Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop-ups everywhere, slow programs, task manager has many applications


  • This topic is locked This topic is locked

#1
betherin214

betherin214

    Member

  • Member
  • PipPip
  • 42 posts

I ran malware-bytes and it removed some stuff prior to seeking help. I also ran Kaspersky and while it didn't find any "bugs" this time around(assuming malware removed them)it found "other issues". I will include the OTL log and the results of my Kaspersky scan below.

KASPERSKY


"Microsoft Internet Explorer: ActiveX elements that are not marked as safe are allowed"
"Microsoft Internet Explorer: signed ActiveX elements download is allowed without prompting user"
"Microsoft Internet Explorer: unsigned ActiveX elements downloading is allowed"
"Microsoft Internet Explorer: automatic queries of ActiveX elements are allowed"
"Microsoft Internet Explorer: running programs and files in IFRAME windows is allowed"
"Autorun from hard drives is allowed"
"Autorun from network drives is enabled"
"CD/DVD autorun is enabled"
"Removable media autorun is enabled"
"Windows Explorer - show extensions of known file types"
"Microsoft Internet Explorer: clear history of typed URLs"
"Microsoft Internet Explorer - disable caching data received via protected channel"
"Microsoft Internet Explorer: disable sending error reports"
"Microsoft Internet Explorer: enable cache autocleanup on browser closing"
"Windows Explorer: display of known file types extensions is disabled"
"Microsoft Internet Explorer: start page reset"


OTL LOG It gave me two logs. One ESTRAS log and one OTL log, I posted both

OTL Extras logfile created on: 10/24/2013 9:36:55 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Team One Productions\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.98 Gb Total Physical Memory | 4.13 Gb Available Physical Memory | 59.13% Memory free
13.97 Gb Paging File | 11.04 Gb Available in Paging File | 79.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.89 Gb Total Space | 695.05 Gb Free Space | 75.97% Space Free | Partition Type: NTFS
Drive D: | 16.52 Gb Total Space | 2.06 Gb Free Space | 12.48% Space Free | Partition Type: NTFS
Drive E: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 3.74 Gb Total Space | 1.06 Gb Free Space | 28.24% Space Free | Partition Type: FAT32
Drive H: | 930.86 Gb Total Space | 399.25 Gb Free Space | 42.89% Space Free | Partition Type: NTFS

Computer Name: TEAMONE | User Name: Team One Productions | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [Bridge] -- H:\CS5.5 Master Collection\Adobe Bridge CS5.1\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [Bridge] -- H:\CS5.5 Master Collection\Adobe Bridge CS5.1\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{41F3C979-9C56-4F4C-9B4E-B9CCA6A464FD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C768371E-33D3-4798-A7E3-15842B592162}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11BDF845-7AEE-461B-A223-A3081C81C7E9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{247CD5B6-E66C-40E0-85C9-EBBB6F349545}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe |
"{2F021868-3C0D-40B6-9A06-9BD228321FF2}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe |
"{4ABE08BB-187F-4754-84DB-A4CD336AAD17}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{574E5549-3DB2-4E11-845F-CE31AEDF92F6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{6D4331F7-438E-4A8A-9EF3-EA97F4D5DF2C}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{8B9B4F55-7755-49C8-BC3B-1E71AB137B22}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9F1474D0-CC99-47E4-88A6-CA379C7E3A1C}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\indivdrm.exe |
"{C963A582-45D1-4E84-B92D-0F01765D03B3}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{DC1702AD-8665-4881-AE95-01740D9E0983}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F009CDED-8C9F-49AF-B8E4-2BCED2A7CFFD}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\indivdrm.exe |
"{F5CAA761-DDA4-4A55-9F83-A65E9D417685}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05443FF3-D54B-2240-7546-73D96B7A63AE}" = ccc-utility64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{267B3E82-C941-47D8-BCD3-1BBBB56FCBC6}" = Native Instruments Maschine Controller
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}" = AMD Catalyst Install Manager
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{669A82E0-43E2-4645-8A2E-1A3DE78F8312}" = Adobe Photoshop Lightroom 4 64-bit
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6ECDAC2F-12C1-E49B-448E-6002368967E0}" = AMD Steady Video Plug-In
"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{828A50F6-040E-46C2-8BB2-C088F1A79173}_is1" = T-RackS 3 Deluxe version 3.5.1
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1" = IK Multimedia Authorization Manager version 1.0.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{93488C33-D8D6-472A-83BB-F71603355CF0}" = Magic Bullet Suite 64-bit
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3728759-51D3-E983-D9B1-15629FBCB134}" = AMD Media Foundation Decoders
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A94AABAE-52F0-48C4-9F94-A4CA4B423576}" = Adobe Photoshop Lightroom 3.2 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B34A07DD-C6F7-414A-AE63-01019482EAF0}" = HP Application Assistant
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF411A4F-5ED9-11E1-B971-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{D4761C4F-5ED9-11E1-9202-F04DA23A5C58}" = MSVCRT Redists
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1" = AmpliTube 3 version 3.7.1
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DB977962-2C98-431B-9C0A-7BE42A89B62E}" = Magic Bullet Suite 64-bit
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC6AFD44-EDF9-4A03-AB9E-16A5391FE24F}" = Native Instruments Maschine
"4214A1CFC1A368A5078729BFD4B211F0CDB5CEC5" = Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0)
"Focusrite USB 2.0 Audio Driver_is1" = Focusrite USB 2.0 Audio Driver 2.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Neat Video for Sony Vegas_is1" = Neat Video v2.6 Pro plug-in for Sony Vegas (64-bit)
"PreSonus Studio One 2" = PreSonus Studio One 2 x64
"Saffire USB 26_is1" = Scarlett Resources 1.0
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09E09088-C027-8C6D-24D6-E864B7EFD0C7}" = CCC Help Finnish
"{0A8DB8CA-F3B3-E5D1-F3FD-2FF28C7853F7}" = CCC Help Chinese Traditional
"{0AA432F3-7761-8DEA-CCE4-0BA1D1D89910}" = CCC Help Turkish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}" = HP Clock
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FB54E7B-E864-F741-A13A-7E682891B31C}" = CCC Help Thai
"{10275199-ED06-3ACA-2500-800238E02713}" = CCC Help English
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{132C4D55-82C9-AC7E-6A11-42E6C54DC882}" = CCC Help Polish
"{135F7D3A-C932-7BC2-F658-E5988517257B}" = CCC Help Russian
"{13BBAD29-D5CC-3FB1-4D32-42CD55835BA8}" = CCC Help Norwegian
"{1502F427-F988-C5A0-DC84-BB03C560F72A}" = Catalyst Control Center Graphics Previews Common
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B10CC52-40C5-3B2F-FB65-7AF2437695EF}" = Catalyst Control Center Localization All
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20714B53-FC73-4F9C-9687-49EB237D6FD7}" = HP TouchSmart RecipeBox
"{23A6EFAC-F45F-76B3-0A7E-A2725502EF5C}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}" = HP Calendar
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{31268F66-FCBD-D7DE-C4E1-9212DAAB0902}" = CCC Help Danish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
"{3764AF45-E5FB-B042-BDF6-69899A0FBE98}" = Catalyst Control Center InstallProxy
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BB2CF34-1FC8-46E2-9D64-4A8D1D577549}" = Digidesign Pro Tools Creative Collection 8.0
"{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1" = Spot
"{409A13BD-5F3E-442B-BA7B-A1E32B2D8927}" = Digidesign Pro Tools LE 8.0
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{416A3AFC-4DAC-4DA0-9829-F371CE84DB7C}" = Magic Bullet Suite 32-bit
"{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{490F177A-CBFB-CDD8-6999-B2FBB43DB65F}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{50D91C29-5AB6-3DCD-8338-C9A7ABF44B33}" = CCC Help Swedish
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5A71D24C-F270-DBD7-8A16-3724A0D6C578}" = CCC Help Czech
"{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1" = Bubble Wrap
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61994F21-7B1A-C59D-AE19-C65B3B28372F}" = CCC Help Dutch
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64F49FEA-46A4-E0EA-36E0-E7792DB29302}" = CCC Help Korean
"{6559654F-2F38-491F-8411-211517C3E635}" = SampleTank FREE
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A6F8D36-04BA-41E9-9004-1789BD545874}" = HP TouchSmart Background - Beats
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{7004684C-7DB9-4D49-8CFE-B78B006C53FC}" = Catalyst Control Center - Branding
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
"{7824A7EF-4EE7-43CC-B98D-BD4CDB08E042}" = KORG KONTROL Editor
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E750542-55BC-4300-8B7B-AC2A762FB435}" = HP LinkUp
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8364E531-493B-4B05-8041-09D5CE38B975}" = HP Weather
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP Magic Canvas Tutorials
"{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}" = HP Notes
"{8AE50893-3A87-4439-9A57-942ED43F7189}" = Facebook
"{8B6AFB6D-0D8D-C49F-F103-60AB9DB81447}" = CCC Help Portuguese
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A296A4E-7899-5943-DFE6-7BD10DBEFC6F}" = CCC Help Chinese Standard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1D8E17-2AE6-4608-901D-42146D7D9C68}" = Digidesign Audio Drivers 8.0
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BEDE0F-F0BC-D1AB-FDEF-534C3C330484}" = AMD VISION Engine Control Center
"{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}" = Free DigiRack Plug-Ins 8.0
"{A35E58D6-2A0F-4051-983B-79342081338E}" = HP RSS
"{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1" = Tap Tap Bear
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1" = Bass Station 1.6
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AD3106C0-2A5D-347F-8BD5-B8A0F8AF3D9F}" = CCC Help German
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCAC7B28-CA5C-4520-ABBB-184524C01A51}" = Sony CD Architect 5.2
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1" = Metric Converter
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1" = Focusrite Scarlett Plug-in Suite 1.1
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBA2460A-94C2-A5BF-335E-F10597F316E9}" = CCC Help Japanese
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}" = HP Magic Canvas
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E66FD60C-5873-1904-4A00-726D8EAA0A19}" = CCC Help Spanish
"{E7190BDA-4614-0373-C5EF-CDF08705A48C}" = CCC Help Hungarian
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F89BADB0-D319-470E-8024-443EE3A3402B}" = TSHostedAppLauncher
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC49484F-0FCB-F096-28B6-E2EDDB05582C}" = CCC Help Greek
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"ASIO4ALL" = ASIO4ALL
"AudioEase Speakersphone VST RTAS_is1" = AudioEase Speakersphone VST RTAS v1.03
"BabylonToolbar" = Babylon toolbar on IE
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Focusrite Scarlett Driver v1.19.0" = Focusrite Scarlett Driver v1.19.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{416A3AFC-4DAC-4DA0-9829-F371CE84DB7C}" = Magic Bullet Suite 32-bit
"InstallShield_{93488C33-D8D6-472A-83BB-F71603355CF0}" = Magic Bullet Suite 64-bit
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{DB977962-2C98-431B-9C0A-7BE42A89B62E}" = Magic Bullet Suite 64-bit
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"IrfanView" = IrfanView (remove only)
"iZotope Ozone 4_is1" = iZotope Ozone 4
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MeldaProduction MAutoEqualizer64 7" = MeldaProduction MAutoEqualizer64 7
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Maschine" = Native Instruments Maschine
"Native Instruments Maschine Controller" = Native Instruments Maschine Controller
"Native Instruments Maschine Controller Driver" = Native Instruments Maschine Controller Driver
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Service Center" = Native Instruments Service Center
"NewBlue Free Effects for Windows" = NewBlue Free Effects for Windows
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PDF Complete" = PDF Complete Special Edition
"PrintProjects" = PrintProjects
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"Slate Digital FG-X Mastering Processor_is1" = Slate Digital FG-X Mastering Processor VST RTAS v1.1.2
"SmartDraw 2014" = SmartDraw 2014
"SP_19703871" = Ss.Helper 1.74
"Waves Diamond Bundle v5.2" = Waves Diamond Bundle v5.2
"Waves Vocal Bundle v1.1" = Waves Vocal Bundle v1.1
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-043248af-5165-4a58-a408-dc74c3fb9a9f" = Cradle of Rome 2
"WTA-0dbfe09c-e1e3-49c6-9e98-bc96c1118a05" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-1d1cdd12-88ca-468b-a0b6-6d4fd755c4c8" = Virtual Villagers 4 - The Tree of Life
"WTA-1eeb046f-f3e0-4697-90ca-05743816739e" = Zuma's Revenge
"WTA-238efd01-9e98-4438-ba0f-752db73072c7" = Luxor HD
"WTA-3b057703-152b-4431-bfd2-1508e4a9df51" = FATE
"WTA-3c077663-c8de-469c-bafe-8e06f78609a7" = The Treasures of Mystery Island: The Ghost Ship
"WTA-526f2864-448e-4e5d-a18e-4c7209db5ffe" = Farm Frenzy
"WTA-5346a539-5338-4a95-829d-65f617c27222" = Letters from Nowhere 2
"WTA-6251874c-6e6f-438e-b5dd-4b517485257c" = Polar Golfer
"WTA-73e48a97-5854-4fb6-8b5f-c12e487b11d1" = Dora's World Adventure
"WTA-7d83a9d5-73d8-4502-b727-8e106068b7ca" = Plants vs. Zombies - Game of the Year
"WTA-7e1cf800-b109-4120-86cc-48621f97434e" = Final Drive Fury
"WTA-898aa1b7-e2dc-4f48-a0c7-1f2ff234aa2e" = Hoyle Card Games
"WTA-917da0ba-5bb5-4a56-9bd1-13b2874b95f5" = Jewel Match 3
"WTA-9766771e-4164-4082-96c7-f8d0578ce96b" = Mah Jong Medley
"WTA-ab937198-f2c1-4e8c-a28c-0613c759c8af" = Torchlight
"WTA-b06ae75b-9565-4d70-a9ec-4ae45751423a" = Penguins!
"WTA-c26cc9c6-d242-4ce7-b254-16419db2ef34" = Chuzzle Deluxe
"WTA-c585f425-bdc2-4e83-ba3a-e8503364cdcd" = Polar Bowler
"WTA-cb001688-f6df-4aef-a51b-ff02058e85a3" = Poker Superstars III
"WTA-cfdaa791-cdcc-4830-8115-8c00e62c7df9" = Farmscapes
"WTA-dbf108c0-5fbb-40a5-8f04-b74a107e65db" = RollerCoaster Tycoon 3: Platinum
"WTA-decb304d-6558-46d9-b0c2-81044a39d4fa" = Blackhawk Striker 2
"WTA-f28602eb-296f-4734-b4b4-75b8442a999c" = John Deere Drive Green
"WTA-fca3d4e8-501f-4f53-973d-c125d8c11ffb" = Bejeweled 3
"ZinioReader4" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"ExpressFiles" = ExpressFiles
"GoforFiles" = GoforFiles
"MediaGet" = MediaGet

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2013 3:54:42 PM | Computer Name = TeamOne | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 22.0.0.4917,
time stamp: 0x51c06ab5 Faulting module name: mozalloc.dll, version: 22.0.0.4917,
time stamp: 0x51c05025 Exception code: 0x80000003 Fault offset: 0x00001988 Faulting
process id: 0x78 Faulting application start time: 0x01ce8afff5fd7875 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll Report Id: 608e8223-f6f6-11e2-8e45-e0cb4efc076d

Error - 7/27/2013 9:14:42 PM | Computer Name = TeamOne | Source = Application Hang | ID = 1002
Description = The program FL.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 16a4 Start Time:
01ce8b2fb513b57b Termination Time: 0 Application Path: C:\Program Files (x86)\Image-Line\FL
Studio 9\FL.exe Report Id: f9e0e90c-f722-11e2-8e45-e0cb4efc076d

Error - 7/30/2013 7:20:11 PM | Computer Name = TeamOne | Source = Application Hang | ID = 1002
Description = The program FL.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1b78 Start Time:
01ce8d7b435eacb6 Termination Time: 0 Application Path: C:\Program Files (x86)\Image-Line\FL
Studio 9\FL.exe Report Id: 8d498527-f96e-11e2-8e45-e0cb4efc076d

Error - 8/2/2013 3:34:59 PM | Computer Name = TeamOne | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 12.0.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d0c Start
Time: 01ce8fb74d51ffc5 Termination Time: 10 Application Path: C:\Program Files (x86)\Windows
Media Player\wmplayer.exe Report Id:

Error - 8/2/2013 7:33:25 PM | Computer Name = TeamOne | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.2:5353 17 2.0.168.192.in-addr.arpa.
PTR TeamOne-2.local.

Error - 8/2/2013 7:33:25 PM | Computer Name = TeamOne | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 15 2.0.168.192.in-addr.arpa.
PTR TeamOne.local.

Error - 8/2/2013 7:38:08 PM | Computer Name = TeamOne | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.2:5353 17 2.0.168.192.in-addr.arpa.
PTR TeamOne-2.local.

Error - 8/2/2013 7:38:08 PM | Computer Name = TeamOne | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 15 2.0.168.192.in-addr.arpa.
PTR TeamOne.local.

Error - 8/2/2013 7:41:32 PM | Computer Name = TeamOne | Source = Application Hang | ID = 1002
Description = The program RGSC.exe version 1.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 9f8 Start Time:
01ce8fd9b3231d1c Termination Time: 16 Application Path: C:\Program Files (x86)\Rockstar
Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe Report Id: 09884bc2-fbcd-11e2-b820-e0cb4efc076d


Error - 8/7/2013 10:29:40 AM | Computer Name = TeamOne | Source = Application Hang | ID = 1002
Description = The program FL.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 126c Start Time:
01ce937a7a1614b1 Termination Time: 5 Application Path: C:\Program Files (x86)\Image-Line\FL
Studio 9\FL.exe Report Id: bcfd1c05-ff6d-11e2-b820-e0cb4efc076d

Error - 8/14/2013 3:23:03 AM | Computer Name = TeamOne | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.2:5353 17 2.0.168.192.in-addr.arpa.
PTR TeamOne-2.local.

Error - 8/14/2013 3:23:03 AM | Computer Name = TeamOne | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 15 2.0.168.192.in-addr.arpa.
PTR TeamOne.local.

[ Hewlett-Packard Events ]
Error - 3/8/2012 6:33:43 PM | Computer Name = TeamOne | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 7664 Ram
Utilization: 10 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 3/8/2012 6:33:43 PM | Computer Name = TeamOne | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 7664 Ram
Utilization: 10 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 3/16/2012 10:24:47 AM | Computer Name = TeamOne | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 7664 Ram Utilization: 10 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/11/2012 2:31:32 PM | Computer Name = TeamOne | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 7664 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/11/2012 2:31:34 PM | Computer Name = TeamOne | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 7664 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/19/2012 10:21:12 AM | Computer Name = TeamOne | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 7664 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/19/2012 10:21:13 AM | Computer Name = TeamOne | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 7664 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/25/2012 10:23:20 AM | Computer Name = TeamOne | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 7664 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

[ System Events ]
Error - 10/24/2013 5:42:24 AM | Computer Name = TeamOne | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 10/24/2013 5:49:40 AM | Computer Name = TeamOne | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\DR2, has a bad block.

Error - 10/24/2013 5:53:06 AM | Computer Name = TeamOne | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/24/2013 6:21:39 AM | Computer Name = TeamOne | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/24/2013 6:54:12 AM | Computer Name = TeamOne | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/24/2013 7:16:56 AM | Computer Name = TeamOne | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/24/2013 7:48:59 AM | Computer Name = TeamOne | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/24/2013 8:19:32 AM | Computer Name = TeamOne | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/24/2013 8:50:05 AM | Computer Name = TeamOne | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/24/2013 9:16:36 AM | Computer Name = TeamOne | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >



OTL logfile created on: 10/24/2013 9:36:55 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Team One Productions\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.98 Gb Total Physical Memory | 4.13 Gb Available Physical Memory | 59.13% Memory free
13.97 Gb Paging File | 11.04 Gb Available in Paging File | 79.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.89 Gb Total Space | 695.05 Gb Free Space | 75.97% Space Free | Partition Type: NTFS
Drive D: | 16.52 Gb Total Space | 2.06 Gb Free Space | 12.48% Space Free | Partition Type: NTFS
Drive E: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 3.74 Gb Total Space | 1.06 Gb Free Space | 28.24% Space Free | Partition Type: FAT32
Drive H: | 930.86 Gb Total Space | 399.25 Gb Free Space | 42.89% Space Free | Partition Type: NTFS

Computer Name: TEAMONE | User Name: Team One Productions | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/24 15:36:09 | 180,026,056 | ---- | M] () -- C:\Users\Team One Productions\AppData\Local\Temp\RarSFX0\2165968rar.exe
PRC - [2013/10/24 15:30:51 | 000,717,080 | ---- | M] () -- C:\Users\Team One Productions\AppData\Local\Temp\RarSFX0\2165968.exe
PRC - [2013/10/24 09:36:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Team One Productions\Downloads\OTL.exe
PRC - [2013/10/24 09:21:32 | 181,615,512 | ---- | M] () -- C:\Users\Team One Productions\Downloads\setup_11.0.1.1245.x01_2013_10_24_15_30.exe
PRC - [2013/10/09 03:47:20 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/10/02 08:22:33 | 002,404,376 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/10/02 08:22:33 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
PRC - [2013/10/02 08:22:32 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
PRC - [2013/10/01 15:39:38 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/06/13 15:30:12 | 000,249,440 | ---- | M] () -- C:\Program Files (x86)\ExpressFiles\EFupdater.exe
PRC - [2013/06/01 22:26:07 | 000,364,112 | ---- | M] (http://www.goforfiles.com/) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
PRC - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 13:07:42 | 002,750,840 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/12/07 15:16:00 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2012/08/13 11:18:52 | 000,462,848 | ---- | M] () -- C:\Program Files (x86)\SmartDraw 2014\Messages\SDNotify.exe
PRC - [2011/08/16 18:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 18:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/12 13:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\Team One Productions\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2008/11/20 14:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/24 15:36:09 | 180,026,056 | ---- | M] () -- C:\Users\Team One Productions\AppData\Local\Temp\RarSFX0\2165968rar.exe
MOD - [2013/10/24 15:30:51 | 000,717,080 | ---- | M] () -- C:\Users\Team One Productions\AppData\Local\Temp\RarSFX0\2165968.exe
MOD - [2013/10/24 09:21:32 | 181,615,512 | ---- | M] () -- C:\Users\Team One Productions\Downloads\setup_11.0.1.1245.x01_2013_10_24_15_30.exe
MOD - [2013/10/10 03:21:40 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\51ffeacb880d9c15fecc1c74f83e8973\System.IdentityModel.ni.dll
MOD - [2013/10/10 03:21:39 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dll
MOD - [2013/10/10 03:19:41 | 002,906,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\7a2dfdf44f0610b43e65f28a1448f110\ReachFramework.ni.dll
MOD - [2013/10/10 03:19:32 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/10 03:19:31 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll
MOD - [2013/10/10 03:07:48 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll
MOD - [2013/10/10 03:07:43 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/10/10 03:07:42 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/10/10 03:07:37 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll
MOD - [2013/10/10 03:07:36 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/09 03:47:18 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/10/02 08:22:34 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
MOD - [2013/10/02 08:22:34 | 000,142,360 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
MOD - [2013/10/02 08:22:33 | 002,404,376 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/10/01 15:39:14 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/08/14 03:16:26 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/08/14 03:04:04 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/14 03:04:03 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/14 03:03:58 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/07/10 03:05:33 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/06/13 15:30:12 | 000,249,440 | ---- | M] () -- C:\Program Files (x86)\ExpressFiles\EFupdater.exe
MOD - [2012/12/07 15:15:16 | 007,422,392 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll
MOD - [2012/12/07 15:15:12 | 002,126,264 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll
MOD - [2012/12/07 15:15:12 | 001,270,200 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll
MOD - [2012/12/07 15:15:12 | 000,192,952 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll
MOD - [2012/12/07 15:15:10 | 002,453,944 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll
MOD - [2012/12/07 15:15:10 | 000,795,064 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll
MOD - [2012/08/13 11:18:52 | 000,462,848 | ---- | M] () -- C:\Program Files (x86)\SmartDraw 2014\Messages\SDNotify.exe
MOD - [2011/09/05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qgif4.dll
MOD - [2011/09/05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qjpeg4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/12/05 08:02:44 | 005,739,008 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2011/09/26 05:46:50 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/14 08:18:34 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/09/14 08:17:26 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/10/11 06:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/10/09 03:47:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/02 08:22:33 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe -- (vToolbarUpdater17.0.12)
SRV - [2013/10/01 15:39:37 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/12/07 15:16:00 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/06/13 22:43:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/16 18:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/12 13:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\Team One Productions\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/24 15:29:32 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\60687377.sys -- (60687377)
DRV:64bit: - [2013/10/02 08:22:34 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/02/06 07:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/02/06 07:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/10 11:16:48 | 000,125,304 | ---- | M] (Focusrite Audio Engineering Limited.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ffusb2audio.sys -- (ffusb2audio)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/27 18:45:34 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/27 18:45:34 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/26 05:47:17 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/26 05:47:14 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/14 08:19:11 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/09/14 06:35:45 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/03 23:38:37 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/08/03 11:32:25 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/08/03 11:32:23 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/08/03 10:37:50 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/08/03 10:37:48 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/07/07 06:54:28 | 000,357,968 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gbxavs.sys -- (gbxavs)
DRV:64bit: - [2011/07/07 06:54:28 | 000,068,688 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gbxusb.sys -- (gbxusb_svc)
DRV:64bit: - [2010/12/14 12:08:26 | 000,051,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ffusb2audioks_x64.sys -- (ffusb2audioks)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/29 01:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/08 13:05:00 | 000,105,520 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{E9B61738-D332-42EB-BB65-9DC8AD3786F5}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{E9B61738-D332-42EB-BB65-9DC8AD3786F5}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000e0cb4efc076d
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{0A0DCA06-1581-45FD-B68B-B1BCC9B75AEE}: "URL" = http://websearch.ask...AF-41E9B0B75CAB
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000e0cb4efc076d
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{E9B61738-D332-42EB-BB65-9DC8AD3786F5}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: H:\CS5.5 Master Collection\Acrobat 10.0\Acrobat\Air\nppdf32.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Team One Productions\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\TEAMON~1\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: H:\CS5.5 Master Collection\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: H:\CS5.5 Master Collection\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/01 15:39:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/01 15:39:08 | 000,000,000 | ---D | M]

[2012/03/10 01:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Team One Productions\AppData\Roaming\Mozilla\Extensions
[2013/10/04 16:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\extensions
[2013/09/21 19:48:04 | 000,000,000 | ---D | M] (savEnshare) -- C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\extensions\[email protected]
[2012/03/10 01:27:42 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\extensions\[email protected]
[2012/03/10 00:04:47 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\extensions\[email protected]
[2012/09/01 21:49:45 | 000,002,299 | ---- | M] () -- C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\searchplugins\askcom.xml
[2013/10/01 15:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/01 15:39:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/01/13 17:02:12 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2012/03/10 01:27:39 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

Hosts file not found
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - H:\CS5.5 Master Collection\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll File not found
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - H:\CS5.5 Master Collection\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll File not found
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" File not found
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "H:\CS5.5 Master Collection\Acrobat 10.0\Acrobat\Acrotray.exe" File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] "H:\CS5.5 Master Collection\Acrobat 10.0\Acrobat\Acrobat_sl.exe" File not found
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [DigidesignMMERefresh] H:\Digidesign\Drivers\MMERefresh.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe File not found
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Team One Productions\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Team One Productions\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_60687377.lnk = C:\Users\Team One Productions\AppData\Local\Temp\_uninst_60687377.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01C9BA00-C0D6-4B3E-951D-FBD3973BC14C}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F8B7925-4945-44F7-85BF-9D2C3733940A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/12 16:56:58 | 000,000,030 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/06/01 13:55:11 | 000,000,038 | -H-- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{f7fe5555-6986-11e1-b07c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f7fe5555-6986-11e1-b07c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\HPLauncher.exe -- [2009/05/18 12:46:50 | 000,565,248 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/24 09:36:40 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\60687377.sys
[2013/10/24 09:21:17 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2013/10/24 09:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/10/24 09:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/10/24 09:17:34 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Roaming\Adobe
[2013/10/23 19:44:31 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\Desktop\Tanya
[2013/10/23 19:02:49 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Roaming\Malwarebytes
[2013/10/23 19:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/23 19:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/23 19:02:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/23 19:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/23 19:02:19 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Local\Programs
[2013/10/21 19:30:37 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Local\{6E1F9D28-847E-4685-B3DE-7C13C53184BA}
[2013/10/18 16:39:10 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Local\{5C998BE9-3863-4C53-853E-4921C820573B}
[2013/10/18 15:52:42 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\Desktop\TIG Perofrmance
[2013/10/14 14:34:46 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\New folder (3)
[2013/10/10 21:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/10/10 20:53:21 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Local\AVG Secure Search
[2013/10/01 15:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/30 14:42:30 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\Desktop\for contest
[2013/09/30 14:38:37 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Local\{0966B947-CBCB-4E25-A62C-D09806D939E7}
[2013/09/28 21:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/09/28 21:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/09/28 21:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/28 01:39:48 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\Desktop\Install Pics
[2013/07/06 08:14:25 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Team One Productions\AppData\Local\BcsKtYcHW.dll
[2012/05/04 20:58:57 | 001,539,072 | ---- | C] (Irfan Skiljan) -- C:\Program Files (x86)\iview433_setup.exe
[2004/04/17 18:14:55 | 000,491,520 | ---- | C] (IK Multimedia) -- C:\Users\Team One Productions\TRacks.vpa

========== Files - Modified Within 30 Days ==========

[2013/10/24 15:29:32 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\60687377.sys
[2013/10/24 09:37:32 | 000,000,989 | ---- | M] () -- C:\Users\Team One Productions\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_60687377.lnk
[2013/10/24 09:21:13 | 000,001,079 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Kaspersky Security Scan.lnk
[2013/10/24 09:10:00 | 000,000,988 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2651573275-3495793990-4294649527-1000UA.job
[2013/10/24 08:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/24 05:43:05 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/24 05:43:05 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/24 05:43:05 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/24 04:25:02 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTeam One Productions.job
[2013/10/23 22:49:57 | 000,878,362 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Untitled-1.psd
[2013/10/23 22:49:45 | 000,165,650 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Untitled-1.jpg
[2013/10/23 22:39:31 | 001,273,384 | ---- | M] () -- C:\Users\Team One Productions\Desktop\HS_BUSINESSCARDS.jpg
[2013/10/23 22:24:56 | 000,011,480 | ---- | M] () -- C:\Users\Team One Productions\Desktop\GetAttachment.aspx.jpg
[2013/10/23 21:25:03 | 000,281,612 | ---- | M] () -- C:\Users\Team One Productions\Desktop\My BCard.jpg
[2013/10/23 21:24:08 | 001,541,876 | ---- | M] () -- C:\Users\Team One Productions\Desktop\My BCard.psd
[2013/10/23 20:45:37 | 000,027,612 | ---- | M] () -- C:\Users\Team One Productions\Desktop\all_work_guaranteed.png
[2013/10/23 19:30:07 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/23 19:30:07 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/23 19:16:21 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (Local).job
[2013/10/23 19:16:18 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2013/10/23 19:16:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/23 19:15:38 | 1330,094,079 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/23 19:02:36 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/23 18:10:00 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2651573275-3495793990-4294649527-1000Core.job
[2013/10/21 19:44:33 | 000,706,472 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Glenns logo No Roof.jpg
[2013/10/21 19:43:44 | 000,755,521 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Glenns logo.jpg
[2013/10/21 19:43:29 | 000,144,896 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Glenns logo Trans No Roof.png
[2013/10/21 19:43:09 | 000,199,821 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Glenns logo Trans..png
[2013/10/21 19:30:13 | 000,355,818 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Glenns business Card.jpg
[2013/10/21 19:29:19 | 001,888,559 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Gleens business Card.psd
[2013/10/18 15:48:45 | 000,000,208 | ---- | M] () -- C:\Windows\SysWow64\w3data.vss
[2013/10/18 15:48:45 | 000,000,208 | ---- | M] () -- C:\Windows\SysWow64\msvcsv60.dll
[2013/10/18 15:48:45 | 000,000,208 | ---- | M] () -- C:\Windows\msocreg32.dat
[2013/10/18 13:57:44 | 002,191,429 | ---- | M] () -- C:\Users\Team One Productions\Desktop\MGMPW.mp3
[2013/10/16 03:02:28 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/15 13:48:22 | 000,290,848 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Lending Library Application.pdf
[2013/10/10 03:30:02 | 003,526,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 03:08:41 | 000,773,448 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 19:57:49 | 000,559,264 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Business card temp.psd
[2013/10/09 13:56:15 | 000,014,956 | ---- | M] () -- C:\Users\Team One Productions\Desktop\USP_666.jpg
[2013/10/09 13:54:42 | 000,000,223 | ---- | M] () -- C:\Users\Team One Productions\Desktop\1d.asp.png
[2013/10/09 13:22:06 | 018,904,367 | ---- | M] () -- C:\Users\Team One Productions\Desktop\DSC_0026edit.jpg
[2013/10/09 13:15:07 | 000,247,234 | ---- | M] () -- C:\Users\Team One Productions\Desktop\PaperPage0036_2_S.jpg
[2013/10/09 13:09:42 | 000,004,464 | ---- | M] () -- C:\Users\Team One Productions\Desktop\BookOpen0124_1_thumblarge.jpg
[2013/10/09 12:34:54 | 001,751,654 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Glenns logo.psd
[2013/10/06 21:04:24 | 000,039,155 | ---- | M] () -- C:\Users\Team One Productions\Desktop\0511-1002-2522-1429_Hammer_and_Nail_Cartoon_clipart_image.jpg.png
[2013/10/06 20:47:37 | 000,016,854 | ---- | M] () -- C:\Users\Team One Productions\Desktop\house-roof-hi.png
[2013/10/04 17:16:16 | 003,805,995 | ---- | M] () -- C:\Users\Team One Productions\Desktop\DSC_0026.jpg
[2013/10/04 16:05:50 | 000,007,606 | ---- | M] () -- C:\Users\Team One Productions\AppData\Local\Resmon.ResmonCfg
[2013/10/04 15:38:50 | 004,031,368 | ---- | M] () -- C:\Users\Team One Productions\Desktop\DSC_0057.jpg
[2013/10/04 15:37:54 | 003,861,726 | ---- | M] () -- C:\Users\Team One Productions\Desktop\DSC_0018.jpg
[2013/10/02 08:22:34 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/09/28 02:03:37 | 001,601,827 | ---- | M] () -- C:\Users\Team One Productions\Desktop\10 Hz to 100 Hz Sweep.mp3
[2013/09/28 02:02:38 | 000,402,284 | ---- | M] () -- C:\Users\Team One Productions\Desktop\SIN050.mp3
[2013/09/27 23:51:32 | 000,106,974 | ---- | M] () -- C:\Users\Team One Productions\Desktop\businesscard-3.5inx2in-h-front.psd.zip
[2013/09/27 16:22:35 | 001,862,495 | ---- | M] () -- C:\Users\Team One Productions\Desktop\New Dub.mp3
[2013/09/25 16:21:27 | 000,072,811 | ---- | M] () -- C:\Users\Team One Productions\Desktop\230195_544419388917159_1574318235_n.jpg

========== Files Created - No Company Name ==========

[2013/10/24 09:37:32 | 000,000,989 | ---- | C] () -- C:\Users\Team One Productions\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_60687377.lnk
[2013/10/24 09:21:18 | 000,001,079 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Kaspersky Security Scan.lnk
[2013/10/23 22:49:52 | 000,878,362 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Untitled-1.psd
[2013/10/23 22:49:35 | 000,165,650 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Untitled-1.jpg
[2013/10/23 22:39:29 | 001,273,384 | ---- | C] () -- C:\Users\Team One Productions\Desktop\HS_BUSINESSCARDS.jpg
[2013/10/23 22:24:55 | 000,011,480 | ---- | C] () -- C:\Users\Team One Productions\Desktop\GetAttachment.aspx.jpg
[2013/10/23 21:02:31 | 000,281,612 | ---- | C] () -- C:\Users\Team One Productions\Desktop\My BCard.jpg
[2013/10/23 20:45:03 | 000,027,612 | ---- | C] () -- C:\Users\Team One Productions\Desktop\all_work_guaranteed.png
[2013/10/23 19:02:36 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/21 20:31:38 | 001,541,876 | ---- | C] () -- C:\Users\Team One Productions\Desktop\My BCard.psd
[2013/10/21 19:44:30 | 000,706,472 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Glenns logo No Roof.jpg
[2013/10/21 19:43:40 | 000,755,521 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Glenns logo.jpg
[2013/10/21 19:43:26 | 000,144,896 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Glenns logo Trans No Roof.png
[2013/10/21 19:43:01 | 000,199,821 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Glenns logo Trans..png
[2013/10/21 19:30:00 | 000,355,818 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Glenns business Card.jpg
[2013/10/15 13:48:35 | 000,290,848 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Lending Library Application.pdf
[2013/10/09 19:57:24 | 000,559,264 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Business card temp.psd
[2013/10/09 19:51:35 | 001,888,559 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Gleens business Card.psd
[2013/10/09 14:42:44 | 002,191,429 | ---- | C] () -- C:\Users\Team One Productions\Desktop\MGMPW.mp3
[2013/10/09 13:56:15 | 000,014,956 | ---- | C] () -- C:\Users\Team One Productions\Desktop\USP_666.jpg
[2013/10/09 13:54:42 | 000,000,223 | ---- | C] () -- C:\Users\Team One Productions\Desktop\1d.asp.png
[2013/10/09 13:21:55 | 018,904,367 | ---- | C] () -- C:\Users\Team One Productions\Desktop\DSC_0026edit.jpg
[2013/10/09 13:15:12 | 000,247,234 | ---- | C] () -- C:\Users\Team One Productions\Desktop\PaperPage0036_2_S.jpg
[2013/10/09 13:09:41 | 000,004,464 | ---- | C] () -- C:\Users\Team One Productions\Desktop\BookOpen0124_1_thumblarge.jpg
[2013/10/06 21:33:17 | 001,751,654 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Glenns logo.psd
[2013/10/06 21:04:24 | 000,039,155 | ---- | C] () -- C:\Users\Team One Productions\Desktop\0511-1002-2522-1429_Hammer_and_Nail_Cartoon_clipart_image.jpg.png
[2013/10/06 20:47:37 | 000,016,854 | ---- | C] () -- C:\Users\Team One Productions\Desktop\house-roof-hi.png
[2013/10/04 17:16:08 | 003,805,995 | ---- | C] () -- C:\Users\Team One Productions\Desktop\DSC_0026.jpg
[2013/10/04 15:38:48 | 004,031,368 | ---- | C] () -- C:\Users\Team One Productions\Desktop\DSC_0057.jpg
[2013/10/04 15:37:53 | 003,861,726 | ---- | C] () -- C:\Users\Team One Productions\Desktop\DSC_0018.jpg
[2013/09/28 02:03:37 | 001,601,827 | ---- | C] () -- C:\Users\Team One Productions\Desktop\10 Hz to 100 Hz Sweep.mp3
[2013/09/28 02:02:38 | 000,402,284 | ---- | C] () -- C:\Users\Team One Productions\Desktop\SIN050.mp3
[2013/09/27 23:51:31 | 000,106,974 | ---- | C] () -- C:\Users\Team One Productions\Desktop\businesscard-3.5inx2in-h-front.psd.zip
[2013/09/27 16:21:57 | 001,862,495 | ---- | C] () -- C:\Users\Team One Productions\Desktop\New Dub.mp3
[2013/09/25 16:21:26 | 000,072,811 | ---- | C] () -- C:\Users\Team One Productions\Desktop\230195_544419388917159_1574318235_n.jpg
[2013/09/20 14:01:18 | 000,000,089 | ---- | C] () -- C:\Users\Team One Productions\AppData\Local\msmathematics.qat.Team One Productions
[2013/07/06 08:14:23 | 000,893,239 | ---- | C] () -- C:\Users\Team One Productions\AppData\Local\a.zip
[2012/12/15 22:42:34 | 000,491,520 | ---- | C] () -- C:\Windows\SysWow64\libencdec.dll
[2012/06/25 16:11:57 | 000,000,054 | ---- | C] () -- C:\Users\Team One Productions\AppData\Roaming\updater.cfg
[2012/06/13 21:55:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/06/07 13:04:54 | 004,176,896 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll
[2012/05/07 14:34:52 | 000,008,192 | ---- | C] () -- C:\Users\Team One Productions\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/01 17:58:28 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2012/03/24 21:17:15 | 000,714,590 | ---- | C] () -- C:\Windows\unins000.exe
[2012/03/10 21:38:35 | 000,007,606 | ---- | C] () -- C:\Users\Team One Productions\AppData\Local\Resmon.ResmonCfg
[2012/03/09 17:43:46 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2012/03/09 17:43:46 | 000,000,208 | ---- | C] () -- C:\Windows\msocreg32.dat
[2012/03/09 17:43:46 | 000,000,192 | ---- | C] () -- C:\Users\Team One Productions\AppData\Roaming\msregsvv.dll
[2012/03/09 17:43:46 | 000,000,192 | ---- | C] () -- C:\ProgramData\autobk.inc
[2012/03/08 20:34:21 | 000,008,574 | ---- | C] () -- C:\Windows\unins000.dat
[2012/01/27 18:49:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/27 18:45:57 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/03/10 23:20:22 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Antares
[2012/12/15 23:08:31 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Audio Ease
[2012/03/17 14:37:42 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Blio
[2013/01/13 17:02:12 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Catalina Marketing Corp
[2013/07/06 08:14:21 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Catalina – Print Savings
[2012/03/15 15:45:15 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/14 16:08:25 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\com.adobe.dmp.contentviewer
[2012/03/08 22:06:49 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/08/02 19:41:10 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Dropbox
[2012/08/26 12:36:23 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\ExpressFiles
[2013/06/01 22:26:53 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\GoforFiles
[2012/03/10 17:25:50 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\IK Multimedia
[2012/05/04 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\IrfanView
[2012/03/10 15:23:08 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\iZotope
[2012/03/20 18:13:07 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Korg
[2012/04/01 18:44:19 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Leadertech
[2012/03/10 14:07:31 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Media Finder
[2012/03/10 00:20:55 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Media Get LLC
[2012/12/12 21:45:58 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\MeldaProduction
[2012/06/24 17:52:41 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\NeatVideo SV 64
[2012/06/19 23:06:42 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\ooVoo Details
[2012/04/01 18:20:22 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\PACE Anti-Piracy
[2013/07/12 11:46:37 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\PowerISO
[2013/08/08 18:32:00 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\PreSonus
[2012/05/22 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Publish Providers
[2012/06/24 18:24:12 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Red Giant Link
[2013/07/14 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\SmartDraw
[2013/10/14 19:43:48 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\SoftGrid Client
[2012/07/03 19:36:35 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Sony
[2012/03/21 00:30:25 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Sony Creative Software Inc
[2012/04/01 18:13:37 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Structure
[2012/09/01 21:18:56 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Temp
[2012/03/14 22:07:44 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\TestApp
[2012/03/09 18:24:08 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\TP
[2012/04/01 18:25:24 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Trillium Lane
[2012/11/30 21:09:23 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Waves Audio
[2012/03/16 10:45:30 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\WinBatch
[2013/06/18 21:25:42 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 972 bytes -> C:\ProgramData\Microsoft:TfAsCwNRvNInQZX0Znv
@Alternate Data Stream - 963 bytes -> C:\ProgramData\Microsoft:bZzLM584VssP9OZ1UtWI6
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 1038 bytes -> C:\ProgramData\Microsoft:qRGn5hYz3qSu6VCrQMqa5uD
@Alternate Data Stream - 1030 bytes -> C:\ProgramData\Microsoft:McJl3iLUKA80pyWrUP
@Alternate Data Stream - 1020 bytes -> C:\ProgramData\Microsoft:05ZDnQtgEDckCtnx9d1l

< End of report >



Edited by betherin214, 24 October 2013 - 07:48 AM.

  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello betherin214, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

If you still need assistance please follow the instructions below.


Step-1.

Malicious program uninstalls


1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Babylon toolbar on IE
Kaspersky Security Scan


3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2013/10/02 08:22:33 | 002,404,376 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/10/02 08:22:33 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
PRC - [2013/10/02 08:22:32 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
MOD - [2013/10/02 08:22:34 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
MOD - [2013/10/02 08:22:34 | 000,142,360 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
MOD - [2013/10/02 08:22:33 | 002,404,376 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
SRV - [2013/10/02 08:22:33 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe -- (vToolbarUpdater17.0.12)
DRV:64bit: - [2013/10/02 08:22:34 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000e0cb4efc076d
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000e0cb4efc076d
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll ()
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\TEAMON~1\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
[2013/09/21 19:48:04 | 000,000,000 | ---D | M] (savEnshare) -- C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\extensions\[email protected]
[2012/03/10 01:27:42 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\extensions\[email protected]
[2012/03/10 00:04:47 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\extensions\[email protected]
[2012/03/10 01:27:39 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [DigidesignMMERefresh] H:\Digidesign\Drivers\MMERefresh.exe File not found
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
O33 - MountPoints2\{f7fe5555-6986-11e1-b07c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f7fe5555-6986-11e1-b07c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\HPLauncher.exe -- [2009/05/18 12:46:50 | 000,565,248 | R--- | M] ()
C:\Users\Team One Productions\AppData\Local\AVG Secure Search
@Alternate Data Stream - 972 bytes -> C:\ProgramData\Microsoft:TfAsCwNRvNInQZX0Znv
@Alternate Data Stream - 963 bytes -> C:\ProgramData\Microsoft:bZzLM584VssP9OZ1UtWI6
@Alternate Data Stream - 1038 bytes -> C:\ProgramData\Microsoft:qRGn5hYz3qSu6VCrQMqa5uD
@Alternate Data Stream - 1030 bytes -> C:\ProgramData\Microsoft:McJl3iLUKA80pyWrUP
@Alternate Data Stream - 1020 bytes -> C:\ProgramData\Microsoft:05ZDnQtgEDckCtnx9d1l

:FILES
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c
C:\Program Files (x86)\BabylonToolbar
C:\Program Files (x86)\AVG SafeGuard toolbar
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Program Files (x86)\Kaspersky Lab\

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click "No"
    Posted Image
  • Be sure the A/V Scan: is set to QuickScan
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-3.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-4.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console<---VERY IMPORTANT
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The aswMBR log
2. The AdwCleaner[R0].txt log
4. The new OTL.txt log
  • 0

#3
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I'm following the steps and I have an issue... after running the fix I have no log...... I do to the file and click the date and it just brings up more files... click one and more files... keeps going... no log though.
These are the files I get after clicking the date::::
C_Program Files
C_Users
C_Windows
E_



:surrender: I am a bit panicked...
Explorer won't open whatsoever now. I can run task manager and manually open things but I don't know where to look or what to type for all programs. ANYTHING connected to my desktop freezes the computer entirely. All that shows is a light blue blank screen... If I CTRL ALT DELETE to get task manager I still can... it runs fine EXCEPT explorer is dead.

Edited by betherin214, 27 October 2013 - 07:26 PM.

  • 0

#4
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
OTL LOG

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named vprot.exe was found!
No active process named ToolbarUpdater.exe was found!
No active process named loggingserver.exe was found!
Error: No service named vToolbarUpdater17.0.12 was found to stop!
Service\Driver key vToolbarUpdater17.0.12 not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe not found.
Error: No service named avgtp was found to stop!
Service\Driver key avgtp not found.
File C:\Windows\SysNative\drivers\avgtpx64.sys not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator\ not found.
File C:\Users\TEAMON~1\AppData\Roaming\CATALI~2\NPBCSK~1.DLL not found.
Folder C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\extensions\[email protected]\ not found.
Folder C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\extensions\[email protected]\ not found.
Folder C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\extensions\[email protected]\ not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
File C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Conime not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DigidesignMMERefresh not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt not found.
File C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7fe5555-6986-11e1-b07c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7fe5555-6986-11e1-b07c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7fe5555-6986-11e1-b07c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7fe5555-6986-11e1-b07c-806e6f6e6963}\ not found.
File move failed. E:\HPLauncher.exe scheduled to be moved on reboot.
Unable to delete ADS C:\ProgramData\Microsoft:TfAsCwNRvNInQZX0Znv .
Unable to delete ADS C:\ProgramData\Microsoft:bZzLM584VssP9OZ1UtWI6 .
Unable to delete ADS C:\ProgramData\Microsoft:qRGn5hYz3qSu6VCrQMqa5uD .
Unable to delete ADS C:\ProgramData\Microsoft:McJl3iLUKA80pyWrUP .
Unable to delete ADS C:\ProgramData\Microsoft:05ZDnQtgEDckCtnx9d1l .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Team One Productions\Downloads\cmd.bat deleted successfully.
C:\Users\Team One Productions\Downloads\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.
C:\Users\Team One Productions\Downloads\cmd.bat deleted successfully.
C:\Users\Team One Productions\Downloads\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state ON /c >
An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.
C:\Users\Team One Productions\Downloads\cmd.bat deleted successfully.
C:\Users\Team One Productions\Downloads\cmd.txt deleted successfully.
File\Folder C:\Program Files (x86)\BabylonToolbar not found.
File\Folder C:\Program Files (x86)\AVG SafeGuard toolbar not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search folder moved successfully.
Folder C:\Program Files (x86)\Kaspersky Lab not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Team One Productions
->Temp folder emptied: 108267 bytes
->Temporary Internet Files folder emptied: 133 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14715219 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2342 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 256682175 bytes

Total Files Cleaned = 259.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10272013_210858

Files\Folders moved on Reboot...
File move failed. E:\HPLauncher.exe scheduled to be moved on reboot.
C:\Users\Team One Productions\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Edited by betherin214, 27 October 2013 - 07:22 PM.

  • 0

#5
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I can't get to my desktop to get the other log files form other programs... even if I manually try to go into it... desktop freezes
  • 0

#6
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
NEW OTL LOG:::: (trying to find other logs still..... Was able to run programs just can't access logs.

OTL logfile created on: 10/27/2013 9:26:30 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Team One Productions\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.98 Gb Total Physical Memory | 5.72 Gb Available Physical Memory | 81.87% Memory free
13.97 Gb Paging File | 12.61 Gb Available in Paging File | 90.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.89 Gb Total Space | 696.47 Gb Free Space | 76.13% Space Free | Partition Type: NTFS
Drive D: | 16.52 Gb Total Space | 2.03 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
Drive E: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 930.86 Gb Total Space | 400.00 Gb Free Space | 42.97% Space Free | Partition Type: NTFS

Computer Name: TEAMONE | User Name: Team One Productions | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/24 09:36:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Team One Productions\Downloads\OTL.exe
PRC - [2013/10/01 15:39:38 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2011/08/16 18:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 18:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/12 13:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\Team One Productions\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/10 03:21:40 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\51ffeacb880d9c15fecc1c74f83e8973\System.IdentityModel.ni.dll
MOD - [2013/10/10 03:21:39 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dll
MOD - [2013/10/10 03:19:41 | 002,906,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\7a2dfdf44f0610b43e65f28a1448f110\ReachFramework.ni.dll
MOD - [2013/10/10 03:19:32 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/10 03:19:31 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll
MOD - [2013/10/10 03:07:48 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll
MOD - [2013/10/10 03:07:43 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/10/10 03:07:42 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/10/10 03:07:37 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll
MOD - [2013/10/10 03:07:36 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/01 15:39:14 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/08/14 03:16:26 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/08/14 03:04:04 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/14 03:04:03 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/14 03:03:58 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/07/10 03:05:33 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/12/05 08:02:44 | 005,739,008 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2011/09/26 05:46:50 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/14 08:18:34 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/09/14 08:17:26 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/10/11 06:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/10/09 03:47:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/06/13 22:43:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/16 18:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/12 13:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\Team One Productions\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/02/06 07:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/02/06 07:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/10 11:16:48 | 000,125,304 | ---- | M] (Focusrite Audio Engineering Limited.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ffusb2audio.sys -- (ffusb2audio)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/27 18:45:34 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/27 18:45:34 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/26 05:47:17 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/26 05:47:14 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/14 08:19:11 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/09/14 06:35:45 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/03 23:38:37 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/08/03 11:32:25 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/08/03 11:32:23 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/08/03 10:37:50 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/08/03 10:37:48 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/07/07 06:54:28 | 000,357,968 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gbxavs.sys -- (gbxavs)
DRV:64bit: - [2011/07/07 06:54:28 | 000,068,688 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gbxusb.sys -- (gbxusb_svc)
DRV:64bit: - [2010/12/14 12:08:26 | 000,051,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ffusb2audioks_x64.sys -- (ffusb2audioks)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/29 01:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/08 13:05:00 | 000,105,520 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{E9B61738-D332-42EB-BB65-9DC8AD3786F5}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{E9B61738-D332-42EB-BB65-9DC8AD3786F5}: "URL" = http://www.amazon.co...s={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2651573275-3495793990-4294649527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2651573275-3495793990-4294649527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2651573275-3495793990-4294649527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-2651573275-3495793990-4294649527-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2651573275-3495793990-4294649527-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2651573275-3495793990-4294649527-1000\..\SearchScopes\{0A0DCA06-1581-45FD-B68B-B1BCC9B75AEE}: "URL" = http://websearch.ask...AF-41E9B0B75CAB
IE - HKU\S-1-5-21-2651573275-3495793990-4294649527-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKU\S-1-5-21-2651573275-3495793990-4294649527-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch...q={searchTerms}
IE - HKU\S-1-5-21-2651573275-3495793990-4294649527-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKU\S-1-5-21-2651573275-3495793990-4294649527-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-2651573275-3495793990-4294649527-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKU\S-1-5-21-2651573275-3495793990-4294649527-1000\..\SearchScopes\{E9B61738-D332-42EB-BB65-9DC8AD3786F5}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKU\S-1-5-21-2651573275-3495793990-4294649527-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2651573275-3495793990-4294649527-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://securedsearch...soft&ent=bs&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: H:\CS5.5 Master Collection\Acrobat 10.0\Acrobat\Air\nppdf32.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Team One Productions\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: H:\CS5.5 Master Collection\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: H:\CS5.5 Master Collection\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/01 15:39:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/01 15:39:08 | 000,000,000 | ---D | M]

[2012/03/10 01:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Team One Productions\AppData\Roaming\Mozilla\Extensions
[2013/10/27 20:30:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\extensions
[2012/09/01 21:49:45 | 000,002,299 | ---- | M] () -- C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\searchplugins\askcom.xml
[2013/10/01 15:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/01 15:39:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/01/13 17:02:12 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll

Hosts file not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2651573275-3495793990-4294649527-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2651573275-3495793990-4294649527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01C9BA00-C0D6-4B3E-951D-FBD3973BC14C}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F8B7925-4945-44F7-85BF-9D2C3733940A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/12 16:56:58 | 000,000,030 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/06/01 13:55:11 | 000,000,038 | -H-- | M] () - H:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


========== Files/Folders - Created Within 30 Days ==========

[2013/10/27 20:42:05 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/27 20:30:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/27 20:28:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/10/26 19:09:59 | 000,000,000 | ---D | C] -- C:\Temp
[2013/10/26 08:23:36 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\Desktop\PICS
[2013/10/24 18:50:55 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Local\Adobe
[2013/10/24 10:46:36 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\Desktop\virus scan stuff
[2013/10/24 10:18:26 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Roaming\LavasoftStatistics
[2013/10/24 09:54:09 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Roaming\SecureSearch
[2013/10/24 09:53:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2013/10/24 09:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/10/24 09:17:34 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Roaming\Adobe
[2013/10/23 19:44:31 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\Desktop\Tanya
[2013/10/23 19:02:49 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Roaming\Malwarebytes
[2013/10/23 19:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/23 19:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/23 19:02:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/23 19:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/23 19:02:19 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Local\Programs
[2013/10/21 19:30:37 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Local\{6E1F9D28-847E-4685-B3DE-7C13C53184BA}
[2013/10/18 16:39:10 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Local\{5C998BE9-3863-4C53-853E-4921C820573B}
[2013/10/18 15:52:42 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\Desktop\TIG Perofrmance
[2013/10/14 14:34:46 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\New folder (3)
[2013/10/10 21:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/10/10 20:53:21 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Local\AVG Secure Search
[2013/10/10 03:11:08 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/10 03:11:08 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/10 03:11:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/10/10 03:11:06 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/10/10 03:11:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/10/10 03:11:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/10/10 03:11:06 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/10/10 03:11:06 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/10/10 03:11:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/10/10 03:11:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/10/10 03:11:05 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/10/10 03:11:03 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/10 03:11:03 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/10 03:11:03 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/10 03:11:02 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/09 20:54:03 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/09 20:54:02 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/09 20:54:02 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/09 20:54:02 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/09 20:54:02 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/09 20:54:02 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/09 20:54:02 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/09 20:54:02 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/09 20:54:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/09 20:54:01 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/09 20:54:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/09 20:54:01 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/09 20:53:59 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/09 20:53:58 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/09 20:53:58 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/09 20:53:58 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/09 20:53:57 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/09 20:53:57 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/09 20:53:57 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/09 20:53:56 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/09 20:53:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/09 20:53:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/09 20:53:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/09 20:53:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/09 20:53:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/09 20:53:13 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/09 20:53:13 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 20:53:13 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 03:47:06 | 017,813,896 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/10/01 15:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/30 14:42:30 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\Desktop\for contest
[2013/09/30 14:38:37 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Local\{0966B947-CBCB-4E25-A62C-D09806D939E7}
[2013/09/28 21:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/09/28 01:39:48 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\Desktop\Install Pics
[2012/05/04 20:58:57 | 001,539,072 | ---- | C] (Irfan Skiljan) -- C:\Program Files (x86)\iview433_setup.exe
[2004/04/17 18:14:55 | 000,491,520 | ---- | C] (IK Multimedia) -- C:\Users\Team One Productions\TRacks.vpa

========== Files - Modified Within 30 Days ==========

[2013/10/27 21:25:28 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/27 21:25:28 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/27 21:25:28 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/27 21:25:24 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/27 21:25:24 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/27 21:14:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/27 21:14:22 | 1330,094,079 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/27 21:10:04 | 000,000,988 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2651573275-3495793990-4294649527-1000UA.job
[2013/10/27 20:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/27 20:40:57 | 000,000,512 | ---- | M] () -- C:\Users\Team One Productions\Desktop\MBR.dat
[2013/10/27 20:30:29 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2013/10/27 20:29:46 | 000,001,164 | ---- | M] () -- C:\Users\Team One Productions\Desktop\OTL - Shortcut.lnk
[2013/10/27 20:14:02 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (Local).job
[2013/10/27 20:13:38 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTeam One Productions.job
[2013/10/27 18:10:00 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2651573275-3495793990-4294649527-1000Core.job
[2013/10/26 19:45:28 | 000,000,208 | ---- | M] () -- C:\Windows\SysWow64\w3data.vss
[2013/10/26 19:45:28 | 000,000,208 | ---- | M] () -- C:\Windows\SysWow64\msvcsv60.dll
[2013/10/26 19:45:28 | 000,000,208 | ---- | M] () -- C:\Windows\msocreg32.dat
[2013/10/26 19:20:48 | 000,185,968 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Kill it.mp3.sfk
[2013/10/26 19:19:19 | 002,158,366 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Kill it.mp3
[2013/10/26 19:18:19 | 000,232,364 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Kill it.pk
[2013/10/26 19:03:44 | 023,785,820 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Kill it.wav
[2013/10/23 22:49:57 | 000,878,362 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Untitled-1.psd
[2013/10/23 22:49:45 | 000,165,650 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Untitled-1.jpg
[2013/10/23 22:39:31 | 001,273,384 | ---- | M] () -- C:\Users\Team One Productions\Desktop\HS_BUSINESSCARDS.jpg
[2013/10/23 22:24:56 | 000,011,480 | ---- | M] () -- C:\Users\Team One Productions\Desktop\GetAttachment.aspx.jpg
[2013/10/23 21:25:03 | 000,281,612 | ---- | M] () -- C:\Users\Team One Productions\Desktop\My BCard.jpg
[2013/10/23 21:24:08 | 001,541,876 | ---- | M] () -- C:\Users\Team One Productions\Desktop\My BCard.psd
[2013/10/23 20:45:37 | 000,027,612 | ---- | M] () -- C:\Users\Team One Productions\Desktop\all_work_guaranteed.png
[2013/10/21 19:44:33 | 000,706,472 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Glenns logo No Roof.jpg
[2013/10/21 19:43:44 | 000,755,521 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Glenns logo.jpg
[2013/10/21 19:43:29 | 000,144,896 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Glenns logo Trans No Roof.png
[2013/10/21 19:43:09 | 000,199,821 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Glenns logo Trans..png
[2013/10/21 19:30:13 | 000,355,818 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Glenns business Card.jpg
[2013/10/21 19:29:19 | 001,888,559 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Gleens business Card.psd
[2013/10/18 13:57:44 | 002,191,429 | ---- | M] () -- C:\Users\Team One Productions\Desktop\MGMPW.mp3
[2013/10/16 03:02:28 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/15 13:48:22 | 000,290,848 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Lending Library Application.pdf
[2013/10/10 03:30:02 | 003,526,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 03:08:41 | 000,773,448 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 19:57:49 | 000,559,264 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Business card temp.psd
[2013/10/09 13:56:15 | 000,014,956 | ---- | M] () -- C:\Users\Team One Productions\Desktop\USP_666.jpg
[2013/10/09 13:54:42 | 000,000,223 | ---- | M] () -- C:\Users\Team One Productions\Desktop\1d.asp.png
[2013/10/09 13:22:06 | 018,904,367 | ---- | M] () -- C:\Users\Team One Productions\Desktop\DSC_0026edit.jpg
[2013/10/09 13:15:07 | 000,247,234 | ---- | M] () -- C:\Users\Team One Productions\Desktop\PaperPage0036_2_S.jpg
[2013/10/09 13:09:42 | 000,004,464 | ---- | M] () -- C:\Users\Team One Productions\Desktop\BookOpen0124_1_thumblarge.jpg
[2013/10/09 12:34:54 | 001,751,654 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Glenns logo.psd
[2013/10/09 03:47:21 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/09 03:47:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/09 03:47:07 | 017,813,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/10/06 21:04:24 | 000,039,155 | ---- | M] () -- C:\Users\Team One Productions\Desktop\0511-1002-2522-1429_Hammer_and_Nail_Cartoon_clipart_image.jpg.png
[2013/10/06 20:47:37 | 000,016,854 | ---- | M] () -- C:\Users\Team One Productions\Desktop\house-roof-hi.png
[2013/10/04 17:16:16 | 003,805,995 | ---- | M] () -- C:\Users\Team One Productions\Desktop\DSC_0026.jpg
[2013/10/04 16:05:50 | 000,007,606 | ---- | M] () -- C:\Users\Team One Productions\AppData\Local\Resmon.ResmonCfg
[2013/10/04 15:38:50 | 004,031,368 | ---- | M] () -- C:\Users\Team One Productions\Desktop\DSC_0057.jpg
[2013/10/04 15:37:54 | 003,861,726 | ---- | M] () -- C:\Users\Team One Productions\Desktop\DSC_0018.jpg
[2013/09/28 21:09:23 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/09/28 21:09:23 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/09/28 02:03:37 | 001,601,827 | ---- | M] () -- C:\Users\Team One Productions\Desktop\10 Hz to 100 Hz Sweep.mp3
[2013/09/28 02:02:38 | 000,402,284 | ---- | M] () -- C:\Users\Team One Productions\Desktop\SIN050.mp3
[2013/09/27 23:51:32 | 000,106,974 | ---- | M] () -- C:\Users\Team One Productions\Desktop\businesscard-3.5inx2in-h-front.psd.zip

========== Files Created - No Company Name ==========

[2013/10/27 20:40:57 | 000,000,512 | ---- | C] () -- C:\Users\Team One Productions\Desktop\MBR.dat
[2013/10/27 20:29:46 | 000,001,164 | ---- | C] () -- C:\Users\Team One Productions\Desktop\OTL - Shortcut.lnk
[2013/10/26 19:20:07 | 000,185,968 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Kill it.mp3.sfk
[2013/10/26 19:18:19 | 000,232,364 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Kill it.pk
[2013/10/26 19:02:42 | 023,785,820 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Kill it.wav
[2013/10/26 19:00:19 | 002,158,366 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Kill it.mp3
[2013/10/23 22:49:52 | 000,878,362 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Untitled-1.psd
[2013/10/23 22:49:35 | 000,165,650 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Untitled-1.jpg
[2013/10/23 22:39:29 | 001,273,384 | ---- | C] () -- C:\Users\Team One Productions\Desktop\HS_BUSINESSCARDS.jpg
[2013/10/23 22:24:55 | 000,011,480 | ---- | C] () -- C:\Users\Team One Productions\Desktop\GetAttachment.aspx.jpg
[2013/10/23 21:02:31 | 000,281,612 | ---- | C] () -- C:\Users\Team One Productions\Desktop\My BCard.jpg
[2013/10/23 20:45:03 | 000,027,612 | ---- | C] () -- C:\Users\Team One Productions\Desktop\all_work_guaranteed.png
[2013/10/21 20:31:38 | 001,541,876 | ---- | C] () -- C:\Users\Team One Productions\Desktop\My BCard.psd
[2013/10/21 19:44:30 | 000,706,472 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Glenns logo No Roof.jpg
[2013/10/21 19:43:40 | 000,755,521 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Glenns logo.jpg
[2013/10/21 19:43:26 | 000,144,896 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Glenns logo Trans No Roof.png
[2013/10/21 19:43:01 | 000,199,821 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Glenns logo Trans..png
[2013/10/21 19:30:00 | 000,355,818 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Glenns business Card.jpg
[2013/10/15 13:48:35 | 000,290,848 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Lending Library Application.pdf
[2013/10/09 19:57:24 | 000,559,264 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Business card temp.psd
[2013/10/09 19:51:35 | 001,888,559 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Gleens business Card.psd
[2013/10/09 14:42:44 | 002,191,429 | ---- | C] () -- C:\Users\Team One Productions\Desktop\MGMPW.mp3
[2013/10/09 13:56:15 | 000,014,956 | ---- | C] () -- C:\Users\Team One Productions\Desktop\USP_666.jpg
[2013/10/09 13:54:42 | 000,000,223 | ---- | C] () -- C:\Users\Team One Productions\Desktop\1d.asp.png
[2013/10/09 13:21:55 | 018,904,367 | ---- | C] () -- C:\Users\Team One Productions\Desktop\DSC_0026edit.jpg
[2013/10/09 13:15:12 | 000,247,234 | ---- | C] () -- C:\Users\Team One Productions\Desktop\PaperPage0036_2_S.jpg
[2013/10/09 13:09:41 | 000,004,464 | ---- | C] () -- C:\Users\Team One Productions\Desktop\BookOpen0124_1_thumblarge.jpg
[2013/10/06 21:33:17 | 001,751,654 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Glenns logo.psd
[2013/10/06 21:04:24 | 000,039,155 | ---- | C] () -- C:\Users\Team One Productions\Desktop\0511-1002-2522-1429_Hammer_and_Nail_Cartoon_clipart_image.jpg.png
[2013/10/06 20:47:37 | 000,016,854 | ---- | C] () -- C:\Users\Team One Productions\Desktop\house-roof-hi.png
[2013/10/04 17:16:08 | 003,805,995 | ---- | C] () -- C:\Users\Team One Productions\Desktop\DSC_0026.jpg
[2013/10/04 15:38:48 | 004,031,368 | ---- | C] () -- C:\Users\Team One Productions\Desktop\DSC_0057.jpg
[2013/10/04 15:37:53 | 003,861,726 | ---- | C] () -- C:\Users\Team One Productions\Desktop\DSC_0018.jpg
[2013/09/28 02:03:37 | 001,601,827 | ---- | C] () -- C:\Users\Team One Productions\Desktop\10 Hz to 100 Hz Sweep.mp3
[2013/09/28 02:02:38 | 000,402,284 | ---- | C] () -- C:\Users\Team One Productions\Desktop\SIN050.mp3
[2013/09/27 23:51:31 | 000,106,974 | ---- | C] () -- C:\Users\Team One Productions\Desktop\businesscard-3.5inx2in-h-front.psd.zip
[2013/09/20 14:01:18 | 000,000,089 | ---- | C] () -- C:\Users\Team One Productions\AppData\Local\msmathematics.qat.Team One Productions
[2012/12/15 22:42:34 | 000,491,520 | ---- | C] () -- C:\Windows\SysWow64\libencdec.dll
[2012/06/25 16:11:57 | 000,000,054 | ---- | C] () -- C:\Users\Team One Productions\AppData\Roaming\updater.cfg
[2012/06/13 21:55:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/06/07 13:04:54 | 004,176,896 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll
[2012/05/07 14:34:52 | 000,008,192 | ---- | C] () -- C:\Users\Team One Productions\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/01 17:58:28 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2012/03/24 21:17:15 | 000,714,590 | ---- | C] () -- C:\Windows\unins000.exe
[2012/03/10 21:38:35 | 000,007,606 | ---- | C] () -- C:\Users\Team One Productions\AppData\Local\Resmon.ResmonCfg
[2012/03/09 17:43:46 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2012/03/09 17:43:46 | 000,000,208 | ---- | C] () -- C:\Windows\msocreg32.dat
[2012/03/09 17:43:46 | 000,000,192 | ---- | C] () -- C:\Users\Team One Productions\AppData\Roaming\msregsvv.dll
[2012/03/09 17:43:46 | 000,000,192 | ---- | C] () -- C:\ProgramData\autobk.inc
[2012/03/08 20:34:21 | 000,008,574 | ---- | C] () -- C:\Windows\unins000.dat
[2012/01/27 18:49:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/27 18:45:57 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/22 14:57:55 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2013/09/22 14:57:55 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2012/03/10 23:20:22 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Antares
[2012/12/15 23:08:31 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Audio Ease
[2012/03/17 14:37:42 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Blio
[2013/01/13 17:02:12 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Catalina Marketing Corp
[2012/03/15 15:45:15 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/14 16:08:25 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\com.adobe.dmp.contentviewer
[2012/03/08 22:06:49 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/08/02 19:41:10 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Dropbox
[2012/08/26 12:36:23 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\ExpressFiles
[2013/06/01 22:26:53 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\GoforFiles
[2012/03/10 17:25:50 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\IK Multimedia
[2012/05/04 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\IrfanView
[2012/03/10 15:23:08 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\iZotope
[2012/03/20 18:13:07 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Korg
[2012/04/01 18:44:19 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Leadertech
[2012/03/10 14:07:31 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Media Finder
[2012/03/10 00:20:55 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Media Get LLC
[2012/12/12 21:45:58 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\MeldaProduction
[2012/06/24 17:52:41 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\NeatVideo SV 64
[2012/06/19 23:06:42 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\ooVoo Details
[2012/04/01 18:20:22 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\PACE Anti-Piracy
[2013/07/12 11:46:37 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\PowerISO
[2013/08/08 18:32:00 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\PreSonus
[2012/05/22 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Publish Providers
[2012/06/24 18:24:12 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Red Giant Link
[2013/10/24 13:32:54 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\SecureSearch
[2013/07/14 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\SmartDraw
[2013/10/14 19:43:48 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\SoftGrid Client
[2012/07/03 19:36:35 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Sony
[2012/03/21 00:30:25 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Sony Creative Software Inc
[2012/04/01 18:13:37 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Structure
[2012/09/01 21:18:56 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Temp
[2012/03/14 22:07:44 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\TestApp
[2012/03/09 18:24:08 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\TP
[2012/04/01 18:25:24 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Trillium Lane
[2012/11/30 21:09:23 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Waves Audio
[2012/03/16 10:45:30 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\WinBatch
[2013/06/18 21:25:42 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 01:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
No service found with a name of BFE
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 01:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 00:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 23:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 23:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2012/01/27 18:38:34 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 23:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 13:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2012/01/27 18:40:56 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 23:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV:64bit: - [2010/11/20 23:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 23:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 23:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 23:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 23:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 23:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 23:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 23:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV:64bit: - [2010/11/20 23:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
No service found with a name of MpsSvc
SRV:64bit: - [2010/11/20 23:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 23:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 23:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 23:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 23:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< MD5 for: EXPLORER.EXE >
[2012/01/27 18:39:06 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/01/27 18:39:06 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/01/27 18:39:06 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/01/27 18:39:06 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/01/27 18:39:06 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/01/27 18:39:06 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/04/04 01:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SETTINGS >
[2013/08/14 14:46:36 | 000,003,275 | ---- | M] () MD5=0A557F8B14039D8E621697FA1ED817DB -- C:\Users\Team One Productions\AppData\Roaming\PreSonus\Studio One 2\x64\Services.settings

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is BA1E-3D3D
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Team One Productions
03/08/2012 06:31 PM <JUNCTION> Application Data [C:\Users\Team One Productions\AppData\Roaming]
03/08/2012 06:31 PM <JUNCTION> Cookies [C:\Users\Team One Productions\AppData\Roaming\Microsoft\Windows\Cookies]
03/08/2012 06:31 PM <JUNCTION> Local Settings [C:\Users\Team One Productions\AppData\Local]
03/08/2012 06:31 PM <JUNCTION> My Documents [C:\Users\Team One Productions\Documents]
03/08/2012 06:31 PM <JUNCTION> NetHood [C:\Users\Team One Productions\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/08/2012 06:31 PM <JUNCTION> PrintHood [C:\Users\Team One Productions\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/08/2012 06:31 PM <JUNCTION> Recent [C:\Users\Team One Productions\AppData\Roaming\Microsoft\Windows\Recent]
03/08/2012 06:31 PM <JUNCTION> SendTo [C:\Users\Team One Productions\AppData\Roaming\Microsoft\Windows\SendTo]
03/08/2012 06:31 PM <JUNCTION> Start Menu [C:\Users\Team One Productions\AppData\Roaming\Microsoft\Windows\Start Menu]
03/08/2012 06:31 PM <JUNCTION> Templates [C:\Users\Team One Productions\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Team One Productions\AppData\Local
03/08/2012 06:31 PM <JUNCTION> Application Data [C:\Users\Team One Productions\AppData\Local]
03/08/2012 06:31 PM <JUNCTION> History [C:\Users\Team One Productions\AppData\Local\Microsoft\Windows\History]
03/08/2012 06:31 PM <JUNCTION> Temporary Internet Files [C:\Users\Team One Productions\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Team One Productions\Documents
03/08/2012 06:31 PM <JUNCTION> My Music [C:\Users\Team One Productions\Music]
03/08/2012 06:31 PM <JUNCTION> My Pictures [C:\Users\Team One Productions\Pictures]
03/08/2012 06:31 PM <JUNCTION> My Videos [C:\Users\Team One Productions\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 747,612,905,472 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
  • 0

#7
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-27 21:48:47
-----------------------------
21:48:47.286 OS Version: Windows x64 6.1.7601 Service Pack 1
21:48:47.286 Number of processors: 4 586 0x100
21:48:47.286 ComputerName: TEAMONE UserName:
21:48:48.612 Initialize success
21:49:11.095 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
21:49:11.110 Disk 0 Vendor: ST310005 HP64 Size: 953869MB BusType: 11
21:49:11.173 Disk 0 MBR read successfully
21:49:11.188 Disk 0 MBR scan
21:49:11.188 Disk 0 Windows 7 default MBR code
21:49:11.188 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:49:11.188 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 936846 MB offset 206848
21:49:11.219 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16921 MB offset 1918867456
21:49:11.251 Disk 0 scanning C:\Windows\system32\drivers
21:49:17.693 Service scanning
21:49:27.631 Modules scanning
21:49:27.631 Disk 0 trace - called modules:
21:49:27.646 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
21:49:27.646 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80071a8060]
21:49:27.646 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa8006b02950]
21:49:27.646 5 amd_xata.sys[fffff8800111e8f7] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa8006b00060]
21:49:27.662 Scan finished successfully
21:50:34.212 Disk 0 MBR has been saved successfully to "C:\Users\Team One Productions\Downloads\MBR.dat"
21:50:34.212 The log file has been saved successfully to "C:\Users\Team One Productions\Downloads\aswMBR.txt"
  • 0

#8
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
# AdwCleaner v3.010 - Report created 27/10/2013 at 21:52:00
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Team One Productions - TEAMONE
# Running from : C:\Users\Team One Productions\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\searchplugins\Askcom.xml
File Found : C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\user.js
File Found : C:\Windows\System32\Tasks\Express FilesUpdate
File Found : C:\Windows\System32\Tasks\GoforFilesUpdate
Folder Found C:\Program Files (x86)\ExpressFiles
Folder Found C:\Program Files (x86)\goforfiles
Folder Found C:\Program Files (x86)\Red Sky
Folder Found C:\Program Files (x86)\Smartdl
Folder Found C:\Program Files (x86)\v-Grabber
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBflix
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBflix
Folder Found C:\ProgramData\Premium
Folder Found C:\ProgramData\savEnshare
Folder Found C:\Users\Team One Productions\AppData\Local\AVG Secure Search
Folder Found C:\Users\Team One Productions\AppData\Local\Babylon
Folder Found C:\Users\Team One Productions\AppData\Local\DownTango
Folder Found C:\Users\Team One Productions\AppData\Roaming\ExpressFiles
Folder Found C:\Users\Team One Productions\AppData\Roaming\goforfiles
Folder Found C:\Users\Team One Productions\AppData\Roaming\Media Finder
Folder Found C:\Users\Team One Productions\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\ExpressFiles
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles
Key Found : HKCU\Software\StartSearch
Key Found : [x64] HKCU\Software\ExpressFiles
Key Found : [x64] HKCU\Software\MediaFinder
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\StartSearch
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\ExpressFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_19703871
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\prefs.js ]

Line Found : user_pref("aol_toolbar.default.homepage.check", false);
Line Found : user_pref("aol_toolbar.default.search.check", false);
Line Found : user_pref("extensions.3499ur3ur4hfsudfs.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search[...]
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110482");
Line Found : user_pref("extensions.BabylonToolbar_i.hardId", "ba1e3d3d000000000000e0cb4efc076d");
Line Found : user_pref("extensions.BabylonToolbar_i.id", "ba1e3d3d000000000000e0cb4efc076d");
Line Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15409");
Line Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.170:27:41");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.Ix_4sg.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top && \"www.google.com,mail.google.com,www.wikipedia.org,[...]
Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[R0].txt - [14739 octets] - [27/10/2013 20:44:35]
AdwCleaner[R1].txt - [14462 octets] - [27/10/2013 21:52:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [14523 octets] ##########
  • 0

#9
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I just ran explorer manually and it popped up! what in the world happened?

Edited by betherin214, 27 October 2013 - 07:57 PM.

  • 0

#10
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I was really panicking for about an hour... blank blue screen... nothing was working... everything freezing... I'm sweating!
  • 0

Advertisements


#11
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
It could have been that you didn't reboot the computer after you uninstalled programs. It could have been that one or more of the malware or adware files or malicious toolbars prevented Explorer from working when it was removed. But I've removed all of those things before with no ill effects. Malware can cause all kinds of strange things to happen. Think of the process as an exorcism. :lol: The main thing is that Explorer is working ok now. Let me know please.In your last post I think you are saying that is ok, but the post was a little confusing. If it's ok now we will continue.
  • 0

#12
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Yes, all is up and running now! :)Please continue!
  • 0

#13
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
:thumbsup:

Windows Sidebar Advice

Your log shows Windows sidebar running. I recommend that you disable the sidebar.

Microsoft has discovered a security vulnerability in Windows Sidebar and Gadgets. If you are not aware of this, Windows Sidebar(gadgets) has the potential to compromise the security of a machine it is running on as mentioned here. So it would be best to disable this feature.

Download the Disable Windows Sidebar and Gadgets Fix-it on this page to your desktop.

Once downloaded, double-click on MicrosoftFixit50906.msi >> follow the prompts >> reboot your machine if not advised to do so.



Step-1.

Malicious program uninstalls

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

ExpressFiles
GoForFiles


3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt


Step-3.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT.exe file and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-4.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKU\S-1-5-21-2651573275-3495793990-4294649527-1000\..\SearchScopes\{0A0DCA06-1581-45FD-B68B-B1BCC9B75AEE}: "URL" = http://websearch.ask...AF-41E9B0B75CAB
IE - HKU\S-1-5-21-2651573275-3495793990-4294649527-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch...q={searchTerms}
FF - prefs.js..keyword.URL: "http://securedsearch...soft&ent=bs&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
C:\ProgramData\AVG SafeGuard toolbar
C:\Users\Team One Productions\AppData\Local\AVG Secure Search

:COMMANDS
[emptytemp]
[resethosts]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the uninstalls went.
2. The AdwCleaner[S0].txt log
3. The JRT.txt log
4. The OTL fixes log
  • 0

#14
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I haven't had a chance to follow all the steps yet. Just wanted to note that I will do that soon :)
  • 0

#15
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Uninstalls went fine :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP