lnk
[2013/04/05 23:43:48 | 000,061,767 | ---- | C] () -- C:\Users\Chris\Desktop\StoryLine(300x217).jpg
[2013/04/05 23:42:37 | 000,054,422 | ---- | C] () -- C:\Users\Chris\Desktop\Instructions.jpg
[2013/04/05 21:45:04 | 000,016,951 | ---- | C] () -- C:\Users\Chris\Desktop\Instructions1.png
[2013/04/05 20:23:11 | 000,022,621 | ---- | C] () -- C:\Users\Chris\Desktop\Story.png
[2013/04/04 10:01:13 | 000,606,750 | ---- | C] () -- C:\Users\Chris\Desktop\spacetime.jpg
[2013/04/03 21:28:27 | 000,009,797 | ---- | C] () -- C:\Users\Chris\Desktop\144p.png
[2013/04/03 10:58:48 | 000,010,405 | ---- | C] () -- C:\Users\Chris\Documents\sad.circ
[2013/04/03 08:42:46 | 012,832,616 | ---- | C] () -- C:\Users\Chris\Desktop\GreatWallDeChina.jpg
[2013/04/03 08:42:46 | 000,540,241 | ---- | C] () -- C:\Users\Chris\Desktop\GreatWallDeChina-2048.jpg
[2013/04/02 22:56:03 | 003,330,637 | ---- | C] () -- C:\Users\Chris\Desktop\x.jpg
[2013/04/02 10:43:54 | 000,001,807 | ---- | C] () -- C:\Users\Chris\Desktop\Spotify.lnk
[2013/04/02 10:43:54 | 000,001,793 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/04/01 21:26:28 | 000,061,758 | ---- | C] () -- C:\Users\Chris\Desktop\electrongettingitin.png
[2013/03/31 16:33:51 | 000,000,803 | ---- | C] () -- C:\Users\Chris\Documents\a.xml
[2013/03/31 16:25:01 | 017,203,712 | ---- | C] () -- C:\Users\Chris\Documents\z.PTR.1
[2013/03/31 16:25:01 | 013,545,120 | ---- | C] () -- C:\Users\Chris\Documents\z.PTR.0
[2013/03/31 16:25:01 | 012,165,248 | ---- | C] () -- C:\Users\Chris\Documents\z.PTR.2
[2013/03/31 16:25:01 | 000,002,324 | ---- | C] () -- C:\Users\Chris\Documents\z.PTR

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/27 13:03:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\.minecraft
[2013/04/29 12:44:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Audacity
[2013/04/29 16:53:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Dropbox
[2013/04/26 17:25:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Racket
[2013/03/25 19:57:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Razer
[2013/04/29 16:53:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Spotify
[2013/03/31 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SteveAndrewSoftware

========== Purity Check ==========



< End of report >
  • 0

#5
dontmutemeplz

dontmutemeplz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
# AdwCleaner v2.300 - Logfile created 04/29/2013 at 17:05:45
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Chris - CHRIS-HPDM
# Boot Mode : Normal
# Running from : C:\Users\Chris\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Yontoo Desktop Updater

***** [Files / Folders] *****

File Deleted : C:\Users\Chris\Desktop\PutLockerDownloader.lnk
Folder Deleted : C:\Program Files (x86)\PutLockerDownloader
Folder Deleted : C:\Program Files (x86)\PutLockerDownloader.com
Folder Deleted : C:\Users\Chris\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com
Folder Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\avb1ug22.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PutLockerDownloader
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\9ed8dbe76dea14
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\avb1ug22.default\prefs.js

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\avb1ug22.default\user.js ... Deleted !

Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Deleted : user_pref("extentions.y2layers.installId", "fb9eef9e-e316-4461-a7bc-8d5d32340856");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2602] : homepage = "hxxp://www2.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=B8622C413809DD1E",
Deleted [l.3052] : urls_to_restore_on_startup = [ "hxxp://www2.delta-search.com/?affID=119776&babsrc=HP_ss&mntrI[...]

*************************

AdwCleaner[S1].txt - [4802 octets] - [29/04/2013 17:05:45]

########## EOF - C:\AdwCleaner[S1].txt - [4862 octets] ##########
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?
  • 0

#7
dontmutemeplz

dontmutemeplz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Behaving fine as it is suppose to be! Thank you for the help.

It looks like there aren't any noticeable problems. I will be sure to make another post if there is
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run AdwCleaner and press Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP