Thanks
Cannot download anything to computer [Solved]
Started by
cassiedee
, Aug 19 2013 07:42 AM
-
This topic is locked
#1
Posted 19 August 2013 - 07:42 AM
cassiedee
-
- Member
-
- 8 posts
New Member
Thanks
#2
Posted 19 August 2013 - 08:09 AM
SleepyDude
-
- Malware Removal
-
- 4,975 posts
Trusted Helper
Hello Cassiedee, Welcome to Malware Removal section of the forum.
My name is SleepyDude I will be helping you with your Computer problem. I know that having a computer with problems can be very frustrating but I will do my best to help you fixing the issue.
Please note I'm currently in training, all my responses will be revised by my Teacher before I post so expect a slight delay between replies. On the bright side, you have two people to examine your problem!
Sometimes this can be a long process, it's very important that you stay with me and follow all my instructions to the letter until I declare your machine is clean.
I have compiled a list of guidelines you must take in consideration so that the helping process goes smooth for you and for me:
IMPORTANT: At GeeksToGo we do our best to help you solving the problem but sometimes things don't go as planned. To be safe than sorry you should Backup your important data to a safe place, anywhere except on the computer with problems.
The all fixing process need to be executed from a user account with Administrator privileges also some of the tasks need to be executed in Safe Mode, you should save or print the instructions for use when you don't have access to the forum.
Lets see if I can help you to generate the OTL log...
Can you boot in Safe Mode with Network (press F8 during boot)? If you can try to execute the following:
Step 1 - Custom OTL Scan
Things I would like to see in your next reply:
My name is SleepyDude I will be helping you with your Computer problem. I know that having a computer with problems can be very frustrating but I will do my best to help you fixing the issue.
Please note I'm currently in training, all my responses will be revised by my Teacher before I post so expect a slight delay between replies. On the bright side, you have two people to examine your problem!
Sometimes this can be a long process, it's very important that you stay with me and follow all my instructions to the letter until I declare your machine is clean.
I have compiled a list of guidelines you must take in consideration so that the helping process goes smooth for you and for me:
- Please perform all steps in the order they are listed in each set of instructions
- Don't install/uninstall any software or run any other cleaning tools besides the ones I ask you to use
- Running other programs can interfere with the tools we use and have unpredicted results. Also I need to know what is going on with your machine at any time
- If possible avoid using the computer for other tasks until we finish the cleaning process
- The reason for this is because it can make the malware infection worst and more difficult to clean. Some malware can download updates from the internet when you use the computer
- Please don't attach your logs instead Copy & Paste the information to your post unless specifically instructed to do so
- Please read every post completely before doing anything if you have some doubts or questions please ask before continuing
IMPORTANT: At GeeksToGo we do our best to help you solving the problem but sometimes things don't go as planned. To be safe than sorry you should Backup your important data to a safe place, anywhere except on the computer with problems.
The all fixing process need to be executed from a user account with Administrator privileges also some of the tasks need to be executed in Safe Mode, you should save or print the instructions for use when you don't have access to the forum.
Lets see if I can help you to generate the OTL log...
Can you boot in Safe Mode with Network (press F8 during boot)? If you can try to execute the following:
Step 1 - Custom OTL Scan
- Execute OTL right click on the icon
and choose Run as Administrator. Make sure all other windows are closed and to let it run uninterrupted.
- tick the following check box's:
- Scan All Users
- LOP Check
- Purity Check
- on the
box paste this:
netsvcs BASESERVICES %SYSTEMDRIVE%\*.exe /md5start services.* explorer.exe winlogon.exe Userinit.exe svchost.exe /md5stop dir "%systemdrive%\*" /S /A:L /C CREATERESTOREPOINT
- Click the Run Scan button. The scan won't take long.
- When the scan completes, it will open notepad with OTL.Txt and another with Extras.txt. The files are saved on the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of both files and post in your topic.
Things I would like to see in your next reply:
- The OTL.txt log
- The Extras.txt log
#3
Posted 19 August 2013 - 08:41 AM
cassiedee
- Topic Starter
-
- Member
-
- 8 posts
New Member
Im sorry but I need you to tell me step by step. I am using my chrome book to communicate with you while working on my pc. I started in safe mode with networking. Where do I find the next step?
#4
Posted 19 August 2013 - 08:51 AM
SleepyDude
-
- Malware Removal
-
- 4,975 posts
Trusted Helper
Hi,Im sorry but I need you to tell me step by step. I am using my chrome book to communicate with you while working on my pc. I started in safe mode with networking. Where do I find the next step?
Sorry my mistake on line missing on my post...
Download OTL to your Desktop using one of this links:
Link1
Link2
Link3
#5
Posted 19 August 2013 - 08:59 AM
cassiedee
- Topic Starter
-
- Member
-
- 8 posts
New Member
I can't download anything to my computer, I get the bar popping up saying it contains a virus
#6
Posted 19 August 2013 - 09:01 AM
SleepyDude
-
- Malware Removal
-
- 4,975 posts
Trusted Helper
I can't download anything to my computer, I get the bar popping up saying it contains a virus
Also in safe mode? Do you have another computer to download?
#7
Posted 19 August 2013 - 09:02 AM
cassiedee
- Topic Starter
-
- Member
-
- 8 posts
New Member
I have my chrome book
#8
Posted 19 August 2013 - 09:07 AM
SleepyDude
-
- Malware Removal
-
- 4,975 posts
Trusted Helper
I have my chrome book
Can you download the OTL file to a flash drive and use the flash on the "bad" computer?
#9
Posted 19 August 2013 - 09:12 AM
cassiedee
- Topic Starter
-
- Member
-
- 8 posts
New Member
yup trying now
#10
Posted 19 August 2013 - 09:30 AM
cassiedee
- Topic Starter
-
- Member
-
- 8 posts
New Member
OTL logfile created on: 8/19/2013 11:16:46 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.96 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 69.55% Memory free
5.93 Gb Paging File | 5.03 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 142.00 Gb Total Space | 87.92 Gb Free Space | 61.92% Space Free | Partition Type: NTFS
Drive D: | 142.00 Gb Total Space | 141.88 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive F: | 14.67 Gb Total Space | 13.32 Gb Free Space | 90.78% Space Free | Partition Type: FAT32
Computer Name: KASILYNN4-PC | User Name: kasilynn4 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/08/19 15:09:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL (1).exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2013/08/16 07:12:13 | 000,651,328 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2013/08/16 13:16:32 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/16 09:44:44 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\896\g2aservice.exe -- (GoToAssist)
SRV - [2013/06/16 15:23:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/22 10:24:02 | 000,120,592 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/08 14:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/23 19:47:22 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011/03/28 16:27:58 | 000,036,864 | ---- | M] (CouponAlert) [Auto | Stopped] -- C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe -- (CouponAlert_2pService)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/10 09:42:46 | 000,305,448 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/25 14:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/12 19:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/04/28 09:24:59 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/03/08 19:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 23:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/18 20:49:24 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/18 04:23:32 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/11 14:50:06 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 07:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 07:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 07:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/22 10:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/19 09:48:42 | 000,702,976 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 20:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 20:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/01/09 17:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...27y1l5w4571t597
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...22DHP&dt=020913
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\URLSearchHook: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (CouponAlert)
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{09D96687-D48A-43E5-B9CD-CF76873AD05F}: "URL" = http://www.google.co...AW_enUS420US420
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...9E-0A2C98865973
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enUS420US420
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?...2DHP&dt=020913"
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...2&dt=020913&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009/12/01 01:50:46 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll (CouponAlert)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009/12/01 01:50:46 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\kasilynn4\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\KASILY~1\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2pffxtbr@CouponAlert_2p.com: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin [2012/04/19 15:44:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\Premium\VideoGameBoxInstaller\Crossrider\Firefox [2011/05/02 01:22:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/07/01 13:13:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/16 13:16:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/16 13:16:26 | 000,000,000 | ---D | M]
[2013/01/30 13:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kasilynn4\AppData\Roaming\mozilla\Extensions
[2013/02/08 20:57:25 | 000,002,402 | ---- | M] () -- C:\Users\kasilynn4\AppData\Roaming\mozilla\firefox\profiles\ngjdoxew.default\searchplugins\bingp.xml
[2013/08/16 13:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/01 13:13:48 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2013/08/16 13:16:32 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 15:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/11/19 09:21:04 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/08/16 13:16:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/08/16 13:16:30 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\kasilynn4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Coupon Alert Plugin Stub (Enabled) = C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\kasilynn4\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\kasilynn4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: PlaySushi = C:\Users\kasilynn4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fncciponkgfpkhdpcnllnbkmocnajkcf\
CHR - Extension: Cloud Reader = C:\Users\kasilynn4\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\
CHR - Extension: Chrome to Mobile = C:\Users\kasilynn4\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\1.0.0_0\
CHR - Extension: Simple Packer = C:\Users\kasilynn4\AppData\Local\Google\Chrome\User Data\Default\Extensions\kepmfhjfjkpodemmedldinolagkaonde\1.0_0\
CHR - Extension: Phone 2 Google Chrome\u2122 = C:\Users\kasilynn4\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlgojabfogikedjanecphloghlegpdm\4.1_0\
CHR - Extension: iHeartRadio = C:\Users\kasilynn4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlhmoofochdenjcigoffbcnafoglahdh\2.1_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\kasilynn4\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files (x86)\PlaySushi\PSText.dll (PlaySushi LLC)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Toolbar BHO) - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (CouponAlert)
O2 - BHO: (Search Assistant BHO) - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (CouponAlert)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Coupon Alert) - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (CouponAlert)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\Toolbar\WebBrowser: (Coupon Alert) - {3462C343-BE19-4143-AF70-CEFB56F46FC6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (CouponAlert)
O3 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe (Acer Corp.)
O4:64bit: - HKLM..\Run: [TouchPortal] C:\Program Files (x86)\Acer\Acer Touch Suite\TouchPortal.exe (Acer Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CouponAlert_2p Browser Plugin Loader] C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe (CouponAlert)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [3DA838F7288ABEDF2FF54141CBC1270261BFF34F._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLA.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus NX230" File not found
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLA.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus NX230" File not found
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [Epson Stylus NX230(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLA.EXE /FU "C:\Users\KASILY~1\AppData\Local\Temp\E_S3126.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [MusicGadget] Reg Error: Invalid data type. File not found
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [PhotoGadget] Reg Error: Invalid data type. File not found
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [PhotoGadgetFirstRun] Reg Error: Invalid data type. File not found
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [PhotoGadgetFirstRun_Portal] Reg Error: Invalid data type. File not found
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [TouchMemo] Reg Error: Invalid data type. File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pears...ces/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA207FDC-66D4-43A7-8047-9C8C928A48DC}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\896\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/01/26 10:17:50 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{75f79917-8702-11e0-a78c-c80aa9621ca7}\Shell - "" = AutoRun
O33 - MountPoints2\{75f79917-8702-11e0-a78c-c80aa9621ca7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
========== Files/Folders - Created Within 30 Days ==========
[2013/08/18 16:58:56 | 000,000,000 | ---D | C] -- C:\Users\kasilynn4\Documents\OneNote Notebooks
[2013/08/17 09:29:07 | 000,000,000 | ---D | C] -- C:\Users\kasilynn4\AppData\Local\{D1731408-7D55-46C9-8D2E-1DFB3F6D65D4}
[2013/08/16 13:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/16 13:14:03 | 000,000,000 | ---D | C] -- C:\Users\kasilynn4\AppData\Local\Macromedia
[2013/08/16 12:39:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/08/16 10:26:51 | 000,000,000 | ---D | C] -- C:\Users\kasilynn4\Desktop\main
[2013/08/16 09:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2013/08/16 09:44:37 | 000,000,000 | ---D | C] -- C:\Users\kasilynn4\AppData\Local\Citrix
[2013/08/15 10:22:39 | 000,000,000 | ---D | C] -- C:\Users\kasilynn4\AppData\Local\{92980473-6F0E-4A68-BF6A-DEDF27878B98}
[2013/08/15 08:46:50 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/15 08:46:49 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/15 08:46:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/15 08:46:49 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/15 08:46:49 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/15 08:46:48 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/15 08:46:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/15 08:46:48 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/15 08:46:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/15 08:46:48 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/15 08:46:48 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/15 08:46:47 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/15 08:46:46 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/15 08:46:46 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/15 08:46:46 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/15 08:32:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/14 13:10:35 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/14 13:10:35 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/14 13:10:34 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/14 13:09:51 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/14 13:09:51 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/14 13:09:50 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/14 13:09:44 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/14 13:09:43 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/14 13:09:43 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/14 13:09:43 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/14 13:09:42 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/14 13:09:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/14 13:09:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/14 13:09:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/14 13:09:39 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/14 13:09:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/08/09 15:00:11 | 000,000,000 | ---D | C] -- C:\Users\kasilynn4\AppData\Local\{174BE128-71BA-4FB3-BE77-0FA902D5D3E3}
[2013/08/05 12:10:13 | 000,000,000 | ---D | C] -- C:\Users\kasilynn4\AppData\Local\{AE170813-D36C-4F8B-8781-A49BB6809F56}
[2013/04/28 07:16:14 | 002,152,104 | ---- | C] (Catalina Marketing Corp) -- C:\Users\kasilynn4\AppData\Local\BcsKtYcHW.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/08/19 11:11:48 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/19 11:11:48 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/19 11:11:48 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/19 10:35:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/19 10:35:06 | 2387,152,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/19 10:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/19 10:21:59 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/19 10:21:59 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/19 10:13:57 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/19 09:09:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/18 16:58:55 | 000,001,274 | ---- | M] () -- C:\Users\kasilynn4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013/08/16 13:16:38 | 000,002,052 | ---- | M] () -- C:\Users\kasilynn4\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/08/16 10:10:55 | 000,445,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/16 09:44:30 | 000,103,832 | ---- | M] () -- C:\Users\kasilynn4\GoToAssistDownloadHelper.exe
[2013/08/15 08:48:24 | 001,472,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/15 08:48:24 | 000,224,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/15 08:48:24 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/15 08:47:30 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/15 08:47:30 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/15 08:47:30 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/15 08:47:30 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/15 08:47:30 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/15 08:47:30 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/15 08:47:30 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/15 08:47:30 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/15 08:47:30 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/15 08:47:30 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/15 08:47:30 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/15 08:47:30 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/15 08:47:30 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/15 08:47:30 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/15 08:47:30 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/15 08:36:46 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/15 08:36:46 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/15 08:35:48 | 001,217,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/15 08:30:01 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/15 08:30:01 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/15 08:30:01 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/15 08:30:01 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/08/15 08:30:00 | 005,550,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/15 08:30:00 | 003,968,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/15 08:30:00 | 003,913,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/15 08:30:00 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/15 08:30:00 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/15 08:30:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/09 15:16:37 | 000,364,220 | ---- | M] () -- C:\Users\kasilynn4\Documents\Score_Report.pdf
[2013/07/30 11:56:49 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/08/18 16:58:55 | 000,001,274 | ---- | C] () -- C:\Users\kasilynn4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013/08/16 09:44:30 | 000,103,832 | ---- | C] () -- C:\Users\kasilynn4\GoToAssistDownloadHelper.exe
[2013/08/09 15:16:37 | 000,364,220 | ---- | C] () -- C:\Users\kasilynn4\Documents\Score_Report.pdf
[2013/04/28 07:16:12 | 000,888,133 | ---- | C] () -- C:\Users\kasilynn4\AppData\Local\a.zip
[2012/08/15 22:09:41 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/08/10 14:03:37 | 000,000,071 | ---- | C] () -- C:\Windows\ENX230.ini
[2012/02/25 22:53:30 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/25 23:29:26 | 000,005,632 | ---- | C] () -- C:\Users\kasilynn4\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/01 20:38:34 | 000,000,000 | ---- | C] () -- C:\Users\kasilynn4\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2013/07/10 20:47:00 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$4d4efe9117c2681d53636414dcbf366f\@
[2013/07/10 20:47:00 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$4d4efe9117c2681d53636414dcbf366f\L
[2013/07/10 20:47:05 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$4d4efe9117c2681d53636414dcbf366f\U
[2013/07/10 20:47:05 | 000,000,912 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$4d4efe9117c2681d53636414dcbf366f\U\00000001.@
[2013/07/10 20:47:05 | 000,014,336 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$4d4efe9117c2681d53636414dcbf366f\U\80000000.@
[2013/07/10 20:47:05 | 000,025,600 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$4d4efe9117c2681d53636414dcbf366f\U\800000cb.@
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3081941454-1516833321-1957180663-1000\$4d4efe9117c2681d53636414dcbf366f\o. -- File not found
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/05/16 09:16:00 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/05/16 09:16:00 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011/02/22 23:54:53 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Acer
[2011/08/16 10:35:25 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Catalina Marketing Corp
[2013/04/28 07:16:07 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Catalina – Print Savings
[2013/08/05 12:06:38 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Epson
[2011/03/22 18:45:21 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Farm Mania 2
[2011/03/19 12:11:10 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Gamelab
[2012/06/09 11:26:25 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Garmin
[2011/05/02 01:22:54 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\HTML Executable
[2012/08/10 14:56:00 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Leader Technologies
[2011/02/22 23:54:53 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Leadertech
[2011/03/20 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\PlayFirst
[2011/02/28 18:53:55 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\PowerCinema
[2011/03/01 20:38:35 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Template
[2013/07/08 12:58:10 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\TouchGadget
[2013/04/21 20:05:07 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\TP
[2011/05/11 15:07:42 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Custom Scans ==========
========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/05/16 09:16:00 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 09:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2012/01/22 08:13:14 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/08/15 22:13:40 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/08/15 08:48:24 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/08/15 08:48:24 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 09:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 09:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/12/21 09:33:00 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/08/15 22:14:42 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2012/01/22 08:13:14 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 09:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 09:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2012/01/22 08:13:14 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 09:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 09:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 09:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 09:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/07/07 10:10:02 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 09:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 09:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 09:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 09:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 09:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 09:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/07/06 21:45:49 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 09:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 09:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2009/10/06 02:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 02:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 02:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 01:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
< MD5 for: SERVICES.CFG >
[2013/05/10 03:57:30 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 14:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Acer
Volume Serial Number is 2434-09FB
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files\Windows Defender
07/14/2009 01:37 AM <SYMLINKD> en-US [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpClient.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpCommu.dll [c:\windows\system32\config]
07/13/2009 09:29 PM <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
11/20/2010 09:27 AM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
07/13/2009 09:29 PM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
12 File(s) 3,919,360 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\kasilynn4
02/22/2011 11:51 PM <JUNCTION> Application Data [C:\Users\kasilynn4\AppData\Roaming]
02/22/2011 11:51 PM <JUNCTION> Cookies [C:\Users\kasilynn4\AppData\Roaming\Microsoft\Windows\Cookies]
02/22/2011 11:51 PM <JUNCTION> Local Settings [C:\Users\kasilynn4\AppData\Local]
02/22/2011 11:51 PM <JUNCTION> My Documents [C:\Users\kasilynn4\Documents]
02/22/2011 11:51 PM <JUNCTION> NetHood [C:\Users\kasilynn4\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/22/2011 11:51 PM <JUNCTION> PrintHood [C:\Users\kasilynn4\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/22/2011 11:51 PM <JUNCTION> Recent [C:\Users\kasilynn4\AppData\Roaming\Microsoft\Windows\Recent]
02/22/2011 11:51 PM <JUNCTION> SendTo [C:\Users\kasilynn4\AppData\Roaming\Microsoft\Windows\SendTo]
02/22/2011 11:51 PM <JUNCTION> Start Menu [C:\Users\kasilynn4\AppData\Roaming\Microsoft\Windows\Start Menu]
02/22/2011 11:51 PM <JUNCTION> Templates [C:\Users\kasilynn4\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\kasilynn4\AppData\Local
02/22/2011 11:51 PM <JUNCTION> Application Data [C:\Users\kasilynn4\AppData\Local]
02/22/2011 11:51 PM <JUNCTION> History [C:\Users\kasilynn4\AppData\Local\Microsoft\Windows\History]
02/22/2011 11:51 PM <JUNCTION> Temporary Internet Files [C:\Users\kasilynn4\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\kasilynn4\Documents
02/22/2011 11:51 PM <JUNCTION> My Music [C:\Users\kasilynn4\Music]
02/22/2011 11:51 PM <JUNCTION> My Pictures [C:\Users\kasilynn4\Pictures]
02/22/2011 11:51 PM <JUNCTION> My Videos [C:\Users\kasilynn4\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
02/22/2011 11:41 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
02/22/2011 11:41 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
02/22/2011 11:41 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
02/22/2011 11:41 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
02/22/2011 11:41 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/22/2011 11:41 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/22/2011 11:41 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
02/22/2011 11:41 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
02/22/2011 11:41 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
02/22/2011 11:41 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
02/22/2011 11:41 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/22/2011 11:41 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/22/2011 11:41 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
02/22/2011 11:41 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
02/22/2011 11:41 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
02/22/2011 11:41 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
02/22/2011 11:41 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
02/22/2011 11:41 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
02/22/2011 11:41 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
02/22/2011 11:41 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
02/22/2011 11:41 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/22/2011 11:41 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/22/2011 11:41 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
02/22/2011 11:41 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
02/22/2011 11:41 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
02/22/2011 11:41 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
02/22/2011 11:41 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/22/2011 11:41 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/22/2011 11:41 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
02/22/2011 11:41 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
02/22/2011 11:41 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
02/22/2011 11:41 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
12 File(s) 3,919,360 bytes
83 Dir(s) 94,389,809,152 bytes free
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.96 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 69.55% Memory free
5.93 Gb Paging File | 5.03 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 142.00 Gb Total Space | 87.92 Gb Free Space | 61.92% Space Free | Partition Type: NTFS
Drive D: | 142.00 Gb Total Space | 141.88 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive F: | 14.67 Gb Total Space | 13.32 Gb Free Space | 90.78% Space Free | Partition Type: FAT32
Computer Name: KASILYNN4-PC | User Name: kasilynn4 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/08/19 15:09:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL (1).exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2013/08/16 07:12:13 | 000,651,328 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2013/08/16 13:16:32 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/16 09:44:44 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\896\g2aservice.exe -- (GoToAssist)
SRV - [2013/06/16 15:23:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/22 10:24:02 | 000,120,592 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/08 14:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/23 19:47:22 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011/03/28 16:27:58 | 000,036,864 | ---- | M] (CouponAlert) [Auto | Stopped] -- C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe -- (CouponAlert_2pService)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/10 09:42:46 | 000,305,448 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/25 14:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/12 19:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/04/28 09:24:59 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/03/08 19:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 23:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/18 20:49:24 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/18 04:23:32 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/11 14:50:06 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 07:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 07:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 07:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/22 10:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/19 09:48:42 | 000,702,976 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 20:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 20:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/01/09 17:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...27y1l5w4571t597
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...22DHP&dt=020913
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\URLSearchHook: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (CouponAlert)
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{09D96687-D48A-43E5-B9CD-CF76873AD05F}: "URL" = http://www.google.co...AW_enUS420US420
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...9E-0A2C98865973
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enUS420US420
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?...2DHP&dt=020913"
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...2&dt=020913&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009/12/01 01:50:46 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll (CouponAlert)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009/12/01 01:50:46 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\kasilynn4\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\KASILY~1\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2pffxtbr@CouponAlert_2p.com: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin [2012/04/19 15:44:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\Premium\VideoGameBoxInstaller\Crossrider\Firefox [2011/05/02 01:22:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/07/01 13:13:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/16 13:16:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/16 13:16:26 | 000,000,000 | ---D | M]
[2013/01/30 13:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kasilynn4\AppData\Roaming\mozilla\Extensions
[2013/02/08 20:57:25 | 000,002,402 | ---- | M] () -- C:\Users\kasilynn4\AppData\Roaming\mozilla\firefox\profiles\ngjdoxew.default\searchplugins\bingp.xml
[2013/08/16 13:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/01 13:13:48 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2013/08/16 13:16:32 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 15:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/11/19 09:21:04 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/08/16 13:16:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/08/16 13:16:30 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\kasilynn4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Coupon Alert Plugin Stub (Enabled) = C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\kasilynn4\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\kasilynn4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: PlaySushi = C:\Users\kasilynn4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fncciponkgfpkhdpcnllnbkmocnajkcf\
CHR - Extension: Cloud Reader = C:\Users\kasilynn4\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\
CHR - Extension: Chrome to Mobile = C:\Users\kasilynn4\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\1.0.0_0\
CHR - Extension: Simple Packer = C:\Users\kasilynn4\AppData\Local\Google\Chrome\User Data\Default\Extensions\kepmfhjfjkpodemmedldinolagkaonde\1.0_0\
CHR - Extension: Phone 2 Google Chrome\u2122 = C:\Users\kasilynn4\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlgojabfogikedjanecphloghlegpdm\4.1_0\
CHR - Extension: iHeartRadio = C:\Users\kasilynn4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlhmoofochdenjcigoffbcnafoglahdh\2.1_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\kasilynn4\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files (x86)\PlaySushi\PSText.dll (PlaySushi LLC)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Toolbar BHO) - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (CouponAlert)
O2 - BHO: (Search Assistant BHO) - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (CouponAlert)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Coupon Alert) - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (CouponAlert)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\Toolbar\WebBrowser: (Coupon Alert) - {3462C343-BE19-4143-AF70-CEFB56F46FC6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (CouponAlert)
O3 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe (Acer Corp.)
O4:64bit: - HKLM..\Run: [TouchPortal] C:\Program Files (x86)\Acer\Acer Touch Suite\TouchPortal.exe (Acer Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CouponAlert_2p Browser Plugin Loader] C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe (CouponAlert)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [3DA838F7288ABEDF2FF54141CBC1270261BFF34F._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLA.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus NX230" File not found
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLA.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus NX230" File not found
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [Epson Stylus NX230(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLA.EXE /FU "C:\Users\KASILY~1\AppData\Local\Temp\E_S3126.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [MusicGadget] Reg Error: Invalid data type. File not found
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [PhotoGadget] Reg Error: Invalid data type. File not found
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [PhotoGadgetFirstRun] Reg Error: Invalid data type. File not found
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [PhotoGadgetFirstRun_Portal] Reg Error: Invalid data type. File not found
O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [TouchMemo] Reg Error: Invalid data type. File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pears...ces/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA207FDC-66D4-43A7-8047-9C8C928A48DC}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\896\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/01/26 10:17:50 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{75f79917-8702-11e0-a78c-c80aa9621ca7}\Shell - "" = AutoRun
O33 - MountPoints2\{75f79917-8702-11e0-a78c-c80aa9621ca7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
========== Files/Folders - Created Within 30 Days ==========
[2013/08/18 16:58:56 | 000,000,000 | ---D | C] -- C:\Users\kasilynn4\Documents\OneNote Notebooks
[2013/08/17 09:29:07 | 000,000,000 | ---D | C] -- C:\Users\kasilynn4\AppData\Local\{D1731408-7D55-46C9-8D2E-1DFB3F6D65D4}
[2013/08/16 13:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/16 13:14:03 | 000,000,000 | ---D | C] -- C:\Users\kasilynn4\AppData\Local\Macromedia
[2013/08/16 12:39:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/08/16 10:26:51 | 000,000,000 | ---D | C] -- C:\Users\kasilynn4\Desktop\main
[2013/08/16 09:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2013/08/16 09:44:37 | 000,000,000 | ---D | C] -- C:\Users\kasilynn4\AppData\Local\Citrix
[2013/08/15 10:22:39 | 000,000,000 | ---D | C] -- C:\Users\kasilynn4\AppData\Local\{92980473-6F0E-4A68-BF6A-DEDF27878B98}
[2013/08/15 08:46:50 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/15 08:46:49 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/15 08:46:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/15 08:46:49 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/15 08:46:49 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/15 08:46:48 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/15 08:46:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/15 08:46:48 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/15 08:46:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/15 08:46:48 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/15 08:46:48 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/15 08:46:47 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/15 08:46:46 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/15 08:46:46 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/15 08:46:46 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/15 08:32:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/14 13:10:35 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/14 13:10:35 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/14 13:10:34 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/14 13:09:51 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/14 13:09:51 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/14 13:09:50 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/14 13:09:44 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/14 13:09:43 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/14 13:09:43 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/14 13:09:43 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/14 13:09:42 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/14 13:09:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/14 13:09:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/14 13:09:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/14 13:09:39 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/14 13:09:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/08/09 15:00:11 | 000,000,000 | ---D | C] -- C:\Users\kasilynn4\AppData\Local\{174BE128-71BA-4FB3-BE77-0FA902D5D3E3}
[2013/08/05 12:10:13 | 000,000,000 | ---D | C] -- C:\Users\kasilynn4\AppData\Local\{AE170813-D36C-4F8B-8781-A49BB6809F56}
[2013/04/28 07:16:14 | 002,152,104 | ---- | C] (Catalina Marketing Corp) -- C:\Users\kasilynn4\AppData\Local\BcsKtYcHW.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/08/19 11:11:48 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/19 11:11:48 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/19 11:11:48 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/19 10:35:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/19 10:35:06 | 2387,152,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/19 10:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/19 10:21:59 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/19 10:21:59 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/19 10:13:57 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/19 09:09:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/18 16:58:55 | 000,001,274 | ---- | M] () -- C:\Users\kasilynn4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013/08/16 13:16:38 | 000,002,052 | ---- | M] () -- C:\Users\kasilynn4\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/08/16 10:10:55 | 000,445,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/16 09:44:30 | 000,103,832 | ---- | M] () -- C:\Users\kasilynn4\GoToAssistDownloadHelper.exe
[2013/08/15 08:48:24 | 001,472,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/15 08:48:24 | 000,224,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/15 08:48:24 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/15 08:47:30 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/15 08:47:30 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/15 08:47:30 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/15 08:47:30 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/15 08:47:30 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/15 08:47:30 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/15 08:47:30 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/15 08:47:30 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/15 08:47:30 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/15 08:47:30 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/15 08:47:30 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/15 08:47:30 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/15 08:47:30 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/15 08:47:30 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/15 08:47:30 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/15 08:36:46 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/15 08:36:46 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/15 08:35:48 | 001,217,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/15 08:30:01 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/15 08:30:01 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/15 08:30:01 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/15 08:30:01 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/08/15 08:30:00 | 005,550,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/15 08:30:00 | 003,968,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/15 08:30:00 | 003,913,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/15 08:30:00 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/15 08:30:00 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/15 08:30:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/09 15:16:37 | 000,364,220 | ---- | M] () -- C:\Users\kasilynn4\Documents\Score_Report.pdf
[2013/07/30 11:56:49 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/08/18 16:58:55 | 000,001,274 | ---- | C] () -- C:\Users\kasilynn4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013/08/16 09:44:30 | 000,103,832 | ---- | C] () -- C:\Users\kasilynn4\GoToAssistDownloadHelper.exe
[2013/08/09 15:16:37 | 000,364,220 | ---- | C] () -- C:\Users\kasilynn4\Documents\Score_Report.pdf
[2013/04/28 07:16:12 | 000,888,133 | ---- | C] () -- C:\Users\kasilynn4\AppData\Local\a.zip
[2012/08/15 22:09:41 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/08/10 14:03:37 | 000,000,071 | ---- | C] () -- C:\Windows\ENX230.ini
[2012/02/25 22:53:30 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/25 23:29:26 | 000,005,632 | ---- | C] () -- C:\Users\kasilynn4\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/01 20:38:34 | 000,000,000 | ---- | C] () -- C:\Users\kasilynn4\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2013/07/10 20:47:00 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$4d4efe9117c2681d53636414dcbf366f\@
[2013/07/10 20:47:00 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$4d4efe9117c2681d53636414dcbf366f\L
[2013/07/10 20:47:05 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$4d4efe9117c2681d53636414dcbf366f\U
[2013/07/10 20:47:05 | 000,000,912 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$4d4efe9117c2681d53636414dcbf366f\U\00000001.@
[2013/07/10 20:47:05 | 000,014,336 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$4d4efe9117c2681d53636414dcbf366f\U\80000000.@
[2013/07/10 20:47:05 | 000,025,600 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$4d4efe9117c2681d53636414dcbf366f\U\800000cb.@
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3081941454-1516833321-1957180663-1000\$4d4efe9117c2681d53636414dcbf366f\o. -- File not found
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/05/16 09:16:00 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/05/16 09:16:00 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011/02/22 23:54:53 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Acer
[2011/08/16 10:35:25 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Catalina Marketing Corp
[2013/04/28 07:16:07 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Catalina – Print Savings
[2013/08/05 12:06:38 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Epson
[2011/03/22 18:45:21 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Farm Mania 2
[2011/03/19 12:11:10 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Gamelab
[2012/06/09 11:26:25 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Garmin
[2011/05/02 01:22:54 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\HTML Executable
[2012/08/10 14:56:00 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Leader Technologies
[2011/02/22 23:54:53 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Leadertech
[2011/03/20 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\PlayFirst
[2011/02/28 18:53:55 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\PowerCinema
[2011/03/01 20:38:35 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Template
[2013/07/08 12:58:10 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\TouchGadget
[2013/04/21 20:05:07 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\TP
[2011/05/11 15:07:42 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Custom Scans ==========
========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/05/16 09:16:00 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 09:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2012/01/22 08:13:14 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/08/15 22:13:40 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/08/15 08:48:24 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/08/15 08:48:24 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 09:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 09:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/12/21 09:33:00 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/08/15 22:14:42 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2012/01/22 08:13:14 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 09:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 09:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2012/01/22 08:13:14 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 09:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 09:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 09:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 09:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/07/07 10:10:02 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 09:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 09:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 09:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 09:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 09:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 09:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/07/06 21:45:49 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 09:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 09:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2009/10/06 02:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 02:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 02:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 01:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
< MD5 for: SERVICES.CFG >
[2013/05/10 03:57:30 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 14:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Acer
Volume Serial Number is 2434-09FB
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files\Windows Defender
07/14/2009 01:37 AM <SYMLINKD> en-US [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpClient.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpCommu.dll [c:\windows\system32\config]
07/13/2009 09:29 PM <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
11/20/2010 09:27 AM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
07/13/2009 09:29 PM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
12 File(s) 3,919,360 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\kasilynn4
02/22/2011 11:51 PM <JUNCTION> Application Data [C:\Users\kasilynn4\AppData\Roaming]
02/22/2011 11:51 PM <JUNCTION> Cookies [C:\Users\kasilynn4\AppData\Roaming\Microsoft\Windows\Cookies]
02/22/2011 11:51 PM <JUNCTION> Local Settings [C:\Users\kasilynn4\AppData\Local]
02/22/2011 11:51 PM <JUNCTION> My Documents [C:\Users\kasilynn4\Documents]
02/22/2011 11:51 PM <JUNCTION> NetHood [C:\Users\kasilynn4\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/22/2011 11:51 PM <JUNCTION> PrintHood [C:\Users\kasilynn4\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/22/2011 11:51 PM <JUNCTION> Recent [C:\Users\kasilynn4\AppData\Roaming\Microsoft\Windows\Recent]
02/22/2011 11:51 PM <JUNCTION> SendTo [C:\Users\kasilynn4\AppData\Roaming\Microsoft\Windows\SendTo]
02/22/2011 11:51 PM <JUNCTION> Start Menu [C:\Users\kasilynn4\AppData\Roaming\Microsoft\Windows\Start Menu]
02/22/2011 11:51 PM <JUNCTION> Templates [C:\Users\kasilynn4\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\kasilynn4\AppData\Local
02/22/2011 11:51 PM <JUNCTION> Application Data [C:\Users\kasilynn4\AppData\Local]
02/22/2011 11:51 PM <JUNCTION> History [C:\Users\kasilynn4\AppData\Local\Microsoft\Windows\History]
02/22/2011 11:51 PM <JUNCTION> Temporary Internet Files [C:\Users\kasilynn4\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\kasilynn4\Documents
02/22/2011 11:51 PM <JUNCTION> My Music [C:\Users\kasilynn4\Music]
02/22/2011 11:51 PM <JUNCTION> My Pictures [C:\Users\kasilynn4\Pictures]
02/22/2011 11:51 PM <JUNCTION> My Videos [C:\Users\kasilynn4\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
02/22/2011 11:41 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
02/22/2011 11:41 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
02/22/2011 11:41 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
02/22/2011 11:41 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
02/22/2011 11:41 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/22/2011 11:41 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/22/2011 11:41 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
02/22/2011 11:41 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
02/22/2011 11:41 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
02/22/2011 11:41 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
02/22/2011 11:41 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/22/2011 11:41 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/22/2011 11:41 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
02/22/2011 11:41 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
02/22/2011 11:41 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
02/22/2011 11:41 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
02/22/2011 11:41 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
02/22/2011 11:41 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
02/22/2011 11:41 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
02/22/2011 11:41 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
02/22/2011 11:41 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/22/2011 11:41 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/22/2011 11:41 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
02/22/2011 11:41 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
02/22/2011 11:41 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
02/22/2011 11:41 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
02/22/2011 11:41 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/22/2011 11:41 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/22/2011 11:41 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
02/22/2011 11:41 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
02/22/2011 11:41 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
02/22/2011 11:41 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
12 File(s) 3,919,360 bytes
83 Dir(s) 94,389,809,152 bytes free
< End of report >
#11
Posted 19 August 2013 - 09:31 AM
cassiedee
- Topic Starter
-
- Member
-
- 8 posts
New Member
OTL Extras logfile created on: 8/19/2013 11:16:46 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.96 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 69.55% Memory free
5.93 Gb Paging File | 5.03 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 142.00 Gb Total Space | 87.92 Gb Free Space | 61.92% Space Free | Partition Type: NTFS
Drive D: | 142.00 Gb Total Space | 141.88 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive F: | 14.67 Gb Total Space | 13.32 Gb Free Space | 90.78% Space Free | Partition Type: FAT32
Computer Name: KASILYNN4-PC | User Name: kasilynn4 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-3081941454-1516833321-1957180663-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{35599677-3A14-4B6B-BFEA-2832BFA272C6}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{A4B5C96A-DB6C-4142-A01C-C1FB466720EC}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7762A856-31BC-4CAD-A225-1B5B6AFC3AD8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{8C5BA958-0308-4D33-922B-4D24B28F0C07}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{5CA8014F-04BD-4E56-BF13-FA4CC35CC661}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{B5D13450-8C84-4431-BF25-DA04BC443A9A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Virtual Earth 3D (Beta)
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON NX230 Series" = EPSON NX230 Series Printer Uninstall
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}" = Garmin BaseCamp
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{45411273-7307-4F9D-BCAF-7E5ED0A36050}" = Garmin Lifetime Updater
"{4956ACE3-F537-4418-BB45-FD52395275A7}" = Catalina Savings Printer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3DA153-548D-4D7F-B62B-653D845169D3}" = Reader for PC
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75880CD4-9436-4EDD-B7E7-400EBFD60B2C}" = TouchSettings
"{758b2ee6-8175-493c-ae82-bf61ab303a93}" = Nero 9 Essentials
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C652F86F-348A-4A65-8BE8-A3F7A6370D98}" = Acer Touch Suite
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Acoolsoft PPT to DVD Pro_is1" = Acoolsoft PPT to DVD Pro 3.2.7
"Acoolsoft PPT2DVD Standard_is1" = Acoolsoft PPT2DVD Standard 3.0.0.403 Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CouponAlert_2pbar Uninstall" = Coupon Alert
"Crossrider" = Crossrider Web Apps
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"LTCM Client" = LTCM Client
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"Playsushi" = PlaySushi
"Search Toolbar" = Search Toolbar
"The Weather Channel App" = The Weather Channel App
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3081941454-1516833321-1957180663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dear user" = Dear user
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/29/2013 1:09:58 PM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 7/29/2013 1:09:58 PM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 1024
Description =
Error - 7/30/2013 11:48:28 AM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 7/30/2013 11:48:28 AM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 7/30/2013 11:48:28 AM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 1024
Description =
Error - 7/31/2013 10:48:13 AM | Computer Name = kasilynn4-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16635 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 4f14 Start
Time: 01ce8dfcb2adbef5 Termination Time: 6 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id:
Error - 7/31/2013 10:50:37 AM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 7/31/2013 10:50:37 AM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 7/31/2013 10:50:37 AM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 1024
Description =
Error - 8/1/2013 8:03:09 AM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 8/1/2013 8:03:09 AM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 8/1/2013 8:03:09 AM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 1024
Description =
[ System Events ]
Error - 8/19/2013 10:35:22 AM | Computer Name = kasilynn4-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr Wanarpv6
Error - 8/19/2013 10:35:31 AM | Computer Name = kasilynn4-PC | Source = DCOM | ID = 10005
Description =
Error - 8/19/2013 10:35:37 AM | Computer Name = kasilynn4-PC | Source = DCOM | ID = 10005
Description =
Error - 8/19/2013 10:35:41 AM | Computer Name = kasilynn4-PC | Source = DCOM | ID = 10005
Description =
Error - 8/19/2013 10:35:41 AM | Computer Name = kasilynn4-PC | Source = DCOM | ID = 10005
Description =
Error - 8/19/2013 10:35:44 AM | Computer Name = kasilynn4-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068
Error - 8/19/2013 10:37:22 AM | Computer Name = kasilynn4-PC | Source = Service Control Manager | ID = 7023
Description = The WinDefend service terminated with the following error: %%5
Error - 8/19/2013 11:10:40 AM | Computer Name = kasilynn4-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 8/19/2013 11:10:43 AM | Computer Name = kasilynn4-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 8/19/2013 11:10:44 AM | Computer Name = kasilynn4-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.96 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 69.55% Memory free
5.93 Gb Paging File | 5.03 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 142.00 Gb Total Space | 87.92 Gb Free Space | 61.92% Space Free | Partition Type: NTFS
Drive D: | 142.00 Gb Total Space | 141.88 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive F: | 14.67 Gb Total Space | 13.32 Gb Free Space | 90.78% Space Free | Partition Type: FAT32
Computer Name: KASILYNN4-PC | User Name: kasilynn4 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-3081941454-1516833321-1957180663-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{35599677-3A14-4B6B-BFEA-2832BFA272C6}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{A4B5C96A-DB6C-4142-A01C-C1FB466720EC}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7762A856-31BC-4CAD-A225-1B5B6AFC3AD8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{8C5BA958-0308-4D33-922B-4D24B28F0C07}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{5CA8014F-04BD-4E56-BF13-FA4CC35CC661}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{B5D13450-8C84-4431-BF25-DA04BC443A9A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Virtual Earth 3D (Beta)
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON NX230 Series" = EPSON NX230 Series Printer Uninstall
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}" = Garmin BaseCamp
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{45411273-7307-4F9D-BCAF-7E5ED0A36050}" = Garmin Lifetime Updater
"{4956ACE3-F537-4418-BB45-FD52395275A7}" = Catalina Savings Printer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3DA153-548D-4D7F-B62B-653D845169D3}" = Reader for PC
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75880CD4-9436-4EDD-B7E7-400EBFD60B2C}" = TouchSettings
"{758b2ee6-8175-493c-ae82-bf61ab303a93}" = Nero 9 Essentials
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C652F86F-348A-4A65-8BE8-A3F7A6370D98}" = Acer Touch Suite
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Acoolsoft PPT to DVD Pro_is1" = Acoolsoft PPT to DVD Pro 3.2.7
"Acoolsoft PPT2DVD Standard_is1" = Acoolsoft PPT2DVD Standard 3.0.0.403 Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CouponAlert_2pbar Uninstall" = Coupon Alert
"Crossrider" = Crossrider Web Apps
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"LTCM Client" = LTCM Client
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"Playsushi" = PlaySushi
"Search Toolbar" = Search Toolbar
"The Weather Channel App" = The Weather Channel App
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3081941454-1516833321-1957180663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dear user" = Dear user
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/29/2013 1:09:58 PM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 7/29/2013 1:09:58 PM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 1024
Description =
Error - 7/30/2013 11:48:28 AM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 7/30/2013 11:48:28 AM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 7/30/2013 11:48:28 AM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 1024
Description =
Error - 7/31/2013 10:48:13 AM | Computer Name = kasilynn4-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16635 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 4f14 Start
Time: 01ce8dfcb2adbef5 Termination Time: 6 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id:
Error - 7/31/2013 10:50:37 AM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 7/31/2013 10:50:37 AM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 7/31/2013 10:50:37 AM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 1024
Description =
Error - 8/1/2013 8:03:09 AM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 8/1/2013 8:03:09 AM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 11606
Description =
Error - 8/1/2013 8:03:09 AM | Computer Name = kasilynn4-PC | Source = MsiInstaller | ID = 1024
Description =
[ System Events ]
Error - 8/19/2013 10:35:22 AM | Computer Name = kasilynn4-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr Wanarpv6
Error - 8/19/2013 10:35:31 AM | Computer Name = kasilynn4-PC | Source = DCOM | ID = 10005
Description =
Error - 8/19/2013 10:35:37 AM | Computer Name = kasilynn4-PC | Source = DCOM | ID = 10005
Description =
Error - 8/19/2013 10:35:41 AM | Computer Name = kasilynn4-PC | Source = DCOM | ID = 10005
Description =
Error - 8/19/2013 10:35:41 AM | Computer Name = kasilynn4-PC | Source = DCOM | ID = 10005
Description =
Error - 8/19/2013 10:35:44 AM | Computer Name = kasilynn4-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068
Error - 8/19/2013 10:37:22 AM | Computer Name = kasilynn4-PC | Source = Service Control Manager | ID = 7023
Description = The WinDefend service terminated with the following error: %%5
Error - 8/19/2013 11:10:40 AM | Computer Name = kasilynn4-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 8/19/2013 11:10:43 AM | Computer Name = kasilynn4-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 8/19/2013 11:10:44 AM | Computer Name = kasilynn4-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
< End of report >
#12
Posted 19 August 2013 - 09:46 AM
SleepyDude
-
- Malware Removal
-
- 4,975 posts
Trusted Helper
Hi,
Thank You for the logs I need some time to revise your logs and to discus the problem with my Teacher.
I'll contact you shortly.
Thank You for the logs I need some time to revise your logs and to discus the problem with my Teacher.
I'll contact you shortly.
#13
Posted 20 August 2013 - 03:35 AM
SleepyDude
-
- Malware Removal
-
- 4,975 posts
Trusted Helper
Hello Cassiedee,
I have checked your logs and now is time we start working in your computer problem but before that I have an important warning...
One or more of the identified infections in your log is known to be a Password Stealer and/or use a backdoor.
The Password Stealer uses several techniques to catch all your passwords and user names used to access mail, games, forums, etc.
A backdoor allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those financial institutions to inform them of your situation.
Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Please read these for more information:
*** Please execute the following steps by running Windows in Normal Mode.
Step 1 - Batch fix
!!! Warning !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...
Step 2 - OTL Fix
Step 2 - Scan with Adwcleaner
Download AdwCleaner from here to the Desktop
Step 4 - New OTL Scan
Things I would like to see in your next reply:
I have checked your logs and now is time we start working in your computer problem but before that I have an important warning...
!!! Trojan Warning !!!
One or more of the identified infections in your log is known to be a Password Stealer and/or use a backdoor.
The Password Stealer uses several techniques to catch all your passwords and user names used to access mail, games, forums, etc.
A backdoor allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those financial institutions to inform them of your situation.
Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
*** Please execute the following steps by running Windows in Normal Mode.
Step 1 - Batch fix
!!! Warning !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...
- Click on the Start
button and in the search box, type Notepad and click on it - Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad
fsutil reparsepoint delete "C:\Program Files\Windows Defender\en-US" fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpAsDesc.dll" fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpClient.dll" fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCmdRun.exe" fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCommu.dll" fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpEvMsg.dll" fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpOAV.dll" fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpRTP.dll" fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSvc.dll" fsutil reparsepoint delete "C:\Program Files\Windows Defender\MSASCui.exe" fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpCom.dll" fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpLics.dll" fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpRes.dll" dir "%systemdrive%\*" /S /A:L /C > "%USERPROFILE%\Desktop\JunctionPoints.txt" START notepad.exe "%USERPROFILE%\Desktop\JunctionPoints.txt"
- Go to File > Save As... and save it to your Desktop named G2Gfix.bat. Make sure you change the Save as type to All Files (*.*)
- Locate G2Gfix.bat on your Desktop and right click the file then select Run as administrator
- Please Post the JunctionPoints.txt log that will open in Notepad
Step 2 - OTL Fix
- Please copy OTL.exe from the flash drive to the Desktop before continue with the following steps
- Right click on the icon and choose Run as Administrator to execute the tool. Make sure all other windows are closed.
Do not change any other settings unless otherwise told to do so. - Under the Custom Scans/Fixes box at the bottom, paste in the following:
:Commands [CreateRestorePoint] :OTL IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms} IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680 IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\URLSearchHook: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (CouponAlert) IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms} IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...9E-0A2C98865973 IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms} IE - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680 FF - HKLM\Software\MozillaPlugins\@CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll (CouponAlert) FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\KASILY~1\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2pffxtbr@CouponAlert_2p.com: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin [2012/04/19 15:44:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\Premium\VideoGameBoxInstaller\Crossrider\Firefox [2011/05/02 01:22:44 | 000,000,000 | ---D | M] [2011/11/19 09:21:04 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll CHR - plugin: Coupon Alert Plugin Stub (Enabled) = C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files (x86)\PlaySushi\PSText.dll (PlaySushi LLC) O2 - BHO: (Toolbar BHO) - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (CouponAlert) O2 - BHO: (Search Assistant BHO) - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (CouponAlert) O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll () O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll () O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Coupon Alert) - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (CouponAlert) O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\Toolbar\WebBrowser: (Coupon Alert) - {3462C343-BE19-4143-AF70-CEFB56F46FC6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (CouponAlert) O3 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll () O4 - HKLM..\Run: [CouponAlert_2p Browser Plugin Loader] C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe (CouponAlert) O4 - HKU\S-1-5-21-3081941454-1516833321-1957180663-1000..\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe (Crossrider) [2013/04/28 07:16:14 | 002,152,104 | ---- | C] (Catalina Marketing Corp) -- C:\Users\kasilynn4\AppData\Local\BcsKtYcHW.dll [2013/08/16 09:44:30 | 000,103,832 | ---- | M] () -- C:\Users\kasilynn4\GoToAssistDownloadHelper.exe [2011/08/16 10:35:25 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Catalina Marketing Corp [2013/04/28 07:16:07 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\Catalina – Print Savings [2011/03/20 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\kasilynn4\AppData\Roaming\PlayFirst :Files C:\Program Files (x86)\CouponAlert_2p C:\Users\KASILY~1\AppData\Roaming\CATALI~2 C:\ProgramData\Premium C:\Program Files (x86)\MyWebSearch C:\Program Files (x86)\PlaySushi C:\Program Files (x86)\Search Toolbar C:\Program Files (x86)\CrossriderWebApps C:\Program Files (x86)\Yontoo Layers C:\$Recycle.Bin\S-1-5-18\ :Reg [-HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 :Commands [EmptyTemp] - click the Run Fix button at the top. Let the program run uninterrupted.
- click OK
- When OTL executes the Fix it can shutdown all running processes and you may lose the desktop and icons, but they will return on reboot
- OTL may ask to reboot the machine. Please accept right away.
- The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
- The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.
Step 2 - Scan with Adwcleaner
Download AdwCleaner from here to the Desktop
- Close all open windows and browsers
- Right click on the Adwcleaner icon and choose Run as Administrator to execute the program
- Click the Search button and wait for the scan to finish.
- please copy/paste the generated log to your next reply. This report is also saved to C:\AdwCleaner[R1].txt
Step 4 - New OTL Scan
- Execute OTL right click on the icon and choose Run as Administrator. Make sure all other windows are closed.
Do not change any other settings unless otherwise told to do so. - tick the following check box's:
- Scan All Users
- LOP Check
- Purity Check
- Click the Run Scan button. Let the program run uninterrupted, the scan won't take long.
- When the scan completes, it will open notepad with OTL.Txt. The file is saved on the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of the file and post in your topic.
Things I would like to see in your next reply:
- The JunctionPoints.txt log
- The OTL Fix log
- AdwCleaner log AdwCleaner[R1].txt
- The new OTL.txt log
- Let me know how the computer is performing.
#14
Posted 20 August 2013 - 10:19 AM
cassiedee
- Topic Starter
-
- Member
-
- 8 posts
New Member
Thank you so much for all of the time and effort you have put into my problem. However, I need my computer fixed fast and I am running out of time to do it myself. I appreciate this site and all the volunteers for helping with computer problems. I am taking the computer to a geek service, just for piece of mind and because of the time issue. Thank you so very much!!!!!!!
#15
Posted 20 August 2013 - 11:40 AM
SleepyDude
-
- Malware Removal
-
- 4,975 posts
Trusted Helper
Hi,
I understand and sorry for taking so long but analyzing the logs really takes time and we are all volunteers...
Regards and good luck.
I understand and sorry for taking so long but analyzing the logs really takes time and we are all volunteers...
Regards and good luck.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
