Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible virus/spyware/malware...HELP ME!


  • Please log in to reply

#1
DarlaLynn83

DarlaLynn83

    New Member

  • Member
  • Pip
  • 8 posts
I am running Windows 7 and whenever I boot up my computer a box always pops up that says I have no DVD/CD drive when I do and then a window pops up that says: TSASSIST.exe error and I am having problems with my dell dock being deleted and not running properly as well. When I researched this issue, everything lead to a virus. Can someone please help me???? :surrender:
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP
Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
DarlaLynn83

DarlaLynn83

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I do apologize but what is OTL?
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP
OTL is explained in the top post of this forum which you were supposed to read before posting but:

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

then follow the instructions from my first post.
  • 0

#5
DarlaLynn83

DarlaLynn83

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
This is the log that came up when I did what you asked me to do.

OTL logfile created on: 10/9/2013 10:49:46 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darla\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 39.31% Memory free
7.60 Gb Paging File | 4.93 Gb Available in Paging File | 64.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 183.24 Gb Free Space | 40.62% Space Free | Partition Type: NTFS

Computer Name: DARLA-PC | User Name: Darla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/09 10:48:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darla\Desktop\OTL.exe
PRC - [2013/10/03 09:33:19 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/23 17:15:18 | 007,342,592 | ---- | M] (Google Inc.) -- C:\Users\Darla\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/08/26 17:31:10 | 004,851,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/06/26 17:02:58 | 000,103,936 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2013/06/26 16:37:56 | 007,391,232 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/02/06 10:09:06 | 028,469,312 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2012/05/10 15:26:52 | 000,008,704 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2012/02/01 17:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 17:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/14 09:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/07/21 11:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2010/01/11 14:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/07/22 10:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009/07/05 17:12:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/24 18:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/04 21:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2007/05/30 13:52:32 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/07 12:05:35 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3d075c3b7d099aca217beecac1f66b4b\System.Web.Services.ni.dll
MOD - [2013/10/07 12:04:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/10/07 12:04:39 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/10/07 12:04:14 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/10/07 12:04:10 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/10/07 12:04:08 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/10/07 12:03:53 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/10/03 09:33:19 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/03 02:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 02:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 02:02:12 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 02:02:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 02:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/09/23 17:03:42 | 000,344,064 | ---- | M] () -- C:\Users\Darla\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2013/09/23 17:03:22 | 000,231,936 | ---- | M] () -- C:\Users\Darla\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2013/09/23 17:02:32 | 000,253,440 | ---- | M] () -- C:\Users\Darla\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2013/09/23 17:01:52 | 000,117,248 | ---- | M] () -- C:\Users\Darla\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2013/01/10 16:01:44 | 000,026,624 | ---- | M] () -- C:\Users\Darla\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/01/10 16:01:26 | 010,683,392 | ---- | M] () -- C:\Users\Darla\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/01/10 16:01:24 | 001,681,408 | ---- | M] () -- C:\Users\Darla\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/01/10 16:01:22 | 007,741,952 | ---- | M] () -- C:\Users\Darla\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/01/10 16:01:20 | 002,248,192 | ---- | M] () -- C:\Users\Darla\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2012/10/11 21:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/10/11 21:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/01 17:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/14 09:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
MOD - [2010/07/21 11:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2010/07/21 11:34:20 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/07/21 11:34:00 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/07/21 11:33:58 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/07/21 11:33:52 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/07/21 11:33:50 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/07/21 11:33:46 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/07/21 11:33:22 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 13:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 13:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 13:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 13:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/11/13 18:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/07/22 10:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
MOD - [2007/05/30 13:52:32 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
MOD - [2007/02/07 16:51:20 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncRs.crl


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/01/11 14:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/12/14 01:28:54 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/16 21:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/03/02 14:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe -- (AESTFilters)
SRV - [2013/10/03 09:33:19 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/19 19:00:15 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/06/26 16:37:56 | 007,391,232 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/10 15:26:52 | 000,008,704 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012/02/01 17:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/09/22 12:45:35 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 02:16:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/03/04 02:15:54 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/04 02:14:54 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2009/12/14 01:28:54 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\STacSV64.exe -- (STacSV)
SRV - [2009/07/05 17:12:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/23 18:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2009/03/02 14:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/22 23:25:44 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/08/22 23:08:14 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/08/22 22:55:04 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/08/22 22:54:54 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/08/20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/08/01 16:06:28 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/08/01 16:04:56 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/06/04 09:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/08/25 11:14:26 | 000,054,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin64a.sys -- (Pcouffin64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/25 13:58:02 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012/01/25 13:57:50 | 000,030,720 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motport.sys -- (motport)
DRV:64bit: - [2012/01/25 13:57:50 | 000,030,720 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2012/01/25 13:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2012/01/25 13:57:38 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011/10/04 06:22:16 | 000,038,712 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudeadb.sys -- (ssudeadb)
DRV:64bit: - [2011/10/04 06:22:12 | 000,028,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIA_USB_MODEM.sys -- (ViaUsbModemDriver)
DRV:64bit: - [2011/10/04 06:22:12 | 000,021,760 | ---- | M] (Via Telecom, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIA_USB_ETS.sys -- (VIA_USB_ETS)
DRV:64bit: - [2011/08/19 11:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 17:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009/12/14 01:28:54 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/10 09:27:06 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2009/11/02 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/12 07:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/23 23:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/20 12:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/24 02:13:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/07/23 14:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/07/16 21:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 13:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/07/04 07:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/01 20:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 06:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/06/25 05:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 04:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 04:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/08 11:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009/01/29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2007/11/02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/08/19 11:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2D225112-C743-4F34-9A17-9872F8DEBEF6}
IE:64bit: - HKLM\..\SearchScopes\{2D225112-C743-4F34-9A17-9872F8DEBEF6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {61C439C0-EF96-4F3B-B264-97C5FC9DC820}
IE - HKLM\..\SearchScopes\{61C439C0-EF96-4F3B-B264-97C5FC9DC820}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://home.mywebsea...K2ZbjerSOHyeTQg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {16BD2269-109F-41D8-A0C1-DB81B6D97F2D}
IE - HKCU\..\SearchScopes\{16BD2269-109F-41D8-A0C1-DB81B6D97F2D}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{4C90E708-DFA2-4E77-8515-46FB40060A04}: "URL" = http://us.yhs4.searc...p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{9BAAEDA8-9929-DDF5-2A4A-B3FC1C987170}: "URL" = http://www.bing.com/...006&form=ZGAIDF
IE - HKCU\..\SearchScopes\{C1CB11B9-FAF5-4AF6-BE76-EC6B8830DF3D}: "URL" = http://websearch.ask...84-4F4B729E308C
IE - HKCU\..\SearchScopes\{DD2FF794-CB76-2726-F5E6-1807534DB7FE}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com...94&searchterm="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://www.bing.com/...form=ZGAADF&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Darla\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Darla\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Darla\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Darla\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Darla\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AutocompletePro\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2013/05/07 00:03:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/07 22:16:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/18 12:48:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/07 12:08:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Darla\AppData\Roaming\Move Networks [2010/04/08 23:19:12 | 000,000,000 | ---D | M]

[2010/04/20 23:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darla\AppData\Roaming\mozilla\Extensions
[2010/04/20 23:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darla\AppData\Roaming\mozilla\Extensions\[email protected]
[2013/09/27 11:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darla\AppData\Roaming\mozilla\Firefox\Profiles\kpov88zx.default\extensions
[2010/04/13 23:27:31 | 000,000,000 | ---D | M] (OpinionSquare) -- C:\Users\Darla\AppData\Roaming\mozilla\Firefox\Profiles\kpov88zx.default\extensions\{0b521176-81b5-4849-b963-98c7a257827d}
[2013/09/24 20:23:24 | 000,000,000 | ---D | M] (BrowserPlus2) -- C:\Users\Darla\AppData\Roaming\mozilla\Firefox\Profiles\kpov88zx.default\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}
[2010/10/25 17:55:03 | 000,001,820 | ---- | M] () -- C:\Users\Darla\AppData\Roaming\mozilla\firefox\profiles\kpov88zx.default\searchplugins\bing.xml
[2013/09/01 16:42:46 | 000,001,001 | ---- | M] () -- C:\Users\Darla\AppData\Roaming\mozilla\firefox\profiles\kpov88zx.default\searchplugins\conduit.xml
[2012/08/10 21:02:06 | 000,001,301 | ---- | M] () -- C:\Users\Darla\AppData\Roaming\mozilla\firefox\profiles\kpov88zx.default\searchplugins\my-homepage.xml
[2013/09/01 16:42:46 | 000,000,915 | ---- | M] () -- C:\Users\Darla\AppData\Roaming\mozilla\firefox\profiles\kpov88zx.default\searchplugins\yahoo.xml
[2013/08/18 12:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/18 12:48:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/09/01 16:41:47 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/08/18 12:48:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/03 09:33:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/02 11:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/10/02 15:44:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/10/02 15:44:25 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2013/10/02 11:44:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2013/10/02 11:44:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Darla\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.19.2.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Darla\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.19.2.5_0\plugins/np-cwmp.dll
CHR - plugin: Conduit Chrome Approve TB Plugin (Enabled) = C:\Users\Darla\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.19.2.5_0\plugins/ChromeApproveTBPlugin.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Darla\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.19.2.5_0\search/plugins/npConduitNewTabPlugin.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Darla\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Darla\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Darla\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Darla\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Chrome In-App Payments service = C:\Users\Darla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Darla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2010/08/31 20:33:07 | 000,416,980 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14389 more lines...
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrowserPlugInHelper] C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe File not found
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe File not found
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - HKCU..\Run: [MusicManager] C:\Users\Darla\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Darla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: genieo.com ([yahoo] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BB8976D-19AB-4E5C-9CE0-A3EE8AD5C377}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB94191F-7DC4-4EA9-9A47-5660D466B3A8}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0ce56149-b1c4-11e0-9465-b8ac6f503e39}\Shell - "" = AutoRun
O33 - MountPoints2\{0ce56149-b1c4-11e0-9465-b8ac6f503e39}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O33 - MountPoints2\{8211c6a5-10ee-11e2-9778-b8ac6f503e39}\Shell - "" = AutoRun
O33 - MountPoints2\{8211c6a5-10ee-11e2-9778-b8ac6f503e39}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O33 - MountPoints2\{91ae8dc3-63f8-11e1-94eb-b8ac6f503e39}\Shell - "" = AutoRun
O33 - MountPoints2\{91ae8dc3-63f8-11e1-94eb-b8ac6f503e39}\Shell\AutoRun\command - "" = E:\laucher.exe
O33 - MountPoints2\{a02babe8-0bf9-11e1-b054-b8ac6f503e39}\Shell - "" = AutoRun
O33 - MountPoints2\{a02babe8-0bf9-11e1-b054-b8ac6f503e39}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{a02babf3-0bf9-11e1-b054-b8ac6f503e39}\Shell - "" = AutoRun
O33 - MountPoints2\{a02babf3-0bf9-11e1-b054-b8ac6f503e39}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{c08348e1-3049-11e1-876b-b8ac6f503e39}\Shell - "" = AutoRun
O33 - MountPoints2\{c08348e1-3049-11e1-876b-b8ac6f503e39}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{c0834c01-3049-11e1-876b-b8ac6f503e39}\Shell - "" = AutoRun
O33 - MountPoints2\{c0834c01-3049-11e1-876b-b8ac6f503e39}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe
O33 - MountPoints2\{d3844cde-21bd-11e1-a589-b8ac6f503e39}\Shell - "" = AutoRun
O33 - MountPoints2\{d3844cde-21bd-11e1-a589-b8ac6f503e39}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: rpcnet - Service
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: rpcnet - Service
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: rpcnet - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: rpcnet - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {0C294AC9-4721-FB42-AD58-7071E7396359} - Themes Setup
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/09 10:48:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Darla\Desktop\OTL.exe
[2013/10/08 23:19:26 | 000,000,000 | ---D | C] -- C:\Users\Darla\Desktop\2013-10-08
[2013/10/07 22:41:18 | 000,000,000 | ---D | C] -- C:\Users\Darla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shoot! Ballistics Software v4.0
[2013/10/07 22:41:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shoot! Ballistics Software v4.0
[2013/10/07 22:00:52 | 000,000,000 | ---D | C] -- C:\Users\Darla\AppData\Local\._LiveCode_
[2013/10/07 15:34:31 | 000,000,000 | ---D | C] -- C:\Users\Darla\AppData\Roaming\AVG2014
[2013/10/07 15:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/10/07 15:33:23 | 000,000,000 | ---D | C] -- C:\Users\Darla\AppData\Roaming\TuneUp Software
[2013/10/07 15:32:40 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/10/07 15:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/10/07 15:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/10/07 15:28:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/10/07 15:28:27 | 000,000,000 | ---D | C] -- C:\Users\Darla\AppData\Local\MFAData
[2013/10/07 15:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/10/07 15:28:27 | 000,000,000 | ---D | C] -- C:\Users\Darla\AppData\Local\Avg2014
[2013/10/07 15:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\RSA
[2013/10/07 15:18:14 | 000,000,000 | ---D | C] -- C:\Users\Darla\AppData\Local\RSA
[2013/10/07 15:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSA
[2013/10/07 15:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RSA SecurID Token Common
[2013/10/07 15:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RSA SecurID Software Token
[2013/10/07 12:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/10/07 11:41:32 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013/10/07 11:41:32 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013/10/07 11:39:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/10/07 11:39:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/10/07 11:39:10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/10/07 11:39:09 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/10/07 11:39:09 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/10/07 11:39:08 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/10/07 11:39:08 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/10/07 11:39:08 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/10/07 11:39:08 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/10/07 11:39:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/10/07 11:39:08 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/10/07 11:39:08 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/10/07 11:39:08 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/10/07 11:39:07 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/10/07 11:39:07 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/10/07 11:39:07 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/10/07 11:39:07 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/10/07 11:39:07 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/10/07 11:39:07 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/10/07 11:39:07 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/10/07 11:39:07 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/10/07 11:39:07 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/10/07 11:39:07 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/10/07 11:39:06 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/10/07 11:33:32 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013/10/07 11:33:31 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013/10/07 11:33:30 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013/10/07 11:33:30 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013/10/07 11:15:22 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/10/07 11:15:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2013/10/07 11:15:01 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013/10/07 11:15:01 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013/10/07 11:15:01 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013/10/07 11:14:50 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013/10/07 11:14:50 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013/10/07 11:14:50 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013/10/07 11:14:49 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013/10/07 11:14:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013/10/07 11:14:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013/10/07 11:14:38 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/10/07 11:14:22 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/10/07 11:14:22 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/10/07 11:14:22 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/10/07 11:14:22 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/10/07 11:14:22 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/10/07 11:14:22 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/10/07 11:14:22 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/10/07 11:14:22 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/10/07 11:14:22 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/10/07 11:14:22 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/10/07 11:14:22 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/10/07 11:14:22 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/10/07 11:14:22 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/10/07 11:14:22 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/10/07 11:14:22 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/10/07 11:14:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/10/07 11:14:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/10/07 11:14:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/10/07 11:14:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/10/07 11:14:22 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/10/07 11:14:22 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/10/07 11:14:21 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/10/07 11:14:20 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/10/07 11:14:20 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/10/07 11:14:20 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/10/07 11:14:20 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/10/07 11:14:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/10/07 11:14:19 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/10/07 11:14:19 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/10/07 11:14:19 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/10/07 11:14:19 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/10/07 11:14:19 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/10/07 11:13:06 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2013/10/07 11:13:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2013/10/07 11:12:59 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/10/07 11:12:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/10/07 11:12:51 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013/10/07 11:12:41 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/10/07 11:12:33 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/10/07 11:12:33 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/10/07 11:12:30 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/07 11:12:30 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/07 11:12:28 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/10/07 11:12:24 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013/10/07 11:12:20 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2013/10/07 11:12:20 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2013/10/07 11:12:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/10/07 11:12:15 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2013/10/07 11:03:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2013/10/06 22:28:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BallisticTables
[2013/10/06 22:16:12 | 000,000,000 | ---D | C] -- C:\Users\Darla\AppData\Roaming\iPumper
[2013/09/27 16:17:36 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/09/27 16:17:34 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2013/09/27 16:17:34 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2013/09/27 15:08:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/09/27 14:54:22 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/09/27 14:54:22 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/09/27 14:54:22 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/09/27 14:54:22 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/09/27 14:54:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/09/27 14:54:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/09/27 14:54:22 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/09/27 14:54:22 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/09/27 14:54:22 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/09/27 14:54:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/27 14:54:22 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/09/27 14:54:21 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/27 14:54:21 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/09/27 14:54:21 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/09/27 14:54:21 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/09/27 14:54:21 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/09/27 14:54:21 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/09/27 14:54:21 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/27 14:54:21 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/09/27 14:54:21 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/27 14:54:21 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/09/27 14:54:21 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/27 14:54:21 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/09/27 14:54:21 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/27 14:54:21 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/09/27 14:54:21 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/09/27 14:54:21 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/27 14:54:21 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/09/27 14:54:21 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/09/27 14:54:21 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/09/27 14:54:21 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/09/27 14:54:21 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/09/27 14:54:21 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/09/27 14:54:21 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/09/27 14:54:21 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/09/27 14:54:21 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/09/27 14:54:21 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/09/27 14:54:21 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/09/27 14:54:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/27 14:54:21 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/09/27 14:54:21 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/09/27 14:54:21 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/09/27 14:54:21 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/09/27 14:54:21 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/09/27 14:54:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/27 14:54:21 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/09/27 14:54:21 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/09/27 14:54:21 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/09/27 14:54:21 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/27 14:54:21 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/09/27 14:54:21 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/09/27 14:54:21 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/09/27 14:54:21 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/09/27 14:54:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/27 14:54:21 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/09/27 14:54:21 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/09/27 14:54:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/27 14:54:21 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/27 14:54:21 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/09/27 14:54:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/09/27 14:54:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/09/27 14:54:21 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/27 14:54:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/27 14:54:21 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/09/27 14:54:21 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/09/27 14:54:21 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/09/27 14:54:21 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/09/27 14:54:21 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/09/27 14:49:13 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/09/27 14:49:13 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/09/27 14:49:13 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/09/27 14:49:13 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/09/27 14:49:13 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/09/27 14:49:13 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/09/27 14:49:13 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/09/27 14:49:13 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/09/27 14:49:13 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/09/27 14:49:13 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/09/27 14:49:13 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/09/27 14:49:13 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/09/27 14:49:13 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/09/27 14:49:13 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/09/27 14:49:13 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/09/27 14:49:13 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/09/27 14:49:13 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/09/27 14:49:13 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/09/27 14:49:13 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/09/27 14:49:13 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/09/27 14:49:13 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/09/27 14:49:13 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/09/27 14:49:13 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/09/27 14:49:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/09/27 14:49:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/09/27 14:49:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/09/27 14:49:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/09/27 14:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/09/27 14:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/09/27 14:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/09/27 14:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/09/27 14:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/09/27 14:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/09/27 14:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/09/27 14:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/09/27 14:49:13 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/09/27 14:49:13 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/09/27 14:46:11 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/09/27 14:46:11 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/09/27 13:55:40 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/09/27 13:55:40 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/09/27 13:55:27 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/09/27 13:55:27 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/09/27 13:55:23 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/27 13:55:22 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/09/27 13:55:21 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/27 13:55:19 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/27 13:55:19 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/27 13:55:19 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/27 13:55:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/09/27 13:55:19 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/09/27 13:55:19 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/27 13:55:18 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/27 13:55:18 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/27 13:55:18 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/27 13:55:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/09/27 13:55:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/09/27 13:55:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/09/27 13:55:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/09/27 13:55:18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/09/27 13:55:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/27 13:55:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/27 13:55:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/27 13:55:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/27 13:55:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/27 13:55:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/27 13:55:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/09/27 13:55:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/27 13:55:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/27 13:55:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/27 13:55:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/27 13:55:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/27 13:55:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/27 13:55:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/27 13:55:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/27 13:55:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/27 13:55:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/27 13:55:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/27 13:55:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/27 13:55:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/27 13:55:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/27 13:55:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/09/27 13:55:17 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/09/27 13:55:17 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/09/27 13:55:14 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/09/27 13:55:14 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/09/27 13:55:13 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/09/27 13:55:13 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/09/27 13:55:02 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013/09/27 13:55:02 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/09/27 13:54:42 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/09/27 13:54:41 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/09/27 13:54:41 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/09/27 13:54:32 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/09/27 13:54:32 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/09/27 13:54:30 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/09/27 13:54:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/09/27 13:53:50 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/09/27 13:53:49 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/09/27 13:53:34 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/09/27 13:53:28 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rndismpx.sys
[2013/09/27 13:53:28 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys
[2013/09/27 13:53:28 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/09/27 13:47:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013/09/27 13:47:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013/09/27 13:46:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013/09/27 13:46:13 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013/09/27 13:46:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013/09/27 13:45:20 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013/09/27 13:45:18 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013/09/27 13:45:18 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013/09/27 13:45:13 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/09/27 13:45:09 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013/09/27 13:45:09 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013/09/27 13:45:06 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/09/27 13:45:04 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2013/09/27 13:45:04 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013/09/27 13:45:04 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2013/09/21 03:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remington Shoot!
[2013/09/20 22:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/09/20 22:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/09/20 22:46:34 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/09/20 22:46:18 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/09/20 22:46:18 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/09/20 22:46:18 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/09/20 22:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
[2013/09/20 22:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/19 18:59:53 | 003,723,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/09/11 17:36:43 | 000,000,000 | ---D | C] -- C:\Users\Darla\AppData\Roaming\Wondershare Video Converter Ultimate
[2011/11/13 21:16:03 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Darla\AppData\Roaming\pcouffin.sys
[2010/07/01 15:39:57 | 000,304,752 | ---- | C] (Absolute Software Corporation) -- C:\Users\Darla\ctmweb.exe
[2010/07/01 15:39:56 | 000,052,848 | ---- | C] (Absolute Software Corp.) -- C:\Users\Darla\ntagent.exe
[2010/07/01 15:30:03 | 011,310,984 | ---- | C] (Absolute Software Corp. ) -- C:\Users\Darla\AppData\Roaming\LoJackSetup.exe
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/09 10:50:12 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/09 10:48:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darla\Desktop\OTL.exe
[2013/10/09 10:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/09 10:41:27 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/09 10:41:26 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1863306691-975921023-445282801-1003UA.job
[2013/10/09 10:41:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/08 23:15:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/08 23:15:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/08 23:08:05 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/08 23:08:05 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/08 23:08:05 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/08 22:05:35 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1863306691-975921023-445282801-1003Core.job
[2013/10/08 14:58:14 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\SmartPCFix Task.job
[2013/10/08 14:57:31 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/07 22:41:19 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Shoot! v4.0.lnk
[2013/10/07 21:57:58 | 000,001,203 | ---- | M] () -- C:\Users\Darla\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.6.5.lnk
[2013/10/07 21:57:58 | 000,001,179 | ---- | M] () -- C:\Users\Darla\Desktop\FrostWire 5.6.5.lnk
[2013/10/07 17:04:56 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/07 15:33:24 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/10/07 15:24:19 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/10/07 15:05:12 | 000,113,224 | ---- | M] () -- C:\Users\Darla\g2ax_customer_downloadhelper_win32_x86.exe
[2013/10/07 11:57:52 | 000,383,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/02 15:36:35 | 348,696,426 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/27 14:54:22 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/09/27 14:54:22 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/09/27 14:54:22 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/09/27 14:54:22 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/09/27 14:54:22 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/09/27 14:54:22 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/09/27 14:54:22 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/09/27 14:54:22 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/09/27 14:54:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/09/27 14:54:22 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/27 14:54:22 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/09/27 14:54:21 | 003,959,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/27 14:54:21 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/09/27 14:54:21 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/09/27 14:54:21 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/09/27 14:54:21 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/09/27 14:54:21 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/09/27 14:54:21 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/27 14:54:21 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/09/27 14:54:21 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/27 14:54:21 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/09/27 14:54:21 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/27 14:54:21 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/09/27 14:54:21 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/27 14:54:21 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/09/27 14:54:21 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/09/27 14:54:21 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/27 14:54:21 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/09/27 14:54:21 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/09/27 14:54:21 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/09/27 14:54:21 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/09/27 14:54:21 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/09/27 14:54:21 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/09/27 14:54:21 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/09/27 14:54:21 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/09/27 14:54:21 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/09/27 14:54:21 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/09/27 14:54:21 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/09/27 14:54:21 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/27 14:54:21 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/09/27 14:54:21 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/09/27 14:54:21 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/09/27 14:54:21 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/09/27 14:54:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/09/27 14:54:21 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/27 14:54:21 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/09/27 14:54:21 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/09/27 14:54:21 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/09/27 14:54:21 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/27 14:54:21 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/09/27 14:54:21 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/09/27 14:54:21 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/09/27 14:54:21 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/09/27 14:54:21 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/27 14:54:21 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/09/27 14:54:21 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/09/27 14:54:21 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/27 14:54:21 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/27 14:54:21 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/09/27 14:54:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/09/27 14:54:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/09/27 14:54:21 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/27 14:54:21 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/27 14:54:21 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/09/27 14:54:21 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/09/27 14:54:21 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/09/27 14:54:21 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/09/27 14:54:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/09/27 14:54:21 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/09/27 14:54:21 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/09/27 14:49:13 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/09/27 14:49:13 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/09/27 14:49:13 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/09/27 14:49:13 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/09/27 14:49:13 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/09/27 14:49:13 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/09/27 14:49:13 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/09/27 14:49:13 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/09/27 14:49:13 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/09/27 14:49:13 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/09/27 14:49:13 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/09/27 14:49:13 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/09/27 14:49:13 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/09/27 14:49:13 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/09/27 14:49:13 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/09/27 14:49:13 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/09/27 14:49:13 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/09/27 14:49:13 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/09/27 14:49:13 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/09/27 14:49:13 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/09/27 14:49:13 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/09/27 14:49:13 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/09/27 14:49:13 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/09/27 14:49:13 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/09/27 14:49:13 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/09/27 14:49:13 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/09/27 14:49:13 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/09/27 14:49:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/09/27 14:49:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/09/27 14:49:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/09/27 14:49:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/09/27 14:49:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/09/27 14:49:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/09/27 14:49:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/09/27 14:49:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/09/27 14:49:13 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/09/27 14:49:13 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/09/27 14:46:11 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/09/27 14:46:11 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/09/20 22:46:06 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/09/20 22:46:06 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/09/20 22:46:06 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/09/20 22:46:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/09/20 22:46:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/09/20 22:46:06 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/09/19 19:00:10 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/19 19:00:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/19 18:59:53 | 003,723,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/09/12 12:24:11 | 000,002,241 | ---- | M] () -- C:\Users\Darla\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/07 22:41:19 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Shoot! v4.0.lnk
[2013/10/07 21:57:58 | 000,001,203 | ---- | C] () -- C:\Users\Darla\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.6.5.lnk
[2013/10/07 21:57:58 | 000,001,179 | ---- | C] () -- C:\Users\Darla\Desktop\FrostWire 5.6.5.lnk
[2013/10/07 15:33:23 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/10/07 15:05:11 | 000,113,224 | ---- | C] () -- C:\Users\Darla\g2ax_customer_downloadhelper_win32_x86.exe
[2013/10/07 12:07:56 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/10/07 11:41:34 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/10/07 11:33:30 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/09/27 14:54:21 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/09/27 14:54:21 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/08/12 21:55:32 | 000,941,992 | ---- | C] () -- C:\Windows\SysWow64\WPShellExt64.dll
[2013/08/12 21:54:10 | 000,727,952 | ---- | C] () -- C:\Windows\SysWow64\WSCM64.dll
[2012/12/23 12:39:33 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2012/11/27 01:33:31 | 000,000,000 | ---- | C] () -- C:\Users\Darla\AppData\Roaming\.NANotifyHere
[2012/09/30 23:31:27 | 000,000,574 | ---- | C] () -- C:\Users\Darla\LogcatOfflineView.cfg
[2011/12/21 03:04:16 | 000,003,212 | ---- | C] () -- C:\Users\Darla\AppData\Local\ukinujanecatev.dll
[2011/12/14 02:03:24 | 000,012,382 | -HS- | C] () -- C:\Users\Darla\AppData\Local\373333b5c671e602x768x2lfo8c5
[2011/11/13 21:16:03 | 000,099,384 | ---- | C] () -- C:\Users\Darla\AppData\Roaming\inst.exe
[2011/11/13 21:16:03 | 000,007,859 | ---- | C] () -- C:\Users\Darla\AppData\Roaming\pcouffin.cat
[2011/11/13 21:16:03 | 000,001,167 | ---- | C] () -- C:\Users\Darla\AppData\Roaming\pcouffin.inf
[2011/10/23 12:12:26 | 000,007,168 | ---- | C] () -- C:\Users\Darla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/03 20:40:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/11/05 17:01:15 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/07/01 15:39:56 | 000,179,453 | ---- | C] () -- C:\Users\Darla\ctmweb.xsl
[2010/07/01 15:39:56 | 000,040,960 | ---- | C] () -- C:\Users\Darla\javahelper.exe
[2010/07/01 15:29:54 | 000,000,046 | ---- | C] () -- C:\Users\Darla\AppData\Roaming\FactoryInstaller.xml
[2010/06/03 01:33:19 | 000,000,706 | ---- | C] () -- C:\Users\Darla\AppData\Roaming\wklnhst.dat
[2010/03/25 00:03:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/23 20:48:47 | 000,103,784 | ---- | C] () -- C:\Users\Darla\GoToAssistDownloadHelper.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9500420AS ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 41126400
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 451.00GB
Starting Offset: 15769766400
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2010/07/01 15:35:42 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Absolute
[2010/12/16 10:13:29 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Absolute_Software
[2013/10/07 23:22:28 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Adobe
[2010/07/17 00:26:01 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Apple Computer
[2013/10/07 15:34:31 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\AVG2014
[2012/11/24 20:01:17 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\AVS4YOU
[2011/11/06 13:45:01 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Azureus
[2013/06/20 12:36:53 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Big Fish Games
[2011/10/23 14:28:11 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Canneverbe Limited
[2013/10/08 23:08:14 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Canon
[2010/08/16 22:12:41 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
[2013/06/17 14:06:43 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Creative
[2010/03/31 17:21:13 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\CyberLink
[2010/03/17 02:14:18 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\DarkParablesBriarRose_BFG
[2010/03/10 23:00:25 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Dell
[2010/04/07 00:25:32 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\DialIdol.com
[2012/11/24 20:01:17 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\DivX
[2013/05/17 13:58:19 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Dropbox
[2011/01/02 04:08:46 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\EleFun Games
[2010/11/23 01:14:34 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Elephant Games
[2010/06/21 23:01:21 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Facebook
[2012/02/08 23:07:40 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\FrostWire
[2010/09/30 01:11:26 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\funkitron
[2013/07/22 17:18:31 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\GameMill Entertainment
[2011/11/19 21:08:52 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\GetRightToGo
[2010/12/08 02:38:45 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\gogii
[2012/12/24 23:37:28 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\HoolappforAndroid
[2012/07/22 13:51:26 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\HTC
[2010/03/10 22:59:52 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Identities
[2013/10/06 22:20:18 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\iPumper
[2011/01/03 03:58:46 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\iScreensaver
[2011/11/11 22:49:31 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Ludia
[2012/04/07 12:33:12 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\M10Editor
[2010/03/10 21:34:20 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Macromedia
[2009/07/14 03:44:38 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Media Center Programs
[2010/10/02 02:28:32 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Merscom
[2012/10/27 15:16:10 | 000,000,000 | --SD | M] -- C:\Users\Darla\AppData\Roaming\Microsoft
[2012/05/11 10:03:02 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Motorola
[2010/04/08 23:19:12 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Move Networks
[2012/08/25 11:19:25 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Mozilla
[2013/07/02 13:20:02 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\MumboJumbo
[2013/09/02 20:43:41 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\nCryptedCloud
[2012/05/02 18:42:32 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Nero
[2012/05/08 13:14:09 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\ooVoo Details
[2013/10/06 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Philipp Winterberg
[2010/09/08 22:33:17 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\PhotoScape
[2010/10/28 01:34:39 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\PlayPond
[2010/04/13 23:57:27 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Real
[2010/03/11 01:22:31 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Reallusion
[2010/03/10 23:00:20 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Roxio
[2010/04/07 00:33:58 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Roxio Log Files
[2013/06/24 20:10:55 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\SaveThePuppy
[2010/10/29 20:09:55 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Secret of the Solstice
[2010/06/17 01:50:10 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Skunk Studios
[2013/03/17 21:23:32 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Skype
[2010/03/25 22:26:56 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\skypePM
[2013/03/22 14:08:21 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\SmartPCFix
[2010/03/30 01:42:11 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Specialbit
[2010/06/03 01:33:20 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Template
[2013/10/07 15:33:23 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\TuneUp Software
[2013/09/04 21:44:51 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\uTorrent
[2011/06/15 21:00:44 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\VendelGAMES
[2012/11/25 13:34:26 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Vso
[2010/06/15 03:49:49 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\WhiteSmokeTranslator
[2013/06/17 14:04:18 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\WildTangent
[2013/09/11 17:36:43 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Wondershare Video Converter Ultimate
[2010/03/10 23:57:56 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\Yahoo!
[2013/08/12 21:56:25 | 000,000,000 | ---D | M] -- C:\Users\Darla\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\system64\csrss.exe
[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2010/03/04 03:23:42 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/03/04 03:23:42 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/03/04 03:23:45 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/03/04 03:23:45 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/03/04 03:23:45 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/03/04 03:23:42 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/03/04 03:23:45 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/03/04 03:23:42 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/13 21:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 09:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/20 09:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\system64\mswsock.dll
[2010/11/20 09:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2009/07/13 21:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 21:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 21:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\system64\NapiNSP.dll
[2009/07/13 21:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/13 21:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
[2012/01/13 03:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 03:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/20 08:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/03 12:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/20 09:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/03 13:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
[2012/10/03 13:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\system64\nlaapi.dll
[2012/10/03 13:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2009/07/13 21:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll
[2012/10/03 13:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 21:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 21:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\system64\pnrpnsp.dll
[2009/07/13 21:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\system64\PrintIsolationHost.exe
[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\system64\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\system64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USER32.DLL >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\system64\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 21:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 21:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\system64\winrnr.dll
[2009/07/13 21:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\system64\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< dir C:\ /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 72EB-7835
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Leapfrog\LeapFrog Connect\Mnt\00010013001ED7EF
12/25/2012 01:08 AM <JUNCTION> 0 [\??\Volume{1d4b2d8d-4d29-11e2-a622-b8ac6f503e39}\]
12/25/2012 01:08 AM <JUNCTION> 1 [\??\Volume{1d4b2d93-4d29-11e2-a622-b8ac6f503e39}\]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Leapfrog\LeapFrog Connect\Mnt\00010013001ED7EF
12/25/2012 01:08 AM <JUNCTION> 0 [\??\Volume{1d4b2d8d-4d29-11e2-a622-b8ac6f503e39}\]
12/25/2012 01:08 AM <JUNCTION> 1 [\??\Volume{1d4b2d93-4d29-11e2-a622-b8ac6f503e39}\]
0 File(s) 0 bytes
Directory of C:\Users\Darla
03/10/2010 10:59 PM <JUNCTION> Application Data [C:\Users\Darla\AppData\Roaming]
03/10/2010 10:59 PM <JUNCTION> Cookies [C:\Users\Darla\AppData\Roaming\Microsoft\Windows\Cookies]
03/10/2010 10:59 PM <JUNCTION> Local Settings [C:\Users\Darla\AppData\Local]
03/10/2010 10:59 PM <JUNCTION> My Documents [C:\Users\Darla\Documents]
03/10/2010 10:59 PM <JUNCTION> NetHood [C:\Users\Darla\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/10/2010 10:59 PM <JUNCTION> PrintHood [C:\Users\Darla\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/10/2010 10:59 PM <JUNCTION> Recent [C:\Users\Darla\AppData\Roaming\Microsoft\Windows\Recent]
03/10/2010 10:59 PM <JUNCTION> SendTo [C:\Users\Darla\AppData\Roaming\Microsoft\Windows\SendTo]
03/10/2010 10:59 PM <JUNCTION> Start Menu [C:\Users\Darla\AppData\Roaming\Microsoft\Windows\Start Menu]
03/10/2010 10:59 PM <JUNCTION> Templates [C:\Users\Darla\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Darla\AppData\Local
03/10/2010 10:59 PM <JUNCTION> Application Data [C:\Users\Darla\AppData\Local]
03/10/2010 10:59 PM <JUNCTION> History [C:\Users\Darla\AppData\Local\Microsoft\Windows\History]
03/10/2010 10:59 PM <JUNCTION> Temporary Internet Files [C:\Users\Darla\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Darla\Documents
03/10/2010 10:59 PM <JUNCTION> My Music [C:\Users\Darla\Music]
03/10/2010 10:59 PM <JUNCTION> My Pictures [C:\Users\Darla\Pictures]
03/10/2010 10:59 PM <JUNCTION> My Videos [C:\Users\Darla\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Mcx2-DARLA-PC
06/10/2012 03:41 AM <JUNCTION> Application Data [C:\Users\Mcx2-DARLA-PC\AppData\Roaming]
06/10/2012 03:41 AM <JUNCTION> Cookies [C:\Users\Mcx2-DARLA-PC\AppData\Roaming\Microsoft\Windows\Cookies]
06/10/2012 03:41 AM <JUNCTION> Local Settings [C:\Users\Mcx2-DARLA-PC\AppData\Local]
06/10/2012 03:41 AM <JUNCTION> My Documents [C:\Users\Mcx2-DARLA-PC\Documents]
06/10/2012 03:41 AM <JUNCTION> NetHood [C:\Users\Mcx2-DARLA-PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/10/2012 03:41 AM <JUNCTION> PrintHood [C:\Users\Mcx2-DARLA-PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/10/2012 03:41 AM <JUNCTION> Recent [C:\Users\Mcx2-DARLA-PC\AppData\Roaming\Microsoft\Windows\Recent]
06/10/2012 03:41 AM <JUNCTION> SendTo [C:\Users\Mcx2-DARLA-PC\AppData\Roaming\Microsoft\Windows\SendTo]
06/10/2012 03:41 AM <JUNCTION> Start Menu [C:\Users\Mcx2-DARLA-PC\AppData\Roaming\Microsoft\Windows\Start Menu]
06/10/2012 03:41 AM <JUNCTION> Templates [C:\Users\Mcx2-DARLA-PC\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Mcx2-DARLA-PC\AppData\Local
06/10/2012 03:41 AM <JUNCTION> Application Data [C:\Users\Mcx2-DARLA-PC\AppData\Local]
06/10/2012 03:41 AM <JUNCTION> History [C:\Users\Mcx2-DARLA-PC\AppData\Local\Microsoft\Windows\History]
06/10/2012 03:41 AM <JUNCTION> Temporary Internet Files [C:\Users\Mcx2-DARLA-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mcx2-DARLA-PC\Documents
06/10/2012 03:41 AM <JUNCTION> My Music [C:\Users\Mcx2-DARLA-PC\Music]
06/10/2012 03:41 AM <JUNCTION> My Pictures [C:\Users\Mcx2-DARLA-PC\Pictures]
06/10/2012 03:41 AM <JUNCTION> My Videos [C:\Users\Mcx2-DARLA-PC\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows
12/14/2011 02:03 AM <JUNCTION> system64 [c:\users]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
70 Dir(s) 196,661,923,840 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/10/03 09:33:18 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/10/03 09:33:18 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/10/03 09:33:18 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2013/10/03 09:33:19 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/10/03 09:33:19 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/10/03 09:33:19 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/09/27 14:54:21 | 000,775,256 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/09/27 14:54:21 | 000,775,256 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013/10/03 09:33:18 | 000,871,608 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013/10/03 09:33:18 | 000,871,608 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013/10/03 09:33:18 | 000,871,608 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2013/10/03 09:33:19 | 000,274,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013/10/03 09:33:19 | 000,274,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013/10/03 09:33:19 | 000,274,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/09/27 14:54:21 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/09/27 14:54:21 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/09/27 14:54:21 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/09/27 14:54:21 | 000,775,256 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2013/09/27 14:54:21 | 000,775,256 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[2013/09/27 14:54:21 | 013,761,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/20 08:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2009/07/13 21:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
[2009/07/13 22:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/13 21:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 17:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 17:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 17:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 17:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 17:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 17:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 17:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/07/13 22:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:ED2D63E4
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:3A0561F3
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:A6F30843
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:C76CFF82
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:FEECF2C8
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:4DDE401B
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:24C072FF
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:E91ADC66
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:5F1019FF
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:831C6B2D
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:45C55624
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:E73B14E2
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:067BF339
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:CFF2876E
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:63596073
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:88A44CC1
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:394EB021
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3AD6342E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3ADE134E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:2652902F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:EF0C5444
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:472EB08A
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:834DD57E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:1C201DEB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D6DD5F62
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:15734396
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:1D6B18F1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:80A872BC
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:57B2B96C
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:5CF48ABF

< End of report >
  • 0

#6
DarlaLynn83

DarlaLynn83

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Sorry, here is the other log

OTL Extras logfile created on: 10/9/2013 10:49:46 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darla\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 39.31% Memory free
7.60 Gb Paging File | 4.93 Gb Available in Paging File | 64.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 183.24 Gb Free Space | 40.62% Space Free | Partition Type: NTFS

Computer Name: DARLA-PC | User Name: Darla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01883176-EA62-4AB7-B5E0-EE1FEB768392}" = rport=137 | protocol=17 | dir=out | app=system |
"{0F1E32DC-11C6-4367-BF9A-4D56CF45F564}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1174F72D-4403-4282-AF21-8BF585A8AB08}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1455490F-CA73-49D8-A493-B28ED021DD94}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1657E0BD-E40C-4EE0-BE51-0167016E7A96}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{19BA747B-E3B8-473B-866F-881AA2C47EA3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1FF162C3-2F01-47AE-8D90-B62D78E847EC}" = lport=3390 | protocol=6 | dir=in | app=system |
"{21C40035-68FB-4567-B413-7A59AE8869D1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{242833FC-C065-4222-AAAD-49D1A86523FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{265C064F-F0BE-412B-8A99-E7BC0C3098C5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{29F85DD5-F265-4567-9DEB-AC8DE27DBDC4}" = lport=3390 | protocol=6 | dir=in | app=system |
"{2DE775F0-189B-47BD-9F50-90E24FA296FD}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3224A51C-4F0C-4A86-9937-DF16F82FA367}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{35EFEE42-6917-48ED-91FF-8A107C061C3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37D97671-BBDC-4D65-A3D3-BD6C4BD04CCA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3BB46482-EE5E-4B72-B425-55A582FD281B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3D43B7DE-B233-4EF1-AB02-9671138588A6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{42B9EAB4-D452-4B80-B808-58938C33645D}" = rport=445 | protocol=6 | dir=out | app=system |
"{4C3AEB23-8809-404B-9DC6-5A82B400175E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FC16FDC-C8B9-4D5B-BD86-450752E4290A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5867F970-4F03-4422-9577-2C32FE640C6E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{58E6879C-AED4-439A-849B-41E78573DD3E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{652732AF-EF4F-43A4-9BDC-5CBCFFA0FD84}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6545B727-C870-422B-93A2-F136538D8C70}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73FEB3DD-9951-49BD-8C95-AD58063841AD}" = rport=138 | protocol=17 | dir=out | app=system |
"{79765D72-65B9-4C08-93F5-B44BC475DD4E}" = lport=139 | protocol=6 | dir=in | app=system |
"{802EFE51-9751-4D99-A1A3-EF3655FC12FF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8065D4BC-C0A1-4C52-B9F8-F9782ED71986}" = lport=2869 | protocol=6 | dir=in | app=system |
"{825975F0-D302-4348-913A-94080283D157}" = rport=139 | protocol=6 | dir=out | app=system |
"{88A4174C-F471-4382-96D3-2693976A000B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88EDDC78-B28D-4C71-8584-6A59B2A30633}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B1D251E-82B8-4886-914B-D6E106716AF3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90D8280D-D227-408F-A1E6-AD63EC715589}" = lport=137 | protocol=17 | dir=in | app=system |
"{918596E6-4254-4CAF-9E39-4A23F1E2E029}" = lport=2869 | protocol=6 | dir=in | app=system |
"{938CB361-4458-4692-90C3-DF4233CAB547}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9755FE18-8C74-42DF-BBC3-A0C77F619D80}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98024448-5A58-4BDA-BEBF-FAF5F5A0A411}" = lport=445 | protocol=6 | dir=in | app=system |
"{9EB9F2F4-864D-431E-9145-97F1C4CB5920}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EFA1358-A29F-427D-B3F6-0B2C5725B19A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A284FF1C-581D-4325-8920-29AABFF7D1DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A73D2D6A-7DE1-4E88-8340-2DDD8ECA04EE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AAE37C85-119C-4D6C-A3ED-ADF0D9A9D23E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ADCE1444-6624-4983-93E5-8269719E8CFD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C18B614E-7197-4DA2-8915-2C428B176BBF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CC66B416-5821-436B-926A-099341DD847B}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D2395C35-23E1-4224-A747-83272E4FAAF6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D62C1AFA-512A-41CE-A46A-1369B590B90A}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7C1B106-E9B2-44CB-9F9D-060E17A5929D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DECE38F4-89D0-4843-B1AD-E610C24FF94C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E21DD8B7-352F-4BC3-A636-98D14FD7FD40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E6F96168-5CEA-4A51-9A7C-C4855C2ED158}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{E7CDF97E-0460-4A07-80F6-820B04B9AB24}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB983350-4E6B-423B-BA6A-D9E7D8D05124}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2340BB4-9A9F-4214-A989-78F4DB39A25E}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F539794A-CE34-43D2-A1F9-0DC05AAF01BB}" = lport=138 | protocol=17 | dir=in | app=system |
"{FB9F8143-F1FB-400B-93B9-6612C97BB461}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FDB3C6B7-594B-4B29-B07C-BB10224FE284}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00735F88-20FD-44BE-A78D-8B51C6232B04}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{010BC9AA-C69B-41EB-A370-72637ACC46BF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{02F7265C-ADD7-422E-8E29-6FDB8B744FBF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{0665DE3C-9831-4A8C-AA72-9720F3707F8D}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{08C7BB62-1190-4CD3-8E2F-F94E62A38ED1}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{0B74250B-495C-4A9C-B5CD-5B2FE9754FD7}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{0CFE67CB-A5FE-40CA-BE6B-CC2354DACF94}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{0F7890C0-2EA0-4FCE-AE10-AD99345087E5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{10A57063-F531-4CBC-B317-E50163EE6A89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{171575A2-F100-4439-A9C6-DE0A331AFAEC}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{188FABFA-7C29-44AD-8274-CC5E7AEB694B}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxcycoms.exe |
"{18DD0F66-48DB-497F-9130-684252ECC536}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1E5E5E5D-7779-421B-9A63-F12C14846733}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{1EB76477-5AE6-4177-8103-77AFAB1D399A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{259E9E0A-13B1-4604-B5C8-7E1F06F6B1AA}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3400 series\lxcyaiox.exe |
"{25A28623-6832-44A3-8C03-31C5F83BE829}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{28C6984B-CCBA-42FB-BBE1-EE77E79E719D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{397FA56F-4DE8-4BDD-ADC7-9DF55E0DACA9}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{3F315208-DF78-4E38-8C80-14104ECAF6EC}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{41373714-B18D-43A7-A161-F306EF124248}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{43B2C26F-AB03-48B0-B3AB-CFE56FE8ED51}" = protocol=6 | dir=in | app=c:\users\darla\appdata\roaming\dropbox\bin\dropbox.exe |
"{46421927-62AE-4663-B256-10B6AC297D80}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46576ADB-DE31-412A-9234-B74582FCCC25}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{493F9CA4-8240-4588-AECD-7B0243E2D5EA}" = protocol=17 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{4E7C758C-AD96-4DDF-ADD1-829DB43C37EC}" = protocol=58 | dir=out | [email protected],-28546 |
"{511510D1-758A-4AA2-AB43-978A5B69166F}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{51414D9C-3E07-4FC8-964D-FF2D02D6D3C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52F53FB9-79F8-4342-A44B-F6657AC51DE8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{535CC51A-5B13-4C95-8BEA-8D5BDEEB63E9}" = protocol=1 | dir=out | [email protected],-28544 |
"{55BDBB3F-6766-4669-A217-7275FEA51E98}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{57733CF6-06A7-4783-B839-427627E1F18B}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{5978A435-3291-4C97-9865-C1A4486AFC2E}" = protocol=6 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{6336CF11-CCA2-4916-9294-C0688DBF79EE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{634619D5-70CD-4C00-89F8-BC5314C384D8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{65F58937-5333-422E-98C6-E86293DF0E22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6929BB17-25F0-42BD-BABE-77556B1BD33F}" = protocol=17 | dir=in | app=c:\users\darla\downloads\sweetimsetup.exe |
"{69E66142-86CF-4B14-8263-C615EF115E4F}" = protocol=1 | dir=in | [email protected],-28543 |
"{6B5D64F6-0DD9-41BF-B657-A8B644FD18BC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{7B15860F-1EFF-4514-B999-904B737B470C}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7EC3670D-8B29-4504-9857-C4F0BA651348}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{80E988E9-0EAA-4636-A81A-AACDB0AA9DA4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8320ACA4-EFEB-47BC-A449-E66B9DF0CF7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{83EA4DF7-4C8D-4D1F-B4C5-3BE635DBEB24}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{8A05D375-9A70-4D04-97DC-7A0923D7BEBE}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxcycoms.exe |
"{8E454A7B-777E-4C53-8FBB-EEF15ED13709}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9095FB2E-EBDD-4485-AAC1-72AB6E41284F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{99A38475-D256-4C13-A9B5-F1AF194F834E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9A9E1805-2762-40F4-9108-226E3AF0812F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{9DD3B7AC-235D-4616-92CB-B7EEBBB9B100}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{A19D046C-AC00-4CB0-BC1A-F88A6E7AAC50}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A8044685-EB81-4D63-9B08-B53AA62A1F7F}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{A9DC10B8-4E29-445E-BD04-AB1F16345D73}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{AB1C92C5-3AD8-4CCA-9987-A8AA3D842021}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ABCA1130-4C9A-468D-AA65-82874B572CBD}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{AEE124A3-D503-45D8-8BD4-D9D81B6B4E8C}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3400 series\lxcymon.exe |
"{B71BA4BC-6530-4567-870C-0B61D375925C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B74D4015-C065-4C24-BBF5-AC5D37D0AAE9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{BB9E0B53-E0ED-49CD-B3FB-09DF086F4F0B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{BC807E28-C8D7-4949-BFCC-D1A9C53553E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD99D07E-07EA-4FD8-AD4B-056EDD7B4BF6}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3400 series\lxcyaiox.exe |
"{BF6B4955-BA54-4731-840F-A5B80CA4D67D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C48B3BBF-7578-42DC-8D9A-B1549B88E70B}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D582C382-0DF2-442B-86AA-C539371264FA}" = protocol=58 | dir=in | [email protected],-28545 |
"{D5F3DB2F-4349-4DB7-9E71-7EFE6178547E}" = protocol=6 | dir=in | app=c:\users\darla\downloads\sweetimsetup.exe |
"{D845F36C-A635-408F-ACC2-E4EA2EC6BCB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E16FEDA9-D44A-4B87-AB9B-28C87ED9E78C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E1E21DBA-B05A-4421-9858-F32881271F97}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{E2A9287D-4D10-44C9-B27E-DF9A8A37E170}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3400 series\lxcymon.exe |
"{E53C2FFB-F3C7-425A-8665-0C61FB773E76}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{E630D842-A728-4456-98DC-71D58B7C8A47}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E92923F2-575D-44D4-BB8B-9CD6F93A92BD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{EE434500-498D-41B1-ACBA-D1871BF3BB48}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{EF5E9461-A89C-4B41-A993-2369B95AB33E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{F61FF319-7AEB-444D-90B6-BC0AC1E77E71}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{F7887C3B-F329-4E60-8566-CFDC1D76ED48}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F891F7A0-7D7D-4919-B1E4-C4E18E652BD0}" = protocol=17 | dir=in | app=c:\users\darla\appdata\roaming\dropbox\bin\dropbox.exe |
"{F9CB1184-3C7B-488A-B1AD-780FFA4B12FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE3CA301-F8A4-452B-B8E5-5EE9C72223D9}" = protocol=6 | dir=out | app=system |
"TCP Query User{1C0FEF07-5D90-499B-8743-8B6A7D40F1AE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{24CC0A01-C49D-4385-A084-B1DB0B343AA4}C:\program files (x86)\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"TCP Query User{97A6E20E-DC25-435D-BBA8-630630F73195}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{AB6BB06E-41C1-4C41-9172-E78C24AC2083}C:\users\darla\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\darla\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{AC55ECAE-00D7-4EEC-9D63-633E7592F02A}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{CF19BE09-06E6-454E-8B86-BB6B9E6AAB28}C:\program files (x86)\motorola\software update\msu.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola\software update\msu.exe |
"TCP Query User{E47FC660-0BD2-478B-B9FA-5086E0C6193C}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{0E2DBA29-55A7-4B45-8256-631638289B28}C:\program files (x86)\motorola\software update\msu.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola\software update\msu.exe |
"UDP Query User{1830628C-1EA2-487C-B94C-AEE897FD4811}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{572B68DB-CA92-4279-9C9E-B5458B35FCA1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{6D0B5EA0-EB5D-45D0-AA89-91B8AC83FA7B}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{A3B1CF79-8F0B-4A85-8836-4EAEB68F6CAC}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{C86D3B70-62A4-47F6-952A-DB603EFE015C}C:\program files (x86)\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"UDP Query User{EAA11865-C3ED-4CA0-9813-050D5DE29F8D}C:\users\darla\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\darla\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java™ 7 Update 2 (64-bit)
"{2EA43D50-131A-44DE-A678-47F6D572AB30}" = AVG 2014
"{4EC90F78-14A6-460E-A6F7-53C85A431FBD}" = AVG 2014
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61C3230C-D69D-44E7-B974-F8BBADB49EE6}" = Motorola Mobile Drivers Installation 5.5.0
"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java™ SE Development Kit 7 Update 2 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BA4DF4C3-196E-4128-969A-00996B5A46F8}" = Canon MP500
"{C108C88F-DD17-408C-910C-686D1A4C82F5}" = Motorola MMCP Drivers Installation 1.0.2
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF5948BA-589D-4BE7-B993-C45DC1A77E24}" = MobileMe Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"AVG" = AVG 2014
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E7941DC-32F1-467D-8351-8955A038A76E}" = RSA SecurID Software Token
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25A3CCFF-4811-47A7-B82E-2CE24A06156F}" = LeapFrog Tag Plugin
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{2DAFF979-5A46-44FA-B431-DAB8F0580683}" = RSDLite
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{403CB875-F674-46D4-B03A-DC14EE976B54}" = LeapFrog Tag Junior Plugin
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45F736A7-9CEE-4ED0-9628-40EAB45E9028}" = Motorola Software Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CC7480A9-953E-4433-8F29-1B706E33EC74}" = LeapFrog Leapster2 Plugin
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DCF0D853-BC4E-4EE6-A011-6B9BC84CF8F9}" = LeapFrog Connect
"{E0ED5BFA-F614-40D6-901A-DC7E1432B7F0}" = LeapFrog Leapster Explorer Plugin
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Complete Care Consumer Service Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Android SDK Tools" = Android SDK Tools
"AnyDVD" = AnyDVD
"AudibleManager" = AudibleManager
"BFGC" = Big Fish Games: Game Manager
"BFG-Fairy Godmother Tycoon" = Fairy Godmother Tycoon
"BFG-Family Feud - Battle of the Sexes" = Family Feud: Battle of the Sexes
"BFG-Gold Miner Vegas" = Gold Miner Vegas
"BFG-Hells Kitchen" = [bleep]'s Kitchen
"BFG-Midnight Mysteries - Devil on the Mississippi Collector's Edition" = Midnight Mysteries: Devil on the Mississippi Collector's Edition
"BFG-Wheel of Fortune 2" = Wheel of Fortune 2
"CloneDVD2" = CloneDVD2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"Diego's Dinosaur Rescue" = Diego's Dinosaur Rescue
"DivX Setup" = DivX Setup
"Freemake Video Downloader_is1" = Freemake Video Downloader
"FrostWire 5" = FrostWire 5.6.5
"GalaxyNexusToolKit11" = Package: Galaxy Nexus ToolKit [JellyBean Edition]
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"HaaliMkx" = Haali Media Splitter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HTC_WModemDriver" = WModem Driver Installer
"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
"LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
"Lexmark 3400 Series" = Lexmark 3400 Series
"MotoHelper" = MotoHelper 2.1.40 Driver 5.5.0
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.0" = Canon MP Navigator 2.0
"Picasa 3" = Picasa 3
"PROR" = Microsoft Office Professional 2007 Trial
"Shoot! Ballistics Software v4.0" = Shoot! Ballistics Software v4.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SysInfo" = Creative System Information
"TagJuniorPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"Trusted Software Assistant_is1" = File Type Assistant
"UPCShell" = LeapFrog Connect
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect 9 Add-in" = Adobe Connect 9 Add-in
"Apk Installing Aroma Creator" = Apk Installing Aroma Creator
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Hoolapp for Android" = Hoolapp for Android
"Move Media Player" = Move Media Player
"MusicManager" = Music Manager
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/7/2013 10:37:28 PM | Computer Name = Darla-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/7/2013 10:37:28 PM | Computer Name = Darla-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/7/2013 10:37:39 PM | Computer Name = Darla-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/7/2013 10:37:39 PM | Computer Name = Darla-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/7/2013 10:41:18 PM | Computer Name = Darla-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/7/2013 10:41:18 PM | Computer Name = Darla-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/8/2013 11:55:55 AM | Computer Name = Darla-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/8/2013 11:58:23 AM | Computer Name = Darla-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 10/9/2013 12:58:26 AM | Computer Name = Darla-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/9/2013 1:00:32 AM | Computer Name = Darla-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 4/10/2012 9:14:52 PM | Computer Name = Darla-PC | Source = MCUpdate | ID = 0
Description = 9:14:46 PM - Error connecting to the internet. 9:14:46 PM - Unable
to contact server..

Error - 5/19/2012 3:32:28 AM | Computer Name = Darla-PC | Source = MCUpdate | ID = 0
Description = 3:32:27 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/19/2012 4:33:26 AM | Computer Name = Darla-PC | Source = MCUpdate | ID = 0
Description = 4:33:25 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/19/2012 5:34:05 AM | Computer Name = Darla-PC | Source = MCUpdate | ID = 0
Description = 5:33:55 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/19/2012 6:34:12 AM | Computer Name = Darla-PC | Source = MCUpdate | ID = 0
Description = 6:34:11 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/19/2012 4:47:32 PM | Computer Name = Darla-PC | Source = MCUpdate | ID = 0
Description = 4:47:30 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/21/2012 4:43:04 AM | Computer Name = Darla-PC | Source = MCUpdate | ID = 0
Description = 4:43:03 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/21/2012 4:08:49 PM | Computer Name = Darla-PC | Source = MCUpdate | ID = 0
Description = 4:08:44 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 9:45:18 AM | Computer Name = Darla-PC | Source = MCUpdate | ID = 0
Description = 9:45:18 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 4:18:33 PM | Computer Name = Darla-PC | Source = MCUpdate | ID = 0
Description = 4:18:27 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

[ OSession Events ]
Error - 4/15/2013 9:41:01 PM | Computer Name = Darla-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 95
seconds with 60 seconds of active time. This session ended with a crash.

Error - 4/15/2013 9:41:55 PM | Computer Name = Darla-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 35
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/15/2013 9:42:28 PM | Computer Name = Darla-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/3/2013 9:30:03 AM | Computer Name = Darla-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 10/3/2013 4:04:11 PM | Computer Name = Darla-PC | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/3/2013 4:04:41 PM | Computer Name = Darla-PC | Source = DCOM | ID = 10010
Description =

Error - 10/3/2013 9:40:38 PM | Computer Name = Darla-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:34:34 PM on ?10/?3/?2013 was unexpected.

Error - 10/3/2013 9:41:12 PM | Computer Name = Darla-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 10/7/2013 11:54:49 AM | Computer Name = Darla-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 10/7/2013 11:55:04 AM | Computer Name = Darla-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 10/7/2013 11:57:57 AM | Computer Name = Darla-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 10/7/2013 3:24:20 PM | Computer Name = Darla-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 10/8/2013 2:58:26 PM | Computer Name = Darla-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom


< End of report >
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You have the latest Java, Java 7 Update 40.
But you also have a lot of older versions which must be removed: go into Control Panel, Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
JavaFX 2.0.2 (64-bit)
JavaFX 2.0.2 SDK (64-bit)
Java™ 6 Update 17 (64-bit)
Java™ 7 Update 2 (64-bit)
Java™ SE Development Kit 7 Update 2 (64-bit)

Java has been very vulnerable to infection so unless you absolutely need it you should uninstall it.



If you feel you must have Java and also want the latest 64 bit version too then
use the 64 bit version of IE to get it
Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.


Go into Control Panel, Java, Security and set the slider)

Also uninstall:
Freemake Video Downloader (WebVideoCap from NirSoft is a safer alternative:
http://www.nirsoft.n...eo_capture.html)

FrostWire 5.6.5 (A P2P virus delivery system. Source of some really masty malware.)
Microsoft Choice Guard (if you can find it)
File Type Assistant (This is what is causing your TSASSIST.exe error)

If you still have problems with the error after uninstalling then download and save the attached openas.reg file

[attachment=66907:openas.reg]

then right click on it and Merge. Allow it to Merge. Reboot.

You have some adware so let's get rid of that and check for the latest version of Zero Access:


Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Download aswMBR.exe to your desktop.
Run aswMBR.exe (Vista or Win 7 => right click and Run As Administrator)

uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

(If you do not already have OTL then: Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.)

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP