Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

only 3.5 GB out of 681GB free on my hard drive [Solved]

Started by 1324 , Aug 24 2013 04:50 PM

  • This topic is locked This topic is locked

#196
1324
Posted 10 February 2014 - 06:23 AM

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
Malwarebytes found 929 instances of Pup.Optional on my computer and there didnt seem to be a button to click on to remove all. I can't click on 929 little boxes. I think all this happened when I chose to download Open Office.
How do I know which is the legit Open office and not some rogue site?
Thanks,Rich
  • 0

Advertisements

#197
23red
Posted 10 February 2014 - 07:52 PM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Rich :)

Ahhh!
May I ask where you downloaded from? May you give me a link, please?
What I tried to explain before in downloading the programs you needed after your reinstallation was to download from reputable sources ~ and after the file check when the reinfection occurred before also to do it carefully. Some information that might help is here Read that, you'll understand more.
Don't search 'free download' for X you'll almost always find junk. Malware guys are tricky. They hide stuff well. It can be pretty dirty out there!
We all have to try and be one step ahead ~ you'll get there!

How do I know which is the legit Open office and not some rogue site?


We'll get you clean first then we'll work on finding that, ok? We'll make you a good search lesson ;) Then you'll understand better for next time.

Lets get you cleaned up :

For Malwarebytes:

Rerun the tool, once finished, this is how you clean up 929 instances of Pup.Optional.

  • highlight one of the detection by left clicking on it.
  • Right-click on the highlighted detection.
  • Left click Check all items.
  • Select Remove Selected.

Posted Image


After you clean with Malwarebytes, reboot the machine, then....


Please download from this link ~> OTL <~ to your Desktop.
Since you have Windows 7, the default location for downloads is the Downloads folder. To have OTL download to the Desktop:

When the Download window pops up on the bottom of your screen first click the arrow button

Posted Image

Then click Save As
Posted Image

Then choose Desktop from the left side panel.

Posted Image

This will set OTL to your Desktop.

• If it happens to save to another location, right click the OTL icon and select Cut then right click on Desktop and select Paste.

• Please right click on Posted Image on your Desktop and Run as Administrator, then accept UAC prompts to open the program console.

• Please make sure the following boxes are checked:

• Scan All Users

• LOP Check

• Purity Check

• Copy the lines from inside the quote box to the clipboard by highlighting ALL of them and then pressing and holding CTRL then hit C (or, after highlighting, right-click on the blue highlighted part and choose Copy):



netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
[CREATERESTORPOINT]






Posted Image

• Under Posted Image in the textbox at the bottom of the OTL console, please right click and select Paste. This will place the above text in the Custom Scans/Fixes box.

• Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL ~ Desktop

• Please copy (Edit ~> Select All, Edit ~> Copy) the logs it produces in your next reply.



When you return, please post:
OTL log
Extras.txt.

Mahalo :)
  • 0

#198
1324
Posted 11 February 2014 - 06:49 PM

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
Take the rest of the week off! I won't get a chance to work on this until the weekend.
Thanks,
Rich
  • 0

#199
23red
Posted 13 February 2014 - 07:10 AM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Rich :)

Thank you for letting me know :thumbsup:
  • 0

#200
1324
Posted 15 February 2014 - 06:37 AM

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
Here are the two OTL logs.
Thanks,
Rich

OTL logfile created on: 2/15/2014 6:28:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rich\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 57.75% Memory free
7.82 Gb Paging File | 6.07 Gb Available in Paging File | 77.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 681.84 Gb Total Space | 637.40 Gb Free Space | 93.48% Space Free | Partition Type: NTFS
Drive D: | 16.69 Gb Total Space | 2.05 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Drive E: | 7.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RICH-HP | User Name: Rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/15 06:23:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Downloads\OTL.exe
PRC - [2014/01/28 19:00:09 | 001,863,048 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
PRC - [2014/01/23 20:20:45 | 000,429,120 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/05 13:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/08 06:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
PRC - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/08/16 15:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 15:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/12 10:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/08/03 08:55:11 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/08/03 08:54:41 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/07/13 00:58:14 | 000,144,488 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\WhiteList.exe
PRC - [2011/07/13 00:57:58 | 000,082,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2011/07/13 00:57:42 | 000,132,200 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\GreenList.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/13 06:25:31 | 000,660,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\2053b0e14f1e64a5c5d6d1c4d01485a2\System.Transactions.ni.dll
MOD - [2014/02/13 06:25:28 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/13 06:25:24 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/13 06:25:20 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/13 06:25:19 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/13 06:25:19 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/13 06:25:18 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/13 06:25:16 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/13 06:25:16 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/13 06:25:15 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/13 06:25:11 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/13 06:25:10 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/13 06:25:05 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/28 19:00:09 | 016,287,624 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
MOD - [2013/12/24 16:14:36 | 000,642,016 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2013/12/05 13:36:56 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/07/13 00:57:42 | 000,087,640 | ---- | M] () -- C:\Program Files (x86)\Symantec\VIP Access Client\JSON.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 04:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/02/16 23:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/05 13:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/08 06:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe -- (NIS)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/16 15:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/12 10:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/08/03 08:55:11 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/03 08:54:41 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/07/13 00:57:58 | 000,082,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/24 17:52:38 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/12/17 16:09:02 | 000,061,592 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netfilter64.sys -- (netfilter64)
DRV:64bit: - [2013/09/26 21:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/09/26 20:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/26 20:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/09/25 21:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/09/25 20:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/09/09 20:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 19:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/06 20:16:42 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2012/06/06 19:48:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/06/06 19:48:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/19 02:02:35 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/09/19 01:52:26 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/09/14 04:35:45 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/04 05:25:16 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/08/03 08:51:56 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/01/24 01:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140213.033\ex64.sys -- (NAVEX15)
DRV - [2014/01/24 01:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/01/24 01:00:00 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/01/24 01:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140213.033\eng64.sys -- (NAVENG)
DRV - [2014/01/23 19:18:14 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140213.002\IDSviA64.sys -- (IDSVia64)
DRV - [2014/01/21 03:37:32 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9CE0EE08-F073-4A9F-840E-7ED33612B8B3}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{9CE0EE08-F073-4A9F-840E-7ED33612B8B3}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.duckduck.go/
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\SearchScopes\{9CE0EE08-F073-4A9F-840E-7ED33612B8B3}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "DuckDuckGo"
FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...BDB26DD1&SSPV="
FF - prefs.js..extensions.enabledAddons: gethighlightly%40gethighlightly.com:1.9.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014/02/15 06:19:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Symantec\VIP Access Client\ [2014/01/19 13:44:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014/01/24 17:56:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014/02/09 18:34:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/01/24 18:21:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rich\AppData\Roaming\Mozilla\Extensions
[2014/02/09 18:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\ix1jzlpa.default\extensions
[2014/02/09 18:35:24 | 000,000,000 | ---D | M] (KeyCoupons) -- C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\ix1jzlpa.default\extensions\{456573A9-9AD5-1DCD-526B-7460F3646926}
[2014/02/09 18:44:58 | 000,000,975 | ---- | M] () -- C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\ix1jzlpa.default\searchplugins\conduit-search.xml
[2014/01/25 05:28:37 | 000,001,874 | ---- | M] () -- C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\ix1jzlpa.default\searchplugins\duckduckgo.xml
[2014/02/09 18:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/09 18:34:43 | 000,000,000 | ---D | M] () -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/01/24 18:08:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/24 18:08:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/15 06:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2014/02/15 06:27:13 | 000,000,000 | ---D | M] () -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2014/02/15 06:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2014/02/15 06:27:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (KeyCoupons BHO) - {6E713650-8DDF-499E-95B6-DD10C65CC8C5} - C:\Program Files (x86)\KeyCoupons\FrameworkBHO64.dll ()
O2:64bit: - BHO: (Highlightly) - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (KeyCoupons BHO) - {6E713650-8DDF-499E-95B6-DD10C65CC8C5} - C:\Program Files (x86)\KeyCoupons\FrameworkBHO.dll ()
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4075957569-1680572243-469715140-1001..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-4075957569-1680572243-469715140-1001..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKLM..\RunOnce: [KeyCoupons-repairJob] C:\Users\Rich\AppData\Local\KeyCoupons\repair.js ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F73906CC-5585-4BF6-ABA9-777B258EC385}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/03 14:23:50 | 000,000,113 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{f0e32949-8151-11e3-a92c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e32949-8151-11e3-a92c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\TurboTax_Promotional_CD.exe -- [2013/10/03 14:23:50 | 004,893,184 | R--- | M] (Intuit)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========

[2014/02/13 06:24:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/02/13 06:19:20 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/13 06:18:37 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/13 06:18:37 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/13 06:18:36 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/13 06:18:36 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/13 06:18:36 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/13 06:18:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/13 06:18:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/13 06:18:35 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/13 06:18:35 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/13 06:18:35 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/13 06:18:35 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/13 06:18:35 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/13 06:18:35 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/13 06:18:35 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/13 06:18:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/13 06:18:35 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/13 06:18:34 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/13 06:18:34 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/13 06:18:34 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/13 06:18:34 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/13 06:18:33 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/13 06:18:33 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/13 06:18:31 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/13 06:07:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/13 06:07:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/13 06:06:46 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/13 06:06:46 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/13 06:06:46 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/13 06:06:46 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/13 06:06:46 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/13 06:06:46 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/13 06:06:46 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/13 06:06:46 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/13 06:06:46 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/13 06:06:46 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/13 06:06:43 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/13 06:06:43 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/13 06:06:43 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/13 06:06:43 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/13 06:06:43 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/13 06:06:43 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/13 06:06:43 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/13 06:06:05 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/13 06:06:04 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/09 18:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Setup Support for Consumer Input
[2014/02/09 18:39:21 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\SearchProtect
[2014/02/09 18:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2014/02/09 18:35:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2014/02/09 18:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyCoupons
[2014/02/09 18:35:21 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\KeyCoupons
[2014/02/09 18:35:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bench
[2014/02/09 18:35:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/02/09 18:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Highlightly
[2014/02/09 18:33:58 | 000,000,000 | ---D | C] -- C:\temp
[2014/02/09 18:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2014/02/09 18:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2014/02/09 18:33:49 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\emaze
[2014/02/01 11:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
[2014/02/01 11:43:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foolish IT
[2014/01/28 19:49:23 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\WinBatch
[2014/01/28 19:10:34 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Macromedia
[2014/01/28 19:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2014/01/28 19:00:09 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/28 18:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/01/28 18:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014/01/28 18:49:03 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Adobe
[2014/01/28 18:47:28 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\WinPatrol
[2014/01/28 18:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2014/01/28 18:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/01/28 18:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2014/01/28 18:43:47 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Malwarebytes
[2014/01/28 18:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/28 18:43:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/28 18:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/28 18:42:47 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Programs
[2014/01/27 16:07:33 | 000,000,000 | ---D | C] -- C:\Users\Rich\hpremote
[2014/01/26 11:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/01/24 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\NPE
[2014/01/24 18:08:53 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Mozilla
[2014/01/24 18:08:53 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Mozilla
[2014/01/24 18:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/01/24 18:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/01/24 18:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/01/24 17:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/01/24 17:56:48 | 000,000,000 | ---D | C] -- C:\Users\Rich\Documents\Symantec
[2014/01/24 17:55:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2014/01/24 17:30:22 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2014/01/24 17:21:55 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\HP Support Assistant
[2014/01/21 04:41:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2014/01/21 04:41:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2014/01/21 04:41:56 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2014/01/21 04:41:56 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2014/01/21 04:41:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2014/01/21 04:41:56 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/01/21 04:41:51 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/01/21 04:41:51 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/01/21 04:41:51 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/01/21 04:41:51 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/01/21 04:41:51 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/01/21 04:41:51 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2014/01/21 04:41:51 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2014/01/21 04:41:51 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2014/01/21 04:41:51 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2014/01/21 04:41:51 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2014/01/21 04:41:51 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2014/01/21 04:41:51 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2014/01/21 04:41:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2014/01/21 04:41:51 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2014/01/21 04:41:51 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2014/01/21 04:41:51 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2014/01/21 04:41:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2014/01/21 04:41:51 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2014/01/21 04:41:51 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2014/01/21 04:38:22 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/01/21 04:38:22 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/01/20 20:29:01 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/01/20 20:12:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2014/01/20 20:12:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2014/01/20 20:04:53 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2014/01/20 20:03:40 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/01/20 20:03:40 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/01/20 20:03:38 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/01/20 20:03:38 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/01/20 20:03:38 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/01/20 20:03:38 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/01/20 20:03:38 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/01/20 20:03:38 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/01/20 20:03:38 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/01/20 20:03:38 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/01/20 20:03:38 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/01/20 20:03:38 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/01/20 20:03:38 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/01/20 20:03:38 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/01/20 20:03:38 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/01/20 20:03:38 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/01/20 20:03:38 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/01/20 20:03:38 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/01/20 20:03:38 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/01/20 20:03:38 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/01/20 20:03:38 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/01/20 20:03:38 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/01/20 20:03:38 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/01/20 20:03:38 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/01/20 20:03:38 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/01/20 20:03:38 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/01/20 20:03:38 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/01/20 20:03:38 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/01/20 20:03:38 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/01/20 20:03:38 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/01/20 20:03:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/01/20 20:03:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/01/20 20:03:38 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/01/20 20:03:38 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/01/20 20:03:38 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/01/20 20:03:38 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/01/20 20:03:38 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/01/20 20:03:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/01/20 20:03:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/01/20 20:03:38 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/01/20 20:03:38 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/01/20 20:03:38 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/01/20 20:03:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/01/20 20:03:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/01/20 20:03:37 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/01/20 20:03:37 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/01/20 20:03:37 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/01/20 20:03:37 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/01/20 20:03:37 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/01/20 20:03:37 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/01/20 20:03:37 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/01/20 20:03:37 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/01/20 20:03:37 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/01/20 20:03:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/01/20 20:03:37 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/01/20 20:03:37 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/01/20 20:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2014/01/20 20:01:48 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/01/20 20:01:48 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/01/20 20:01:48 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/01/20 20:01:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2014/01/20 19:56:09 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Adobe
[2014/01/20 19:48:18 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\HpUpdate
[2014/01/20 06:33:55 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2014/01/20 06:33:55 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2014/01/20 06:33:55 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2014/01/20 06:33:54 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2014/01/20 05:51:08 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/01/20 05:51:08 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/01/20 05:51:08 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2014/01/20 05:51:08 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/01/20 05:51:08 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2014/01/20 05:51:08 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2014/01/20 05:51:08 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2014/01/20 05:51:08 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2014/01/20 05:51:08 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2014/01/20 05:51:08 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2014/01/20 05:51:08 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2014/01/20 05:51:08 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2014/01/20 05:51:08 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2014/01/20 05:51:08 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2014/01/20 05:51:08 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2014/01/20 05:51:08 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2014/01/20 05:51:08 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/01/20 05:51:08 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/01/20 05:51:08 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/01/20 05:51:08 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/01/20 05:51:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/01/20 05:51:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/01/20 05:51:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/01/20 05:51:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/01/20 05:51:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/01/20 05:51:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/01/20 05:51:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/01/20 05:51:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/01/20 05:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2014/01/20 05:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2014/01/20 05:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/01/20 05:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/01/20 05:51:08 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/01/20 05:51:08 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/01/20 05:31:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2014/01/20 05:31:56 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2014/01/20 05:31:56 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2014/01/20 05:31:56 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2014/01/20 05:21:25 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2014/01/20 05:13:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/01/20 04:52:28 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2014/01/20 04:52:28 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2014/01/20 04:52:08 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/01/20 04:52:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/01/20 04:52:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/01/20 04:51:35 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2014/01/20 04:51:34 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2014/01/20 04:51:33 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2014/01/20 04:51:26 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/01/20 04:51:14 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2014/01/20 04:51:14 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2014/01/20 04:51:14 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2014/01/20 04:51:14 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2014/01/20 04:51:14 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2014/01/20 04:51:14 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2014/01/20 04:50:36 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2014/01/20 04:50:36 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2014/01/20 04:50:28 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2014/01/20 04:50:28 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2014/01/20 04:50:26 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2014/01/20 04:50:00 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2014/01/20 04:49:59 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2014/01/20 04:49:59 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2014/01/20 04:49:59 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2014/01/20 04:49:59 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2014/01/20 04:49:59 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2014/01/20 04:49:59 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2014/01/20 04:49:59 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2014/01/20 04:49:59 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2014/01/20 04:49:59 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2014/01/20 04:49:59 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2014/01/20 04:49:59 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2014/01/20 04:49:59 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2014/01/20 04:49:59 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2014/01/20 04:49:59 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2014/01/20 04:49:59 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2014/01/20 04:49:59 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2014/01/20 04:49:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2014/01/20 04:49:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2014/01/20 04:49:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2014/01/20 04:49:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2014/01/20 04:49:59 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2014/01/20 04:49:59 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2014/01/20 04:49:58 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2014/01/20 04:49:58 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2014/01/20 04:49:58 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2014/01/20 04:49:58 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2014/01/20 04:49:58 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2014/01/20 04:49:58 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2014/01/20 04:49:58 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2014/01/20 04:49:58 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2014/01/20 04:49:58 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2014/01/20 04:49:58 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2014/01/20 04:49:56 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2014/01/20 04:49:56 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2014/01/20 04:49:50 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2014/01/20 04:49:36 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/01/20 04:49:34 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2014/01/20 04:49:32 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2014/01/20 04:49:32 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2014/01/20 04:49:24 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2014/01/20 04:49:23 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2014/01/20 04:49:22 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2014/01/20 04:49:22 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2014/01/20 04:49:10 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/01/20 04:49:09 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/01/20 04:49:09 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2014/01/20 04:49:09 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2014/01/20 04:49:09 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2014/01/20 04:49:05 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/01/20 04:49:05 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/01/20 04:49:05 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/01/20 04:49:05 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/01/20 04:49:05 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/01/20 04:49:04 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2014/01/20 04:49:04 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2014/01/20 04:49:04 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2014/01/20 04:49:01 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2014/01/20 04:49:01 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2014/01/20 04:48:26 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2014/01/20 04:48:26 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2014/01/20 04:48:26 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/20 04:48:14 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/01/20 04:48:14 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/01/20 04:48:14 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/01/20 04:48:14 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014/01/20 04:48:14 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2014/01/20 04:48:14 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2014/01/20 04:48:13 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2014/01/20 04:48:13 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/01/20 04:48:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/01/20 04:48:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/01/20 04:48:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/01/20 04:48:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/01/20 04:48:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/01/20 04:48:11 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/01/20 04:48:11 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/01/20 04:48:11 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2014/01/20 04:48:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2014/01/20 04:48:10 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2014/01/20 04:48:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2014/01/20 04:48:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2014/01/20 04:48:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2014/01/20 04:48:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2014/01/20 04:48:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2014/01/20 04:48:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2014/01/20 04:48:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2014/01/20 04:48:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2014/01/20 04:48:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2014/01/20 04:48:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2014/01/20 04:48:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2014/01/20 04:48:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2014/01/20 04:48:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2014/01/20 04:48:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2014/01/20 04:48:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2014/01/20 04:48:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2014/01/20 04:48:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2014/01/20 04:48:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2014/01/20 04:48:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2014/01/20 04:48:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2014/01/20 04:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2014/01/20 04:48:03 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2014/01/20 04:48:03 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2014/01/20 04:48:01 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2014/01/20 04:48:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2014/01/20 04:47:59 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/01/20 04:47:59 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2014/01/20 04:47:57 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2014/01/20 04:47:57 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2014/01/20 04:47:57 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2014/01/20 04:47:56 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2014/01/20 04:47:56 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2014/01/20 04:47:53 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/01/20 04:47:46 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/20 04:47:46 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2014/01/20 04:47:46 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/20 04:47:45 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2014/01/20 04:47:40 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2014/01/20 04:47:29 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2014/01/20 04:47:29 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2014/01/20 04:47:29 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2014/01/20 04:47:29 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2014/01/20 04:47:29 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2014/01/20 04:47:29 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2014/01/20 04:47:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2014/01/20 04:47:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2014/01/20 04:45:39 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2014/01/20 04:45:39 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2014/01/20 04:45:30 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2014/01/20 04:45:30 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2014/01/20 04:45:30 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2014/01/20 04:45:30 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2014/01/20 04:45:29 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2014/01/20 04:45:29 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2014/01/20 04:45:28 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2014/01/20 04:45:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2014/01/20 04:45:27 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/01/20 04:45:26 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2014/01/20 04:45:26 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2014/01/20 04:45:26 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2014/01/20 04:45:26 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2014/01/20 04:45:26 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2014/01/20 04:45:26 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2014/01/20 04:45:26 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2014/01/20 04:45:26 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2014/01/20 04:45:26 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2014/01/20 04:45:26 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2014/01/20 04:45:26 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2014/01/20 04:45:25 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/01/20 04:45:25 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/01/20 04:45:24 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2014/01/20 04:45:24 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2014/01/20 04:45:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2014/01/20 04:45:23 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2014/01/20 04:45:23 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2014/01/20 04:45:08 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2014/01/20 04:45:08 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2014/01/20 04:45:06 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2014/01/20 04:45:06 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2014/01/20 04:45:03 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/01/20 04:43:01 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2014/01/20 04:43:01 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2014/01/20 04:43:00 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2014/01/20 04:41:44 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2014/01/20 04:41:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/01/20 04:41:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/01/19 15:37:54 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2014/01/19 14:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2014/01/19 13:48:43 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\PDFC
[2014/01/19 13:48:29 | 000,000,000 | R--D | C] -- C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/01/19 13:48:29 | 000,000,000 | R--D | C] -- C:\Users\Rich\Searches
[2014/01/19 13:48:29 | 000,000,000 | R--D | C] -- C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/01/19 13:48:29 | 000,000,000 | -H-D | C] -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/01/19 13:48:23 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Identities
[2014/01/19 13:48:21 | 000,000,000 | R--D | C] -- C:\Users\Rich\Contacts
[2014/01/19 13:48:19 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\VirtualStore
[2014/01/19 13:48:04 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2014/01/19 13:48:04 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2014/01/19 13:47:04 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Hewlett-Packard
[2014/01/19 13:45:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2014/01/19 13:45:17 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\RemEngine
[2014/01/19 13:45:15 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Hewlett-Packard_Company
[2014/01/19 13:45:01 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\TouchSmartData
[2014/01/19 13:44:36 | 000,000,000 | --SD | C] -- C:\Users\Rich\AppData\Roaming\Microsoft
[2014/01/19 13:44:36 | 000,000,000 | R--D | C] -- C:\Users\Rich\Videos
[2014/01/19 13:44:36 | 000,000,000 | R--D | C] -- C:\Users\Rich\Saved Games
[2014/01/19 13:44:36 | 000,000,000 | R--D | C] -- C:\Users\Rich\Pictures
[2014/01/19 13:44:36 | 000,000,000 | R--D | C] -- C:\Users\Rich\Music
[2014/01/19 13:44:36 | 000,000,000 | R--D | C] -- C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/01/19 13:44:36 | 000,000,000 | R--D | C] -- C:\Users\Rich\Links
[2014/01/19 13:44:36 | 000,000,000 | R--D | C] -- C:\Users\Rich\Favorites
[2014/01/19 13:44:36 | 000,000,000 | R--D | C] -- C:\Users\Rich\Downloads
[2014/01/19 13:44:36 | 000,000,000 | R--D | C] -- C:\Users\Rich\Documents
[2014/01/19 13:44:36 | 000,000,000 | R--D | C] -- C:\Users\Rich\Desktop
[2014/01/19 13:44:36 | 000,000,000 | R--D | C] -- C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/01/19 13:44:36 | 000,000,000 | -HSD | C] -- C:\Users\Rich\AppData\Local\Temporary Internet Files
[2014/01/19 13:44:36 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Templates
[2014/01/19 13:44:36 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Start Menu
[2014/01/19 13:44:36 | 000,000,000 | -HSD | C] -- C:\Users\Rich\SendTo
[2014/01/19 13:44:36 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Recent
[2014/01/19 13:44:36 | 000,000,000 | -HSD | C] -- C:\Users\Rich\PrintHood
[2014/01/19 13:44:36 | 000,000,000 | -HSD | C] -- C:\Users\Rich\NetHood
[2014/01/19 13:44:36 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Documents\My Videos
[2014/01/19 13:44:36 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Documents\My Pictures
[2014/01/19 13:44:36 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Documents\My Music
[2014/01/19 13:44:36 | 000,000,000 | -HSD | C] -- C:\Users\Rich\My Documents
[2014/01/19 13:44:36 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Local Settings
[2014/01/19 13:44:36 | 000,000,000 | -HSD | C] -- C:\Users\Rich\AppData\Local\History
[2014/01/19 13:44:36 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Cookies
[2014/01/19 13:44:36 | 000,000,000 | -HSD | C] -- C:\Users\Rich\Application Data
[2014/01/19 13:44:36 | 000,000,000 | -HSD | C] -- C:\Users\Rich\AppData\Local\Application Data
[2014/01/19 13:44:36 | 000,000,000 | -H-D | C] -- C:\Users\Rich\AppData
[2014/01/19 13:44:36 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Temp
[2014/01/19 13:44:36 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Microsoft
[2014/01/19 13:44:36 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Media Center Programs
[2014/01/19 13:44:36 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Macromedia
[2014/01/19 13:44:36 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Hewlett-Packard
[2014/01/19 13:44:29 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/01/19 13:44:29 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/01/19 13:44:29 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/01/19 13:44:25 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/01/19 13:44:25 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/01/19 13:44:25 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/01/19 13:44:22 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/01/19 13:44:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/01/19 13:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics
[2014/01/19 13:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Mathematics
[2014/01/19 13:44:00 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2014/02/15 06:24:59 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/15 06:24:59 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/15 06:21:27 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/15 06:21:27 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/15 06:21:27 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/15 06:16:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/15 06:16:48 | 3147,706,368 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/13 06:21:53 | 000,774,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/13 06:20:46 | 001,849,890 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Cat.DB
[2014/02/13 05:37:50 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRich.job
[2014/02/09 18:20:32 | 000,085,841 | ---- | M] () -- C:\Users\Rich\Documents\2013.pdf
[2014/02/06 05:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 05:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 05:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 04:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 04:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 04:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 04:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 04:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 04:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 04:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 04:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 04:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 04:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 03:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 03:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 03:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 03:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 03:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 03:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 03:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 03:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 02:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 02:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/01 11:43:32 | 000,001,214 | ---- | M] () -- C:\Users\Public\Desktop\CryptoPrevent.lnk
[2014/01/28 19:09:10 | 000,001,971 | ---- | M] () -- C:\Users\Rich\Desktop\Update Checker.lnk
[2014/01/28 19:00:09 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/28 19:00:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/28 18:52:32 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/01/28 18:43:30 | 000,001,135 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/01/28 18:43:30 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/26 11:14:38 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/26 10:58:54 | 000,000,772 | ---- | M] () -- C:\Users\Rich\Desktop\SecurityCheck - Shortcut.lnk
[2014/01/24 18:08:45 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/24 17:55:43 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2014/01/24 17:54:03 | 000,001,292 | ---- | M] () -- C:\Users\Rich\Desktop\Norton Installation Files.lnk
[2014/01/24 17:52:38 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/01/24 17:52:38 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/01/24 17:52:38 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/01/21 19:56:43 | 000,001,409 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/20 20:03:40 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/01/20 20:03:40 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/01/20 20:03:38 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/01/20 20:03:38 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/01/20 20:03:38 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/01/20 20:03:38 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/01/20 20:03:38 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/01/20 20:03:38 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/01/20 20:03:38 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/01/20 20:03:38 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/01/20 20:03:38 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/01/20 20:03:38 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/01/20 20:03:38 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/01/20 20:03:38 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/01/20 20:03:38 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/01/20 20:03:38 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/01/20 20:03:38 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/01/20 20:03:38 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/01/20 20:03:38 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/01/20 20:03:38 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/01/20 20:03:38 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/01/20 20:03:38 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/01/20 20:03:38 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/01/20 20:03:38 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/01/20 20:03:38 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/01/20 20:03:38 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/01/20 20:03:38 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/01/20 20:03:38 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/01/20 20:03:38 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/01/20 20:03:38 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/01/20 20:03:38 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/01/20 20:03:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/01/20 20:03:38 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/01/20 20:03:38 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/01/20 20:03:38 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/01/20 20:03:38 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/01/20 20:03:38 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/01/20 20:03:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/01/20 20:03:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/01/20 20:03:38 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/01/20 20:03:38 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/01/20 20:03:38 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/01/20 20:03:38 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/01/20 20:03:38 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/01/20 20:03:38 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/01/20 20:03:38 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/01/20 20:03:37 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/01/20 20:03:37 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/01/20 20:03:37 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/01/20 20:03:37 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/01/20 20:03:37 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/01/20 20:03:37 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/01/20 20:03:37 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/01/20 20:03:37 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/01/20 20:03:37 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/01/20 20:03:37 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/01/20 20:03:37 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/01/20 20:03:37 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/01/20 19:53:38 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/20 05:51:08 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/01/20 05:51:08 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/01/20 05:51:08 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2014/01/20 05:51:08 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/01/20 05:51:08 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2014/01/20 05:51:08 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2014/01/20 05:51:08 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2014/01/20 05:51:08 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2014/01/20 05:51:08 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2014/01/20 05:51:08 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2014/01/20 05:51:08 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2014/01/20 05:51:08 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2014/01/20 05:51:08 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2014/01/20 05:51:08 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2014/01/20 05:51:08 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2014/01/20 05:51:08 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2014/01/20 05:51:08 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/01/20 05:51:08 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/01/20 05:51:08 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/01/20 05:51:08 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/01/20 05:51:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/01/20 05:51:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/01/20 05:51:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/01/20 05:51:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/01/20 05:51:08 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/01/20 05:51:08 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/01/20 05:51:08 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/01/20 05:51:08 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/01/20 05:51:08 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2014/01/20 05:51:08 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2014/01/20 05:51:08 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/01/20 05:51:08 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/01/20 05:51:08 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/01/20 05:51:08 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/01/19 15:42:39 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/01/19 15:42:39 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014/01/19 15:39:55 | 000,015,380 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2014/01/19 13:44:56 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_p6-2114_Y53316J_0U_Q4CE2250C6H_E12NA1RRW605_4A_I2AC2_SPEGATRON CORPORATION_V2.00_B7.19_T120402_W73-1_L409_M4003_J750_7Intel_86A7_93.30_#120826_N10EC8168_Z_G80860102_Ohp DVD A DH16ACSH_DGSM58BE.MRK
[2014/01/19 13:44:56 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_p6-2114_Y53316J_0U_Q4CE2250C6H_E12NA1RRW605_4A_I2AC2_SPEGATRON CORPORATION_V2.00_B7.19_T120402_W73-1_L409_M4003_J750_7Intel_86A7_93.30_#120826_N10EC8168_Z_G80860102_Ohp DVD A DH16ACSH_DGSM58BE.MRK

========== Files Created - No Company Name ==========

[2014/02/12 06:08:10 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForRich.job
[2014/02/09 18:33:49 | 000,001,240 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2014/02/09 18:20:31 | 000,085,841 | ---- | C] () -- C:\Users\Rich\Documents\2013.pdf
[2014/02/01 11:43:32 | 000,001,214 | ---- | C] () -- C:\Users\Public\Desktop\CryptoPrevent.lnk
[2014/01/28 19:07:20 | 000,002,001 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2014/01/28 19:07:20 | 000,001,971 | ---- | C] () -- C:\Users\Rich\Desktop\Update Checker.lnk
[2014/01/28 18:52:32 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/01/28 18:52:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/01/28 18:43:30 | 000,001,135 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/01/28 18:43:29 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/26 11:14:37 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/26 10:58:54 | 000,000,772 | ---- | C] () -- C:\Users\Rich\Desktop\SecurityCheck - Shortcut.lnk
[2014/01/24 18:08:45 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/01/24 18:08:45 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/24 17:52:37 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2014/01/24 17:30:22 | 000,001,292 | ---- | C] () -- C:\Users\Rich\Desktop\Norton Installation Files.lnk
[2014/01/21 19:56:43 | 000,001,409 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/20 20:03:38 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/01/20 20:03:38 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/01/20 05:31:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/01/20 04:45:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/01/19 15:40:05 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_p6-2114_Y53316J_0U_Q4CE2250C6H_E12NA1RRW605_4A_I2AC2_SPEGATRON CORPORATION_V2.00_B7.19_T120402_W73-1_L409_M4003_J750_7Intel_86A7_93.30_#120826_N10EC8168_Z_G80860102_Ohp DVD A DH16ACSH_DGSM58BE.MRK
[2014/01/19 15:40:05 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_p6-2114_Y53316J_0U_Q4CE2250C6H_E12NA1RRW605_4A_I2AC2_SPEGATRON CORPORATION_V2.00_B7.19_T120402_W73-1_L409_M4003_J750_7Intel_86A7_93.30_#120826_N10EC8168_Z_G80860102_Ohp DVD A DH16ACSH_DGSM58BE.MRK
[2014/01/19 15:39:55 | 000,015,380 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2014/01/19 15:37:54 | 3147,706,368 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/19 13:48:36 | 000,001,415 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/01/19 13:45:19 | 000,002,321 | ---- | C] () -- C:\Users\Public\Desktop\HP Download Store.lnk
[2014/01/19 13:45:19 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish.lnk
[2014/01/19 13:45:18 | 000,002,263 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2014/01/19 13:44:36 | 000,000,290 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/01/19 13:44:36 | 000,000,272 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/06/06 19:48:36 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/06/06 19:48:35 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/06 19:48:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/01/28 19:49:23 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\WinBatch
[2014/01/28 18:47:28 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\WinPatrol

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 23:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 21:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 23:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 22:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 21:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 21:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2012/06/06 19:42:51 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 21:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2012/06/06 19:44:41 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 21:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 21:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 21:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 21:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 21:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 21:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 21:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 21:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 21:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 21:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 21:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 21:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 21:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 21:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 21:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 21:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 21:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< c:\program files (x86)\Google\Desktop >
[2009/07/13 23:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 23:08:49 | 000,014,106 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2014/02/12 06:08:10 | 000,000,328 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForRich.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 48BF-81E2
Directory of C:\
07/13/2009 11:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 11:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 11:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 11:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 11:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 11:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 11:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 11:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 11:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 11:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 11:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Rich
01/19/2014 01:44 PM <JUNCTION> Application Data [C:\Users\Rich\AppData\Roaming]
01/19/2014 01:44 PM <JUNCTION> Cookies [C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Cookies]
01/19/2014 01:44 PM <JUNCTION> Local Settings [C:\Users\Rich\AppData\Local]
01/19/2014 01:44 PM <JUNCTION> My Documents [C:\Users\Rich\Documents]
01/19/2014 01:44 PM <JUNCTION> NetHood [C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/19/2014 01:44 PM <JUNCTION> PrintHood [C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/19/2014 01:44 PM <JUNCTION> Recent [C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Recent]
01/19/2014 01:44 PM <JUNCTION> SendTo [C:\Users\Rich\AppData\Roaming\Microsoft\Windows\SendTo]
01/19/2014 01:44 PM <JUNCTION> Start Menu [C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu]
01/19/2014 01:44 PM <JUNCTION> Templates [C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Rich\AppData\Local
01/19/2014 01:44 PM <JUNCTION> Application Data [C:\Users\Rich\AppData\Local]
01/19/2014 01:44 PM <JUNCTION> History [C:\Users\Rich\AppData\Local\Microsoft\Windows\History]
01/19/2014 01:44 PM <JUNCTION> Temporary Internet Files [C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Rich\Documents
01/19/2014 01:44 PM <JUNCTION> My Music [C:\Users\Rich\Music]
01/19/2014 01:44 PM <JUNCTION> My Pictures [C:\Users\Rich\Pictures]
01/19/2014 01:44 PM <JUNCTION> My Videos [C:\Users\Rich\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 684,406,079,488 bytes free

< MD5 for: EXPLORER.EXE >
[2012/06/06 19:43:16 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/06/06 19:43:16 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/06/06 19:43:16 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/06/06 19:43:16 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 21:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/06/06 19:43:16 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/06/06 19:43:16 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 21:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/12/21 00:04:16 | 000,559,392 | ---- | M] () MD5=F9FBA73F44366AB3514BD1985707F178 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.HTML >
[2014/01/23 20:53:14 | 000,006,329 | ---- | M] () MD5=89DEC3D453DBE77544CC378866F543AF -- C:\Program Files (x86)\BillP Studios\WinPatrol\services.html

< MD5 for: SERVICES.LNK >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 01:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 01:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 01:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 01:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< [CREATERESTORPOINT] >

< End of report >


OTL Extras logfile created on: 2/15/2014 6:28:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rich\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 57.75% Memory free
7.82 Gb Paging File | 6.07 Gb Available in Paging File | 77.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 681.84 Gb Total Space | 637.40 Gb Free Space | 93.48% Space Free | Partition Type: NTFS
Drive D: | 16.69 Gb Total Space | 2.05 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Drive E: | 7.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RICH-HP | User Name: Rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4075957569-1680572243-469715140-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D43693C-1535-4C53-9970-CDD85C201246}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B106484-13B1-4964-8F93-F10CD055972F}" = lport=138 | protocol=17 | dir=in | app=system |
"{3FF9A45F-6D90-4081-9F1C-C079C3915732}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{447A2954-6388-43C2-81E5-A001F6507414}" = lport=137 | protocol=17 | dir=in | app=system |
"{4522AED6-2776-4072-87F4-3400364AD4F5}" = lport=445 | protocol=6 | dir=in | app=system |
"{45A76500-B0CE-4937-9346-B4B3E83914AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{464AFD9C-6C9D-4144-8114-07EA0856CC01}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FFCB3CA-6DBF-4316-BE31-D5A497ACE7A3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{507085CC-8CB7-4257-87CF-D96BCD119810}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D7807D4-BA0C-4339-8C10-0CC0EB911F5C}" = rport=445 | protocol=6 | dir=out | app=system |
"{676B750E-1DC1-46AC-8154-42E51B2E9CA2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BB2EF25-B885-4617-8A39-524D747970A9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E222D0A-82B9-49C1-915C-FC4E7BD428BB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{948794FE-E5F8-4D99-A48C-55C275C3F25F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A02E023C-8079-4FA7-BEC2-921E3E43267F}" = rport=138 | protocol=17 | dir=out | app=system |
"{A179F969-65F8-4445-BDDC-7AFA1962CE7A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BE1B8266-5BB7-4C9B-8C1E-387D61357C20}" = rport=137 | protocol=17 | dir=out | app=system |
"{C84448B3-909E-4846-90D9-514F5F035039}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D14B0EF4-3C10-40F6-BC53-F79283FAE440}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D30D4763-1DC0-49C2-BD1D-5806D4F9BB95}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E3B1A843-726F-4F97-B36F-91FCAE77C98C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EA3CD470-A613-4B33-8AB9-E690FF860A86}" = rport=139 | protocol=6 | dir=out | app=system |
"{ED222235-A891-41E1-8DB4-0528972CBAEB}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E4EC0E-17A3-49D4-9491-B5DEA2E352D3}" = protocol=1 | dir=out | [email protected],-28544 |
"{0E00E30A-4F96-48BB-BBFF-64E5A85170F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D5ED9B6-F274-45AF-A028-69909EA75B0B}" = protocol=58 | dir=out | [email protected],-28546 |
"{1FCBB2E6-86A5-479C-8B58-E42C129B71D9}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{387CD476-BBFA-4BA6-A34B-53F68C55C38B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4A3EAACF-E590-479C-9A12-3510DCA16D8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4BBCBFEB-802D-46F5-8E7B-E1FAC888CFD7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5B0D94AF-2FBF-45B2-8DC4-3067EE9560AC}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe |
"{66201186-A939-4800-BEA0-FD7C72DF35DB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{70C3ABC9-2B60-468B-B738-F70B10AAA73F}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{75974231-8D7D-4B89-A0AA-31D48DAF9AF9}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{779A1D5B-771C-4E0A-8AE3-E1EA99343825}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\indivdrm.exe |
"{84A8CEFD-851C-482E-B689-614E271E9707}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93DA27B6-0EF9-4125-A1B4-F1BE492A61CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98BFFDEC-AEEB-496C-8FB9-0A78E0C0D4CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99BE2629-FAF1-4AFC-9512-DEC97EFCB082}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{9D4CC687-157F-4543-BBDA-DA2E118E91D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F8B5FB5-ECC1-42BD-A810-B00DE3DDC00D}" = protocol=58 | dir=in | [email protected],-28545 |
"{A345000E-88FA-4AA8-B86E-48161FF227A0}" = protocol=1 | dir=in | [email protected],-28543 |
"{B222FE30-5C7B-4FE1-BAED-0154F84165FA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B95F4EC8-1947-452B-9F7B-FD5693A5B621}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\indivdrm.exe |
"{BC5A71B0-02A2-4518-A48E-0DBC5BBC1316}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CC021908-8533-457A-9549-B79E7A73EE84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D4D91E78-974B-4F81-8E56-261F040871EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D87B5CEB-48CC-49C9-AED4-F297E739A23B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DA036978-C4C3-4953-A2A2-AF6B23007BB9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DBA4AB0D-A725-4982-9757-ED0AA4DCA65D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DBE4CEA4-230F-433B-BD28-72879A2D7114}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{E1BE9869-3900-4274-A4B9-CFD78E1058AD}" = protocol=6 | dir=out | app=system |
"{E52AE715-7E23-4580-9B36-B628A51C7788}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E5682766-0816-49DA-97EC-9EFF6420138B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F663084A-2112-4833-91DE-B0D1E1F90F30}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{421976B6-DEC6-4CA5-941F-F0663B3A2B74}" = Adobe Flash Player 11 ActiveX (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{813BA625-B0FA-48D8-9B75-59759C88C219}" = SavingsbullFilter
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B34A07DD-C6F7-414A-AE63-01019482EAF0}" = HP Application Assistant
"{B47797F6-4C28-3F32-83DC-2784335CA487}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"CCleaner" = CCleaner
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}" = HP Clock
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20714B53-FC73-4F9C-9687-49EB237D6FD7}" = HP TouchSmart RecipeBox
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}" = HP Calendar
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1" = Spot
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1" = CryptoPrevent v4.3.0
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
"{7E750542-55BC-4300-8B7B-AC2A762FB435}" = HP LinkUp
"{8364E531-493B-4B05-8041-09D5CE38B975}" = HP Weather
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP Magic Canvas Tutorials
"{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}" = HP Notes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE50893-3A87-4439-9A57-942ED43F7189}" = Facebook
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A35E58D6-2A0F-4051-983B-79342081338E}" = HP RSS
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel® Identity Protection Technology 1.1.2.0
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1" = Metric Converter
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}" = HP Magic Canvas
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F89BADB0-D319-470E-8024-443EE3A3402B}" = TSHostedAppLauncher
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"38966_KeyCoupons" = KeyCoupons
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"FileHippo.com" = FileHippo.com Update Checker
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"PDF Complete" = PDF Complete Special Edition
"Setup Support for Consumer Input" = Consumer Input
"VIP Access SDK" = VIP Access SDK (1.0.1.4)
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0c0fb511-e1ae-4502-b146-04f7e0ae8d01" = Virtual Villagers 4 - The Tree of Life
"WTA-0d3a1776-f461-43e1-a517-fc392355117e" = Final Drive Fury
"WTA-14cf0fc0-944a-46d2-be84-96e601c261a2" = Polar Bowler
"WTA-191ef8c0-c911-4313-a01a-5f47205df942" = Plants vs. Zombies - Game of the Year
"WTA-227fb2c7-69ee-4127-9fab-1c248583190b" = Letters from Nowhere 2
"WTA-2f2fffa7-3a7f-4ddc-b465-bf86b095548a" = Farm Frenzy
"WTA-300cc5ba-a7e1-4824-9304-5d5f6547aeae" = Polar Golfer
"WTA-46e0c2ee-bdeb-45d5-9d3c-1d0c8ca16b00" = Poker Superstars III
"WTA-46e140da-c8b8-4491-9f4b-c371fed7a37e" = Mah Jong Medley
"WTA-4a05159e-6b6d-4bf6-876e-d5ec2fe36cda" = John Deere Drive Green
"WTA-4cec465c-7b71-4ed0-9c51-9e3cdcadbec8" = Zuma's Revenge
"WTA-58e1ce00-cb9d-4033-96d5-8d368ada7686" = Jewel Match 3
"WTA-61e8cba7-e309-495e-90fb-7526ff0bdc15" = The Treasures of Mystery Island: The Ghost Ship
"WTA-631abed9-e1bc-4a35-8240-4b9c5f5eaf6f" = Torchlight
"WTA-664f0ccd-2f07-485a-8188-e69d59e86b7b" = Blackhawk Striker 2
"WTA-6a6a1ca4-d409-4a02-9ffa-1648744e602e" = Chuzzle Deluxe
"WTA-95c49cce-009c-4ab2-a066-2c8afef8c97a" = FATE
"WTA-96f0d9ee-7c0b-4658-9b88-2431323693c0" = Cradle of Rome 2
"WTA-a22e15cd-b03a-41de-bce6-7f9f735ea7f8" = Bejeweled 3
"WTA-a853c508-a859-4ee9-903e-497c30755fcf" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-b2e1574c-fb55-4169-bc6d-09401cd6fb64" = Hoyle Card Games
"WTA-b40c8b94-5f0d-47df-ad23-3604373c662f" = Dora's World Adventure
"WTA-c140de1c-a1b1-4dcf-8bba-88d2fc7f72c9" = Luxor HD
"WTA-c53895fe-60c3-4ec2-a0d2-75abcadda7ab" = RollerCoaster Tycoon 3: Platinum
"WTA-cb99ab7e-cfde-4142-8d48-059e5709c112" = Farmscapes
"WTA-f15ac199-4f24-4c8a-99db-dc39994260a1" = Penguins!

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4075957569-1680572243-469715140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DesktopWeatherAlerts" = DesktopWeatherAlerts

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2014 9:15:18 PM | Computer Name = Rich-HP | Source = Windows Search Service | ID = 3029
Description =

Error - 1/28/2014 9:15:19 PM | Computer Name = Rich-HP | Source = Windows Search Service | ID = 3029
Description =

Error - 1/28/2014 9:15:19 PM | Computer Name = Rich-HP | Source = Windows Search Service | ID = 3028
Description =

Error - 1/28/2014 9:15:19 PM | Computer Name = Rich-HP | Source = Windows Search Service | ID = 3058
Description =

Error - 1/28/2014 9:15:19 PM | Computer Name = Rich-HP | Source = Windows Search Service | ID = 7010
Description =

Error - 2/9/2014 8:34:47 PM | Computer Name = Rich-HP | Source = SavingsbullFilterService64 | ID = 7000
Description =

Error - 2/9/2014 8:39:46 PM | Computer Name = Rich-HP | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Failed auto update retrieval of third-party root certificate from:
<http://ctldl.windows...5B68851868.crt>
with error: This operation returned because the timeout period expired. .

Error - 2/9/2014 8:39:48 PM | Computer Name = Rich-HP | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Failed auto update retrieval of third-party root certificate from:
<http://ctldl.windows...5B68851868.crt>
with error: The specified server cannot perform the requested operation. .

Error - 2/9/2014 8:39:48 PM | Computer Name = Rich-HP | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Failed auto update retrieval of third-party root certificate from:
<http://ctldl.windows...5B68851868.crt>
with error: The specified server cannot perform the requested operation. .

Error - 2/9/2014 8:39:48 PM | Computer Name = Rich-HP | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Failed auto update retrieval of third-party root certificate from:
<http://ctldl.windows...5B68851868.crt>
with error: The specified server cannot perform the requested operation. .

[ Hewlett-Packard Events ]
Error - 1/19/2014 3:46:44 PM | Computer Name = Rich-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 4002 Ram
Utilization: 40 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

[ System Events ]
Error - 1/20/2014 8:02:22 AM | Computer Name = Rich-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service
Pack 2 for x64-based Systems (KB954430).

Error - 1/20/2014 8:12:21 AM | Computer Name = Rich-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack
2 for x64-based Systems (KB973688).

Error - 1/20/2014 9:55:56 PM | Computer Name = Rich-HP | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%16405

Error - 1/20/2014 9:58:55 PM | Computer Name = Rich-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows
7 for x64-based Systems (KB2898785).

Error - 1/21/2014 6:36:12 AM | Computer Name = Rich-HP | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.2. The computer with the IP address 192.168.2.1 did not
allow the name to be claimed by this computer.

Error - 1/21/2014 6:42:41 AM | Computer Name = Rich-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070103: Intel Corporation - Graphics Adapter WDDM1.1, Graphics Adapter
WDDM1.2 - Intel® HD Graphics.

Error - 1/28/2014 9:15:19 PM | Computer Name = Rich-HP | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 1/28/2014 9:15:19 PM | Computer Name = Rich-HP | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.


< End of report >

Attached Files

  • Attached File  Extras.Txt   60.79KB   247 downloads
  • Attached File  OTL.Txt   268.99KB   235 downloads

  • 0

#201
23red
Posted 15 February 2014 - 11:28 AM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Rich :)

Ok, let's get this cleaned up:

Step 1.

Uninstalls

Please uninstall the following adware/junkware:

KeyCoupons
SavingsbullFilter

Step 2.

OTL Fix

Please right click on Posted Image Run as Administrator, accept UAC prompts.

Under Posted Image
in the textbox at the bottom, please paste in the following text:

:Commands
[CREATERESTOREPOINT]
:OTL
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9CE0EE08-F073-4A9F-840E-7ED33612B8B3}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{9CE0EE08-F073-4A9F-840E-7ED33612B8B3}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.duckduck.go/
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\SearchScopes\{9CE0EE08-F073-4A9F-840E-7ED33612B8B3}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "DuckDuckGo"
FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...BDB26DD1&SSPV="
FF - prefs.js..extensions.enabledAddons: gethighlightly%40gethighlightly.com:1.9.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014/02/09 18:34:43 | 000,000,000 | ---D | M]
[2014/02/09 18:35:24 | 000,000,000 | ---D | M] (KeyCoupons) -- C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\ix1jzlpa.default\extensions\{456573A9-9AD5-1DCD-526B-7460F3646926}
[2014/02/09 18:44:58 | 000,000,975 | ---- | M] () -- C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\ix1jzlpa.default\searchplugins\conduit-search.xml
[2014/01/25 05:28:37 | 000,001,874 | ---- | M] () -- C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\ix1jzlpa.default\searchplugins\duckduckgo.xml
[2014/02/09 18:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/09 18:34:43 | 000,000,000 | ---D | M] () -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/02/15 06:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2014/02/15 06:27:13 | 000,000,000 | ---D | M] () -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2014/02/15 06:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2014/02/15 06:27:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O2:64bit: - BHO: (KeyCoupons BHO) - {6E713650-8DDF-499E-95B6-DD10C65CC8C5} - C:\Program Files (x86)\KeyCoupons\FrameworkBHO64.dll ()
O2:64bit: - BHO: (Highlightly) - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
O2 - BHO: (KeyCoupons BHO) - {6E713650-8DDF-499E-95B6-DD10C65CC8C5} - C:\Program Files (x86)\KeyCoupons\FrameworkBHO.dll ()
O3 - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\RunOnce: [KeyCoupons-repairJob] C:\Users\Rich\AppData\Local\KeyCoupons\repair.js ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
[2014/02/09 18:39:21 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\SearchProtect
[2014/02/09 18:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2014/02/09 18:35:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2014/02/09 18:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyCoupons
[2014/02/09 18:35:21 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\KeyCoupons
[2014/02/09 18:35:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bench
[2014/02/09 18:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Highlightly
[2014/02/09 18:33:58 | 000,000,000 | ---D | C] -- C:\temp
[2014/02/09 18:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2014/02/09 18:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2014/02/09 18:33:49 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\emaze
:Files
ipconfig /flushdns /c







• Push the Posted Image button.
• OTL may ask to reboot the machine. Please do so if asked.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
• A massage box Posted Image will pop-up.

• Click the OK button and a report will open.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
• Copy and Paste that report in your next reply, please


Step 3.

ADWCleaner

Please download AdwCleaner from here to your Desktop.

Posted Image

•Right click and Run as Administrator
•Once it opens click on the Search button
•Let AdwCleaner run thru,
•Once scan completes, Select Delete
•It will remove all it finds.
•Once done it will ask to reboot, please allow this
•On reboot a log will be produced at C:\ADWCleaner[XX].txt please post that as well.

Step 4.

I'd like to see the Malwarebytes log.
To do this please open Malwarebytes and click on the Logs tab.
Choose the scan with the date you ran to get all those PUPs.
At the bottom of the window click Open
Right click anywhere in the window of the open logfile and choose Select all
All will be highlighted.
Right click again and choose Copy
Paste the log here :)


Step 5.

Fresh OTL Scan

• Please right click on Posted Image Run as Administrator, accept UAC prompts.

• Make sure all other windows are closed and to let it run uninterrupted.

• Please check the box next to Scan All Users.

•Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.

•When the scan completes, it will open a notepad window ~ OTL.Txt. It is saved in the same location as OTL ~ Desktop

•Please copy (Edit ~> Select All, Edit ~> Copy) the log it produces in your next reply.

When you return, please:

OTL fix log
ADWCleaner log
Malwarebytes log
Fresh OTL log

Thank you :)
  • 0

#202
1324
Posted 16 February 2014 - 05:53 AM

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
I uninstalled KeyCoupons but was unable to uninstall SavingsbullFilter. I went to programs and features, highlighted Savingsbullfilter and clicked "uninstall. "I tried multiple times and rebooted but it didn't uninstall. :(
Rich

Edited by 1324, 16 February 2014 - 05:53 AM.

  • 0

#203
23red
Posted 16 February 2014 - 06:14 PM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Rich :)

Continue with the next step and forward. We'll get it one way or another ;) Not a problem. Thank you for letting me know!
  • 0

#204
23red
Posted 19 February 2014 - 09:03 PM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Rich :)
Everything ok? How's it coming along?
  • 0

#205
1324
Posted 22 February 2014 - 08:39 AM

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
Sorry, no time during the week. Just exhausted. Anyway here is the OTL log:
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CE0EE08-F073-4A9F-840E-7ED33612B8B3}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CE0EE08-F073-4A9F-840E-7ED33612B8B3}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CE0EE08-F073-4A9F-840E-7ED33612B8B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CE0EE08-F073-4A9F-840E-7ED33612B8B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
HKU\S-1-5-21-4075957569-1680572243-469715140-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-4075957569-1680572243-469715140-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4075957569-1680572243-469715140-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_USERS\S-1-5-21-4075957569-1680572243-469715140-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4075957569-1680572243-469715140-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-4075957569-1680572243-469715140-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9CE0EE08-F073-4A9F-840E-7ED33612B8B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CE0EE08-F073-4A9F-840E-7ED33612B8B3}\ not found.
Registry key HKEY_USERS\S-1-5-21-4075957569-1680572243-469715140-1001\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_USERS\S-1-5-21-4075957569-1680572243-469715140-1001\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
Registry key HKEY_USERS\S-1-5-21-4075957569-1680572243-469715140-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
Prefs.js: "DuckDuckGo" removed from browser.search.defaultenginename
Prefs.js: "DuckDuckGo" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://search.condui...BDB26DD1&SSPV=" removed from browser.startup.homepage
Prefs.js: gethighlightly%40gethighlightly.com:1.9.0.0 removed from extensions.enabledAddons
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 removed from extensions.enabledAddons
Prefs.js: "" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] folder moved successfully.
Folder C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\ix1jzlpa.default\extensions\{456573A9-9AD5-1DCD-526B-7460F3646926}\ not found.
C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\ix1jzlpa.default\searchplugins\conduit-search.xml moved successfully.
C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\ix1jzlpa.default\searchplugins\duckduckgo.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions folder moved successfully.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\ not found.
C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected] folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\updated\extensions folder moved successfully.
Folder C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]\ not found.
C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions folder moved successfully.
Folder C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E713650-8DDF-499E-95B6-DD10C65CC8C5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E713650-8DDF-499E-95B6-DD10C65CC8C5}\ not found.
File C:\Program Files (x86)\KeyCoupons\FrameworkBHO64.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}\ deleted successfully.
C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E713650-8DDF-499E-95B6-DD10C65CC8C5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E713650-8DDF-499E-95B6-DD10C65CC8C5}\ not found.
File C:\Program Files (x86)\KeyCoupons\FrameworkBHO.dll not found.
Registry value HKEY_USERS\S-1-5-21-4075957569-1680572243-469715140-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\KeyCoupons-repairJob not found.
File C:\Users\Rich\AppData\Local\KeyCoupons\repair.js not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
C:\Users\Rich\AppData\Local\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Users\Rich\AppData\Local\SearchProtect\SearchProtect\Logs folder moved successfully.
C:\Users\Rich\AppData\Local\SearchProtect\SearchProtect folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.3.0 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search folder moved successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar folder moved successfully.
Folder C:\Program Files (x86)\KeyCoupons\ not found.
Folder C:\Users\Rich\AppData\Local\KeyCoupons\ not found.
C:\Program Files (x86)\Bench folder moved successfully.
C:\Program Files\Highlightly\IE folder moved successfully.
C:\Program Files\Highlightly folder moved successfully.
C:\temp folder moved successfully.
C:\ProgramData\VisualBee folder moved successfully.
C:\Program Files\Level Quality Watcher folder moved successfully.
C:\Users\Rich\AppData\Local\emaze folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Rich\Downloads\cmd.bat deleted successfully.
C:\Users\Rich\Downloads\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 02222014_083426
  • 0

Advertisements

#206
1324
Posted 22 February 2014 - 08:52 AM

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
unable to down load AdwCleaner using your link. :(
Rich
  • 0

#207
23red
Posted 22 February 2014 - 09:40 AM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Rich :)

Sorry about that. Try this link.
  • 0

#208
1324
Posted 22 February 2014 - 07:05 PM

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
I hope this is what you wanted:

# AdwCleaner v3.019 - Report created 22/02/2014 at 18:07:54
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rich - RICH-HP
# Running from : C:\Users\Rich\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Rich\AppData\Local\Searchprotect
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\ix1jzlpa.default\invalidprefs.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKLM\Software\Bench
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\visualbee

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\ix1jzlpa.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3320133&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP7114AF42-5690-4CF4-8BCF-3013BDB26DD1");

*************************

AdwCleaner[R0].txt - [2397 octets] - [22/02/2014 17:58:15]
AdwCleaner[S0].txt - [2254 octets] - [22/02/2014 18:07:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2314 octets] ##########


Malwarebytes hasn't found any viruses since you showed me how to delete all of them but the following is the log that had 900+


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.09.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Rich :: RICH-HP [administrator]

2/9/2014 7:51:18 PM
mbam-log-2014-02-09 (19-51-18).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 303415
Time elapsed: 19 minute(s), 33 second(s)

Memory Processes Detected: 4
C:\Program Files (x86)\Highlightly\Service\hlsvc.exe (PUP.Optional.Highlightly) -> 4856 -> No action taken.
C:\Users\Rich\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (PUP.Optional.WeatherAlerts) -> 3580 -> No action taken.
C:\Users\Rich\AppData\Local\WeatherAlerts\WeatherAlerts.exe (PUP.Optional.WeatherAlerts) -> 6028 -> No action taken.
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Savingsbull) -> 4888 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 16
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.Conduit.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopWeatherAlerts (PUP.Optional.WeatherAlerts.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Highlightly (PUP.Optional.Highlightly) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\hlsvc (PUP.Optional.Highlightly) -> No action taken.
HKLM\SOFTWARE\Highlightly (PUP.Optional.Highlightly) -> No action taken.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLNFD (PUP.Optional.Highlightly) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee for Microsoft PowerPoint (PUP.Optional.Visualbee) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\Level Quality Watcher (PUP.Optional.Savingsbull) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EA3802D2-C00A-4478-9319-34075A31C28F} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKCR\Interface\{483F56D2-1D67-44A5-A4C5-67DBB724F7A0} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SYSTEM\CurrentControlSet\Services\hlnfd|DisplayName (PUP.Optional.Highlightly) -> Data: hlnfd -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\hlsvc|DisplayName (PUP.Optional.Highlightly) -> Data: Highlightly Client Service -> No action taken.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Good: () -> Quarantined and repaired successfully.

Folders Detected: 39
C:\Program Files (x86)\Bench\NmHost (PUP.Optional.BenchUpdater) -> No action taken.
C:\Users\Rich\AppData\Local\BenchUpdater (PUP.Optional.BenchUpdater.A) -> No action taken.
C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\Highlightly (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\3rd Party Licenses (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\FireFox (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\IE (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\Service (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Bench\Updater (PUP.Optional.AdwarePlugin) -> No action taken.
C:\Program Files (x86)\Bench\Updater\1.7.0.0 (PUP.Optional.AdwarePlugin) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\GuideFiles (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\LocalDB (PUP.Optional.Visualbee) -> No action taken.
C:\Program Files\Level Quality Watcher\v1.01 (PUP.Optional.Adpeak) -> No action taken.
C:\Users\Rich\AppData\Local\Local_Weather_LLC (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\Rich\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_hadmnrcjkgb4datazfnh0wte2drycbya (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\Rich\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_hadmnrcjkgb4datazfnh0wte2drycbya\1.4.0.0 (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\Rich\AppData\Local\WeatherAlerts (PUP.Optional.WeatherAlerts) -> No action taken.

Files Detected: 889
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Savingsbull) -> No action taken.
C:\Program Files (x86)\Bench\Updater\1.7.0.0\updater.exe (PUP.Optional.Adwareplugin) -> No action taken.
C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00I5SFGK\DesktopWeatherAlertsSetup[1].exe (PUP.Optional.WeatherAlerts.A) -> No action taken.
C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDFGEAOL\spstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZDPDDL3\DesktopWeatherAlertsSetup[1].exe (PUP.Optional.WeatherAlerts.A) -> No action taken.
C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZDTL1SZ\SPSetup[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Rich\AppData\Local\Temp\DesktopWeatherAlertsSetup.exe (PUP.Optional.WeatherAlerts.A) -> No action taken.
C:\Users\Rich\AppData\Local\Temp\KeyCoupons.exe (PUP.Optional.Adwareplugin) -> No action taken.
C:\Users\Rich\AppData\Local\Temp\nse1C1F.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Rich\AppData\Local\Temp\nsj1A69.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Rich\AppData\Local\Temp\nsjD0AB.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Rich\AppData\Local\Temp\nszD290.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Rich\AppData\Local\Temp\n9023\keycoupon_0402-df24f1cf.exe (PUP.Optional.Otshot.A) -> No action taken.
C:\Users\Rich\AppData\Local\Temp\n9777\searchprotect_2111-1a12a8ce.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Rich\AppData\Local\Temp\nso828B\SpSetup.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Rich\AppData\Local\WeatherAlerts\DesktopWeatherAlertsuninstall.exe (PUP.Optional.WeatherAlerts.A) -> No action taken.
C:\Users\Rich\Downloads\Openoffice.exe (PUP.Optional.Bundler) -> No action taken.
C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Program Files (x86)\Bench\NmHost\nmhost.exe (PUP.Optional.BenchUpdater) -> No action taken.
C:\Program Files (x86)\Bench\NmHost\manifest.json (PUP.Optional.BenchUpdater) -> No action taken.
C:\Windows\Tasks\bench-S-1-5-21-4075957569-1680572243-469715140-1001.job (PUP.Optional.BenchUpdater.A) -> No action taken.
C:\Windows\Tasks\bench-sys.job (PUP.Optional.BenchUpdater.A) -> No action taken.
C:\Users\Rich\AppData\Local\BenchUpdater\products.xml (PUP.Optional.BenchUpdater.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\Highlightly\terms-of-service.rtf (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\Uninstall.exe (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\buildcrx-license.txt (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\Info-ZIP-license.txt (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\nsJSON-license.txt (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\SimpleSC-license.txt (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\UAC-license.txt (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\FireFox\[email protected] (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Highlightly\Service\hlsvc.exe (PUP.Optional.Highlightly) -> No action taken.
C:\Program Files (x86)\Bench\Updater\products.xml (PUP.Optional.AdwarePlugin) -> No action taken.
C:\Program Files (x86)\Bench\Updater\updater.exe (PUP.Optional.AdwarePlugin) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\ClientComServices.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\ClientSoftwareUpdate.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\ClientUtilities.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\DocumentFormat.OpenXml.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Domain.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\IComService.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\IDBService.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Ionic.Zip.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\ISwUpdateService.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Microsoft.Office.Tools.Common.v4.0.Utilities.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_Advisor.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_Analysis.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_Analyzer.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_Builder.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_Cleaner.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_Database.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_Design.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_Designer.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_Downloader.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_Engine.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_EngineGlobals.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_Extractor.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_ExtraGlobals.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_HunposHelper.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_ImageManipulator.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_MessageForm.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_Normalizer.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_Presentation.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_SendLogFile.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_Share.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_SmartArtLib.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_WordNetHelper.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\N_ZoomPanel.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\SlideShareAPI.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\uninst.exe (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\VBeeAbout.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\VBeeAccount.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\VBeeClient.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\VBeeClient.dll.config (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\VBeeClient.dll.manifest (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\VBeeClient.vsto (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\VBeeEnhance.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\VBeeLibrary.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\VBeeMyLogo.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\VBeeWebSearch.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\WordNetClasses.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\adj.exc (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\adv.exc (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\cntlist (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\cntlist.rev (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\cygwin1.dll (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\data.adj (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\data.adv (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\data.noun (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\data.verb (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\english.model (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\frames.vrb (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\hunpos-tag.exe (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\index.adj (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\index.adv (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\index.noun (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\index.sense (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\index.verb (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\log.grind.2.1 (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\noun.exc (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\sentidx.vrb (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\sents.vrb (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\verb.exc (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\Dic-Eng\verb.Framestext (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\GuideFiles\License.rtf (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeExe\GuideFiles\SelectSlidesGuide.rtf (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 colors 01_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 colors 01_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 colors 01_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 02_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 02_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 02_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 03_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 03_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 03_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 04_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 04_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 04_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 05_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 05_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 05_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 06_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 06_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 06_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 07_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 07_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 07_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 08_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 08_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\3 Colors 08_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_6frame_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_6frame_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_6frame_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_blue_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_blue_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_blue_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_book_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_book_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_book_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_chinesepaper_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_chinesepaper_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_chinesepaper_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_greenstars_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_greenstars_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_greenstars_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_majestic_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_majestic_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_majestic_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_paperback_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_paperback_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_paperback_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_pareeca_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_pareeca_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_pareeca_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_pink_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_pink_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_pink_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_spirala_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_spirala_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Analogue_spirala_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\BaloonGirl_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\BaloonGirl_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\BaloonGirl_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ChineseDoll_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ChineseDoll_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ChineseDoll_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Christmas1_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Christmas1_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Christmas1_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Christmas2_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Christmas2_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Christmas2_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Comics01_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Comics01_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Comics01_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Comics02_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Comics02_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Comics02_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Comics03_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Comics03_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Comics03_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Comics04_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Comics04_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Comics04_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Comics05_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Comics05_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Comics05_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Comics06_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Comics06_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Comics06_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Angles_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Angles_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Angles_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Apo_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Apo_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Apo_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_BlackTie_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_BlackTie_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_BlackTie_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Composite_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Composite_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Composite_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Elemental_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Elemental_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Elemental_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_gray_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_gray_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_gray_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Horizon_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Horizon_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Horizon_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Newspaper_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Newspaper_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Newspaper_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Paper_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Paper_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Paper_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Technic_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Technic_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Technic_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Verve_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Verve_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Flashy_Colours_Verve_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Bubbles_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Bubbles_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Bubbles_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Classic_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Classic_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Classic_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Desert_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Desert_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Desert_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Earth_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Earth_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Earth_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Flower_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Flower_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Flower_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Leaves_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Leaves_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Leaves_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Ornament_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Ornament_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Ornament_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Sky_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Sky_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Sky_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Sport_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Sport_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Sport_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Urban_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Urban_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Guga_Urban_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\HandShake_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\HandShake_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\HandShake_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Large_title_A_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Large_title_A_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Large_title_A_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Large_title_B_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Large_title_B_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Large_title_B_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Large_title_C_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Large_title_C_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Large_title_C_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Large_title_D_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Large_title_D_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Large_title_D_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\logo.png (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark 01_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark 01_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark 01_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark 02_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark 02_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark 02_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark 03_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark 03_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark 03_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark 04_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark 04_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark 04_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark 05_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark 05_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark 05_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark Flowers_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark Flowers_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark Flowers_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark Paper_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark Paper_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark Paper_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark Plants_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark Plants_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark Plants_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark Sand_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark Sand_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark Sand_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark Stars_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark Stars_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark Stars_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark Waves_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark Waves_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Mono Dark Waves_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Female_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Female_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Female_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Guy_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Guy_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_Guy_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_SCI_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\myTemplates_3M_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\myTemplate_Background.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\myTemplate_Button.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Painting_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Painting_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Painting_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Background.png (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Background_v35.png (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Buy1.png (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Buy2.png (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PaymentPanel-Buy3.png (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_01_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_01_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_01_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_02_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_02_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_02_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_03_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_03_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_03_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_04_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_04_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_04_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_05_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_05_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_05_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_06_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_06_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_06_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_07_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_07_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_07_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_08_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_08_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_08_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_09_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_09_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_09_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_10_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_10_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_10_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_11_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_11_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_11_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_12_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_12_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_12_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_13_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_13_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_13_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_15_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_15_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_15_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_16_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_16_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_16_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_17_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_17_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_17_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_18_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_18_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_18_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_19_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_19_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_19_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_20_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_20_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppA_Classic_20_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppD_Classic_14_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppD_Classic_14_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ppD_Classic_14_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_educ_07_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_educ_07_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_educ_07_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_medc_01_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_medc_01_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_medc_01_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_medc_02_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_medc_02_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_medc_02_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_sport_06_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_sport_06_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_sport_06_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_techPp_01_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_techPp_01_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_techPp_01_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_techPp_02_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_techPp_02_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_techPp_02_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_techPp_04_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_techPp_04_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_techPp_04_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_travl_01_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_travl_01_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_travl_01_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_travl_06_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_travl_06_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PpD_travl_06_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_01_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_01_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_01_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_02_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_02_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_02_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_03_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_03_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_03_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_04_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_04_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_04_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_05_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_05_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_05_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_06_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_06_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_06_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_08_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_08_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_educ_08_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_legal_01_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_legal_01_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_legal_01_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_legal_02_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_legal_02_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_legal_02_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_legal_03_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_legal_03_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_legal_03_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_legl_04_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_legl_04_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_legl_04_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_medc_03_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_medc_03_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_medc_03_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_sport_01_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_sport_01_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_sport_01_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_sport_02_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_sport_02_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_sport_02_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_sport_03_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_sport_03_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_sport_03_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_sport_04_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_sport_04_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_sport_04_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_sport_05_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_sport_05_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_sport_05_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_tech_03_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_tech_03_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_tech_03_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_travl_03_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_travl_03_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_travl_03_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_travl_04_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_travl_04_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_travl_04_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_travl_05_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_travl_05_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Pp_travl_05_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PurpleButterfly_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PurpleButterfly_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\PurpleButterfly_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\RedHeadCalling_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\RedHeadCalling_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\RedHeadCalling_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ShipsComing_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ShipsComing_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ShipsComing_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Simple 01_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Simple 01_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Simple 01_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Simple 02_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Simple 02_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Simple 02_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Simple 03_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Simple 03_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Simple 03_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Simple 04_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Simple 04_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Simple 04_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\SunFlower_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\SunFlower_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\SunFlower_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T105_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T105_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T105_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T107_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T107_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T107_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T109_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T109_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T109_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T115_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T115_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T115_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T116_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T116_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T116_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T119_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T119_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T119_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T120_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T120_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T120_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T121_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T121_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T121_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T202_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T202_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T202_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T203_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T203_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T203_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T205_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T205_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T205_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T207_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T207_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T207_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T211_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T211_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T211_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T213_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T213_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T213_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T218_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T218_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T218_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T219_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T219_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T219_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T220_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T220_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T220_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T301_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T301_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T301_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T302_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T302_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T302_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T303_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T303_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T303_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T304_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T304_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T304_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T305_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T305_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T305_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T306_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T306_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T306_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T307_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T307_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T307_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T308_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T308_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T308_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T309_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T309_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T309_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T311_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T311_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T311_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T312_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T312_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T312_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T313_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T313_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T313_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T314_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T314_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T314_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T316_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T316_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T316_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T317_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T317_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T317_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T318_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T318_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T318_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T319_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T319_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T319_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T320_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T320_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T320_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T322_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T322_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T322_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T324_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T324_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T324_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T325_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T325_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T325_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T326_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T326_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T326_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T327_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T327_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\T327_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Teenage_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Teenage_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Teenage_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp01_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp01_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp01_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp02_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp02_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp02_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp03_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp03_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp03_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp04_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp04_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp04_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp05_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp05_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp05_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp06_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp06_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp06_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp07_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp07_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp07_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp08_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp08_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp08_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp09_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp09_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp09_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp10_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp10_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp10_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp11_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp11_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp11_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp12_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp12_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp12_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp13_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp13_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp13_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp14_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp14_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp14_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp15_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp15_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp15_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp16_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp16_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp16_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp17_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp17_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp17_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp18_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp18_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp18_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp19_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp19_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp19_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp20_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp20_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\ThinkUp20_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11A_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11A_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11A_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11B_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11B_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11B_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11C_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11C_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11C_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11D_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11D_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11D_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11E_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11E_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11E_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11F_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11F_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11F_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11G_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11G_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11G_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11H_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11H_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11H_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11I_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11I_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11I_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11J_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11J_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11J_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11K_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11K_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11K_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11L_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11L_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11L_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11M_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11M_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11M_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11N_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11N_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Typo11N_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\VisualBeeLogo.png (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\WatchingTheSea_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\WatchingTheSea_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\WatchingTheSea_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Watching_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Watching_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Watching_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\WeddingSoon_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\WeddingSoon_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\WeddingSoon_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\WindGirl_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\WindGirl_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\WindGirl_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y101_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y101_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y101_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y103_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y103_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y103_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y305_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y305_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y305_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y306_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y306_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y306_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y307_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y307_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y307_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y308_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y308_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y308_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y312_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y312_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y312_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y319_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y319_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y319_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y323_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y323_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y323_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y324_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y324_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y324_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y327_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y327_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y327_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y330_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y330_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y330_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y332_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y332_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y332_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y333_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y333_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y333_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y335_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y335_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y335_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y336_smart.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y336_text.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\Domain\Y336_thumb.jpg (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\LocalDB\checksum.vdb (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\LocalDB\Layouts.vdb (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\LocalDB\LayoutsSchema.vdb (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\LocalDB\PublicImages.vdb (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\LocalDB\PublicImagesKeywords.vdb (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\LocalDB\PublicImagesKeywordsSchema.vdb (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\LocalDB\PublicImagesSchema.vdb (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\LocalDB\Schemes.vdb (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\LocalDB\SchemesSchema.vdb (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\LocalDB\Slides.vdb (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\LocalDB\SlidesKeywords.vdb (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\LocalDB\SlidesKeywordsSchema.vdb (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\VisualBeeClient\LocalDB\SlidesSchema.vdb (PUP.Optional.Visualbee) -> No action taken.
C:\Users\Rich\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_hadmnrcjkgb4datazfnh0wte2drycbya\1.4.0.0\user.config (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\Rich\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\Rich\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp0.dat (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\Rich\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\Rich\AppData\Local\WeatherAlerts\DesktopWeatherAlertsK.dat (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\Rich\AppData\Local\WeatherAlerts\DesktopWeatherAlertsU.dat (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\Rich\AppData\Local\WeatherAlerts\ICSharpCode.SharpZipLib.dll (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\Rich\AppData\Local\WeatherAlerts\mod.DesktopWeatherAlertsApp0.dat (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\Rich\AppData\Local\WeatherAlerts\uninstall.exe (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\Rich\AppData\Local\WeatherAlerts\WAUpdater.exe (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\Rich\AppData\Local\WeatherAlerts\WeatherAlerts.exe (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\Rich\AppData\Local\WeatherAlerts\WeatherAlerts.exe.config (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Savingsbull) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZDPDDL3\vbmz4[1].exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\Rich\AppData\Local\Temp\GetCC.dll (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\Rich\AppData\Local\Temp\vbmz4.exe (MSIL.Solimba) -> Quarantined and deleted successfully.

(end)
  • 0

#209
1324
Posted 22 February 2014 - 07:47 PM

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red and the last OTL (I hope)

OTL logfile created on: 2/22/2014 7:07:12 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rich\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 57.45% Memory free
7.82 Gb Paging File | 6.21 Gb Available in Paging File | 79.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 681.84 Gb Total Space | 637.52 Gb Free Space | 93.50% Space Free | Partition Type: NTFS
Drive D: | 16.69 Gb Total Space | 2.05 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Drive E: | 7.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RICH-HP | User Name: Rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/15 06:23:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Downloads\OTL.exe
PRC - [2014/01/23 20:20:45 | 000,429,120 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/08 06:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
PRC - [2011/08/16 15:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 15:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/12 10:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/08/03 08:55:11 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/08/03 08:54:41 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/07/13 00:57:58 | 000,082,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2011/02/24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/16 05:34:02 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014/02/16 05:33:59 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/02/16 05:33:10 | 002,868,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\9b7a5ab89ab75ec85de0cedebfde4c5f\ReachFramework.ni.dll
MOD - [2014/02/13 06:25:28 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/13 06:25:24 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/13 06:25:20 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/13 06:25:19 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/13 06:25:19 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/13 06:25:18 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/13 06:25:16 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/13 06:25:16 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/13 06:25:15 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/13 06:25:11 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/13 06:25:10 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/13 06:25:05 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/12/24 16:14:36 | 000,642,016 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 04:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/02/16 23:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/02/15 06:38:49 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/08 06:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe -- (NIS)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/08/16 15:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/12 10:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/08/03 08:55:11 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/03 08:54:41 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/07/13 00:57:58 | 000,082,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2011/02/24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/24 17:52:38 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/12/17 16:09:02 | 000,061,592 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netfilter64.sys -- (netfilter64)
DRV:64bit: - [2013/09/26 21:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/09/26 20:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/26 20:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/09/25 21:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/09/25 20:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/09/09 20:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 19:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/06 20:16:42 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2012/06/06 19:48:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/06/06 19:48:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/19 02:02:35 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/09/19 01:52:26 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/09/14 04:35:45 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/04 05:25:16 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/08/03 08:51:56 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/01/24 01:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140222.007\ex64.sys -- (NAVEX15)
DRV - [2014/01/24 01:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/01/24 01:00:00 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/01/24 01:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140222.007\eng64.sys -- (NAVENG)
DRV - [2014/01/23 19:18:14 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140221.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/01/21 03:37:32 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://duckduckgo/
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "DuckDuckGo"
FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014/02/22 18:11:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Symantec\VIP Access Client\ [2014/01/19 13:44:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014/01/24 17:56:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/01/24 18:21:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rich\AppData\Roaming\Mozilla\Extensions
[2014/02/16 05:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\ix1jzlpa.default\extensions
[2014/02/22 08:51:13 | 000,001,874 | ---- | M] () -- C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\ix1jzlpa.default\searchplugins\duckduckgo.xml
[2014/01/24 18:08:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/15 06:38:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4075957569-1680572243-469715140-1001..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-4075957569-1680572243-469715140-1001..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKU\S-1-5-21-4075957569-1680572243-469715140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F73906CC-5585-4BF6-ABA9-777B258EC385}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/03 14:23:50 | 000,000,113 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{f0e32949-8151-11e3-a92c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e32949-8151-11e3-a92c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\TurboTax_Promotional_CD.exe -- [2013/10/03 14:23:50 | 004,893,184 | R--- | M] (Intuit)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/22 17:57:24 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/22 08:34:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/20 06:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[2014/02/20 06:07:27 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\hpqLog
[2014/02/13 06:19:20 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/13 06:18:37 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/13 06:18:37 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/13 06:18:36 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/13 06:18:36 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/13 06:18:36 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/13 06:18:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/13 06:18:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/13 06:18:35 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/13 06:18:35 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/13 06:18:35 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/13 06:18:35 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/13 06:18:35 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/13 06:18:35 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/13 06:18:35 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/13 06:18:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/13 06:18:35 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/13 06:18:34 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/13 06:18:34 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/13 06:18:34 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/13 06:18:34 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/13 06:18:33 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/13 06:18:33 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/13 06:18:31 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/13 06:07:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/13 06:07:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/13 06:06:46 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/13 06:06:46 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/13 06:06:46 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/13 06:06:46 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/13 06:06:46 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/13 06:06:46 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/13 06:06:46 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/13 06:06:46 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/13 06:06:46 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/13 06:06:46 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/13 06:06:43 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/13 06:06:43 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/13 06:06:43 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/13 06:06:43 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/13 06:06:43 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/13 06:06:43 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/13 06:06:43 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/13 06:06:05 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/13 06:06:04 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/09 18:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Setup Support for Consumer Input
[2014/02/09 18:35:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/02/01 11:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
[2014/02/01 11:43:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foolish IT
[2014/01/28 19:49:23 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\WinBatch
[2014/01/28 19:10:34 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Macromedia
[2014/01/28 19:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2014/01/28 19:00:09 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/28 18:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/01/28 18:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014/01/28 18:49:03 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Adobe
[2014/01/28 18:47:28 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\WinPatrol
[2014/01/28 18:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2014/01/28 18:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/01/28 18:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2014/01/28 18:43:47 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Malwarebytes
[2014/01/28 18:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/28 18:43:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/28 18:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/28 18:42:47 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Programs
[2014/01/27 16:07:33 | 000,000,000 | ---D | C] -- C:\Users\Rich\hpremote
[2014/01/26 11:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/01/24 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\NPE
[2014/01/24 18:08:53 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Mozilla
[2014/01/24 18:08:53 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Mozilla
[2014/01/24 18:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/01/24 18:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/01/24 18:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/01/24 17:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/01/24 17:56:48 | 000,000,000 | ---D | C] -- C:\Users\Rich\Documents\Symantec
[2014/01/24 17:55:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2014/01/24 17:30:22 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2014/01/24 17:21:55 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\HP Support Assistant

========== Files - Modified Within 30 Days ==========

[2014/02/22 18:16:23 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/22 18:16:23 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/22 18:13:58 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/22 18:13:58 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/22 18:13:58 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/22 18:08:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/22 18:08:32 | 3147,706,368 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/21 05:39:54 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRich.job
[2014/02/20 06:12:16 | 000,002,219 | ---- | M] () -- C:\Users\Rich\Desktop\HP Support Assistant.lnk
[2014/02/13 06:21:53 | 000,774,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/13 06:20:46 | 001,849,890 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Cat.DB
[2014/02/09 18:20:32 | 000,085,841 | ---- | M] () -- C:\Users\Rich\Documents\2013.pdf
[2014/02/06 05:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 05:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 05:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 04:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 04:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 04:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 04:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 04:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 04:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 04:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 04:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 04:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 04:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 03:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 03:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 03:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 03:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 03:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 03:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 03:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 03:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 02:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 02:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/01 11:43:32 | 000,001,214 | ---- | M] () -- C:\Users\Public\Desktop\CryptoPrevent.lnk
[2014/01/28 19:09:10 | 000,001,971 | ---- | M] () -- C:\Users\Rich\Desktop\Update Checker.lnk
[2014/01/28 19:00:09 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/28 19:00:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/28 18:52:32 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/01/28 18:43:30 | 000,001,135 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/01/28 18:43:30 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/26 11:14:38 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/26 10:58:54 | 000,000,772 | ---- | M] () -- C:\Users\Rich\Desktop\SecurityCheck - Shortcut.lnk
[2014/01/24 18:08:45 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/24 17:55:43 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2014/01/24 17:54:03 | 000,001,292 | ---- | M] () -- C:\Users\Rich\Desktop\Norton Installation Files.lnk
[2014/01/24 17:52:38 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/01/24 17:52:38 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/01/24 17:52:38 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

========== Files Created - No Company Name ==========

[2014/02/20 06:12:15 | 000,002,219 | ---- | C] () -- C:\Users\Rich\Desktop\HP Support Assistant.lnk
[2014/02/12 06:08:10 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForRich.job
[2014/02/09 18:33:49 | 000,001,240 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2014/02/09 18:20:31 | 000,085,841 | ---- | C] () -- C:\Users\Rich\Documents\2013.pdf
[2014/02/01 11:43:32 | 000,001,214 | ---- | C] () -- C:\Users\Public\Desktop\CryptoPrevent.lnk
[2014/01/28 19:07:20 | 000,002,001 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2014/01/28 19:07:20 | 000,001,971 | ---- | C] () -- C:\Users\Rich\Desktop\Update Checker.lnk
[2014/01/28 18:52:32 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/01/28 18:52:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/01/28 18:43:30 | 000,001,135 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/01/28 18:43:29 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/26 11:14:37 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/26 10:58:54 | 000,000,772 | ---- | C] () -- C:\Users\Rich\Desktop\SecurityCheck - Shortcut.lnk
[2014/01/24 18:08:45 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/01/24 18:08:45 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/24 17:52:37 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2014/01/24 17:30:22 | 000,001,292 | ---- | C] () -- C:\Users\Rich\Desktop\Norton Installation Files.lnk
[2012/06/06 19:48:36 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/06/06 19:48:35 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/06 19:48:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
OMG could you finally be rid of me?

lol
Thanks a million
Rich
  • 0

#210
23red
Posted 23 February 2014 - 09:08 PM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Rich :)

Looks great! Question: DuckDuckGo is preferred? I want to be sure you set it.
Let's sweep for remnants and make sure nothing is left we can see:

I'd like to see a new Malwarebytes scan please.
Right click on the Malwarebytes icon to Run as Administrator.
Hit the Quick Scan button.
Please post the resulting log.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP