Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

popups adware/ProgramData folder access problems [Solved]

Started by SallyMae , Nov 14 2013 10:39 PM

This topic is locked

#1
SallyMae

Posted 14 November 2013 - 10:39 PM

Member

Member
88 posts

I got a mess. First I have a problem Windows Defender finds but says it can't remove. Something called DealPly that appears to be associated with AmazonMP3 Downloader software. I've also run MalwareBytes and SuperAntiSpyware but it remains. I also have random tabs opening with ads when I hit links in other tabs I'm working in and i have some kind of malware putting those double underline things on websites i regularly visit so when I roll my curser across the screen and happen to hit one of them ads pop up. I am also having a problem with programs that are installed being able to access the ProgramData folders and subfolders so that they can either be uninstalled or repaired and I have a problem trying to install new programs for the same reason, unable to access ProgramData folders. I think that pretty much covers it. Below is my OTL quickscan log. Thank You in advance for all your help. You guys are always great.

OTL quickscan log:

OTL logfile created on: 11/14/2013 11:05:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MotherFudrucker\Desktop\Cleanup and Computer Tools
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.45 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 61.59% Memory free
4.63 Gb Paging File | 2.88 Gb Available in Paging File | 62.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 426.54 Gb Total Space | 375.96 Gb Free Space | 88.14% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 23.72 Gb Free Space | 94.89% Space Free | Partition Type: NTFS

Computer Name: PEACHESANDCREAM | User Name: MotherFudrucker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/14 06:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/11/13 16:34:28 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
PRC - [2013/11/11 07:48:23 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/08/16 17:03:00 | 003,502,360 | ---- | M] (TMRG, Inc.) -- C:\Program Files (x86)\OpinionSquare\opnsqr.exe
PRC - [2013/08/16 17:03:00 | 000,186,136 | ---- | M] (TMRG, Inc.) -- C:\Program Files (x86)\OpinionSquare\opservice.exe
PRC - [2013/08/16 17:03:00 | 000,157,464 | ---- | M] (TMRG, Inc.) -- C:\Program Files (x86)\OpinionSquare\opnsqr32.exe
PRC - [2013/08/12 20:34:11 | 000,439,360 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/07/28 12:49:58 | 000,503,808 | ---- | M] (www.orangesoftware.net (email: [email protected])) -- C:\Program Files (x86)\Pink Calendar\PinkCal.exe
PRC - [2013/07/27 18:03:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MotherFudrucker\Desktop\Cleanup and Computer Tools\OTL.exe
PRC - [2013/06/29 12:49:28 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exe
PRC - [2013/06/19 13:10:47 | 000,156,000 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/08 17:18:34 | 000,095,192 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
PRC - [2013/03/04 19:25:17 | 000,447,104 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2012/12/14 00:18:54 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011/11/22 18:53:28 | 001,327,440 | ---- | M] (Comfort Software Group) -- C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe

========== Modules (No Company Name) ==========

MOD - [2013/11/14 06:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 06:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 06:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 06:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 06:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/11/13 16:34:25 | 016,237,448 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
MOD - [2013/11/11 07:48:03 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/07/15 12:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2013/06/19 13:10:48 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
MOD - [2013/06/19 13:10:48 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
MOD - [2013/06/19 13:10:47 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
MOD - [2013/06/19 13:10:47 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
MOD - [2013/06/19 13:10:47 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
MOD - [2013/06/19 13:10:47 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
MOD - [2013/06/19 13:10:47 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
MOD - [2013/06/19 13:10:46 | 000,064,512 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ServiceManagerStarter.dll
MOD - [2013/06/19 13:10:45 | 000,446,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\DeviceProfile.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/08/16 00:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/01 19:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/29 12:49:28 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV:64bit: - [2013/06/24 17:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 04:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/23 15:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/04 01:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 01:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/18 14:19:54 | 000,103,424 | ---- | M] () [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe -- (AdaptiveSleepService)
SRV:64bit: - [2013/04/18 14:18:52 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/04/18 10:29:00 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/04/08 23:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/04 19:25:20 | 000,202,400 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2013/03/01 21:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 21:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 18:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/12/14 00:18:48 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013/11/11 07:48:22 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/16 17:03:00 | 000,186,136 | ---- | M] (TMRG, Inc.) [Auto | Running] -- C:\Program Files (x86)\OpinionSquare\opservice.exe -- (OpinionSquare)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/04 19:25:17 | 000,447,104 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2013/02/28 20:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012/12/14 00:18:54 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/16 00:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/07/09 03:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 20:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/07/01 20:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 20:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/01 19:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 17:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/06/29 01:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/10 16:17:46 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/05/31 22:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/31 14:19:53 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2013/05/31 14:19:53 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2013/05/04 02:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/18 11:23:38 | 011,644,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/18 10:02:52 | 000,581,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/04/18 09:04:28 | 000,219,360 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\appexDrv.sys -- (APXACC)
DRV:64bit: - [2013/04/04 09:56:56 | 000,495,344 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/03/04 19:25:18 | 001,680,992 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2013/03/02 05:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 05:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 05:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/03/01 04:26:40 | 001,045,248 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2013/02/28 20:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/02/14 06:41:14 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/02/07 17:45:32 | 000,017,504 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmdAS4.sys -- (AmdAS4)
DRV:64bit: - [2013/01/15 04:37:12 | 000,327,240 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/30 01:31:02 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/11/30 01:31:00 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/19 04:34:56 | 000,118,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/13 14:36:36 | 006,835,784 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BCMWL63a.SYS -- (BCM43XX)
DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/28 07:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:01 | 000,146,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/06/23 18:24:52 | 015,283,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/06/13 19:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2012/06/02 09:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/06/02 09:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5385CBC3-42D4-43F3-9A93-0AF3AC11F149}
IE:64bit: - HKLM\..\SearchScopes\{5385CBC3-42D4-43F3-9A93-0AF3AC11F149}: "URL" = http://www.bing.com/...E10TR&pc=MALNJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {8E87212A-441D-4705-9FE9-BDB746322B9B}
IE - HKLM\..\SearchScopes\{5385CBC3-42D4-43F3-9A93-0AF3AC11F149}: "URL" = http://www.bing.com/...E10TR&pc=MALNJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {8E87212A-441D-4705-9FE9-BDB746322B9B}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...119351&tsp=4975
IE - HKCU\..\SearchScopes\{8E87212A-441D-4705-9FE9-BDB746322B9B}: "URL" = http://search.condui...0551674920&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Vafmusic7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\MotherFudrucker\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUpx64: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/thinkorswim: C:\Program Files (x86)\thinkTDA\npthinkorswim.dll (TD Ameritrade)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/tossc: C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\OpinionSquare\firefox [2013/11/10 20:57:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\BetterSurf\ff [2013/11/14 21:49:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/08 10:16:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/08 10:16:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2013/07/28 09:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MotherFudrucker\AppData\Roaming\Mozilla\Extensions
[2013/11/13 13:25:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MotherFudrucker\AppData\Roaming\Mozilla\Firefox\Profiles\3qar24mm.default-1375034615876\extensions
[2013/11/09 20:15:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MotherFudrucker\AppData\Roaming\Mozilla\Firefox\Profiles\y0vwe7me.default-1383676348612\extensions
[2013/11/13 13:25:30 | 000,833,307 | ---- | M] () (No name found) -- C:\Users\MotherFudrucker\AppData\Roaming\Mozilla\Firefox\Profiles\3qar24mm.default-1375034615876\extensions\[email protected]
[2013/11/09 15:20:11 | 000,833,307 | ---- | M] () (No name found) -- C:\Users\MotherFudrucker\AppData\Roaming\Mozilla\Firefox\Profiles\y0vwe7me.default-1383676348612\extensions\[email protected]
[2013/11/11 07:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/11/11 07:47:53 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
[2013/11/11 07:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/11 07:48:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/14 21:49:42 | 000,000,000 | ---D | M] (BetterSurf) -- C:\PROGRAM FILES (X86)\BETTERSURF\FF

========== Chrome ==========

CHR - default_search_provider: Search ()
CHR - default_search_provider: search_url = http://search.ividi....a1719b&affilt=3
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.ividi....a1719b&affilt=3
CHR - Extension: BetterSurf = C:\Users\MotherFudrucker\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0\
CHR - Extension: OpinionSquare = C:\Users\MotherFudrucker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.336.2_1\
CHR - Extension: Google Wallet = C:\Users\MotherFudrucker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: ScorpionSaver = C:\Users\MotherFudrucker\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\

O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (BetterSurf) - {6E3C6B04-08FE-43BC-8E50-F90285024DEA} - C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo App Shop] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AmazonMP3DownloaderHelper] C:\Users\MotherFudrucker\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKCU..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_5BF5D935F3209A6C08F4FAAD00927636] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Users\MotherFudrucker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinkCal.lnk = C:\Program Files (x86)\Pink Calendar\PinkCal.exe (www.orangesoftware.net (email: [email protected]))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E694C85E-FF44-45D1-A9F3-6D4CD5FDCF63}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/14 22:03:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/14 21:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BetterSurf
[2013/11/13 16:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/11/13 16:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/11/11 07:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/11 07:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ErrorEND64
[2013/11/10 18:24:25 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Local\AppEx Networks
[2013/11/10 18:18:19 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Local\MigWiz
[2013/11/10 17:26:55 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Roaming\Amazon
[2013/11/10 07:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/11/10 06:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/11/10 06:59:12 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Local\Apple
[2013/11/10 06:58:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/11/10 06:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/11/10 06:49:06 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Local\SearchProtect
[2013/11/10 06:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/11/09 18:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iVIDI.org plugin
[2013/11/09 18:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unitech LLC
[2013/11/09 18:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScorpionSaver
[2013/11/09 18:29:37 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/09 18:29:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fast Free Converter
[2013/11/09 15:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MixiDJ_V44
[2013/11/09 15:04:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab
[2013/11/09 15:04:11 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Roaming\defaulttab
[2013/11/09 15:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/11/09 15:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InternetHelper3.5
[2013/11/09 15:03:05 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Local\NativeMessaging
[2013/11/09 15:02:59 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Local\CRE
[2013/11/09 15:02:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/11/08 13:24:31 | 000,000,000 | ---D | C] -- C:\ldiag
[2013/11/07 10:20:59 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\Documents\Law
[2013/11/07 10:16:30 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\Documents\User Manuals
[2013/11/07 10:15:44 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\Documents\Sociology
[2013/11/07 10:13:57 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\Documents\Psychology
[2013/11/07 10:12:30 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\Documents\Naturopathic Medicine
[2013/11/07 09:24:17 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\Desktop\Documents to Print
[2013/11/07 09:16:29 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\Desktop\Files for Microsoft Movie Maker Install Problem
[2013/11/07 09:13:36 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Roaming\Grig Software
[2013/11/05 13:16:41 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2013/11/05 13:06:51 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\Documents\Notes
[2013/11/05 11:09:05 | 000,000,000 | R--D | C] -- C:\Users\MotherFudrucker\SkyDrive
[2013/11/05 11:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/11/05 11:07:38 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Local\Windows Live
[2013/11/05 11:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/11/01 10:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SpyAlert

========== Files - Modified Within 30 Days ==========

[2013/11/14 22:37:00 | 000,000,948 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/14 22:36:01 | 000,000,396 | ---- | M] () -- C:\windows\tasks\AmiUpdXp.job
[2013/11/14 22:19:20 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/11/14 22:19:20 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/11/14 22:19:20 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/11/14 22:16:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/11/14 22:15:10 | 000,000,944 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/14 22:14:53 | 000,000,422 | ---- | M] () -- C:\windows\tasks\FreeFileViewerUpdateChecker.job
[2013/11/14 22:14:18 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/11/14 22:14:15 | 2960,551,936 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/14 15:27:18 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\spu_storage.bin
[2013/11/14 12:09:13 | 003,024,881 | ---- | M] () -- C:\Users\MotherFudrucker\Desktop\Verizon_Jetpack_TM_890L_User_Guide_English_-_PDF_-_3.31MB_.pdf
[2013/11/13 22:07:31 | 000,059,564 | ---- | M] () -- C:\Users\MotherFudrucker\Desktop\My info on archives dot com.pdf
[2013/11/11 08:39:03 | 000,000,535 | ---- | M] () -- C:\Users\MotherFudrucker\Desktop\Desktop.zip
[2013/11/10 20:09:07 | 000,307,584 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/11/10 17:29:23 | 000,000,000 | -H-- | M] () -- C:\Users\MotherFudrucker\Documents\Default.rdp
[2013/11/10 07:01:39 | 000,000,000 | ---- | M] () -- C:\END
[2013/11/07 08:04:21 | 001,208,242 | ---- | M] () -- C:\Users\MotherFudrucker\Documents\2011 Tor Project IRS Filings.pdf
[2013/11/03 20:05:18 | 000,083,136 | ---- | M] () -- C:\Users\MotherFudrucker\Documents\weapons of math instruction.pdf

========== Files Created - No Company Name ==========

[2013/11/14 12:09:12 | 003,024,881 | ---- | C] () -- C:\Users\MotherFudrucker\Desktop\Verizon_Jetpack_TM_890L_User_Guide_English_-_PDF_-_3.31MB_.pdf
[2013/11/13 22:07:31 | 000,059,564 | ---- | C] () -- C:\Users\MotherFudrucker\Desktop\My info on archives dot com.pdf
[2013/11/11 08:39:01 | 000,000,535 | ---- | C] () -- C:\Users\MotherFudrucker\Desktop\Desktop.zip
[2013/11/10 20:08:54 | 000,307,584 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/11/10 17:29:23 | 000,000,000 | -H-- | C] () -- C:\Users\MotherFudrucker\Documents\Default.rdp
[2013/11/07 08:04:21 | 001,208,242 | ---- | C] () -- C:\Users\MotherFudrucker\Documents\2011 Tor Project IRS Filings.pdf
[2013/11/03 20:05:18 | 000,083,136 | ---- | C] () -- C:\Users\MotherFudrucker\Documents\weapons of math instruction.pdf
[2013/09/11 14:17:29 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/09/06 13:47:42 | 000,000,258 | RHS- | C] () -- C:\Users\MotherFudrucker\ntuser.pol
[2013/07/28 12:49:59 | 000,131,584 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall.exe
[2013/07/28 12:49:59 | 000,001,041 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-Pink Calendar & Day Planner.dat
[2013/05/31 13:57:04 | 000,001,677 | ---- | C] () -- C:\windows\vm331Rmv.ini
[2013/05/31 13:57:04 | 000,001,677 | ---- | C] () -- C:\windows\SysWow64\vm331Rmv.ini
[2013/05/31 13:55:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/05/31 13:51:49 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2013/04/28 19:29:42 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2013/04/28 19:29:42 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2013/04/28 19:29:41 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2013/04/28 19:29:38 | 000,798,734 | ---- | C] () -- C:\windows\SysWow64\amdocl_ld32.exe
[2013/04/28 19:29:37 | 000,995,342 | ---- | C] () -- C:\windows\SysWow64\amdocl_as32.exe
[2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
[2012/11/27 03:18:46 | 000,038,912 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/07/25 15:22:56 | 000,267,284 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012/07/25 15:22:54 | 000,963,376 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013/08/08 16:03:06 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 01:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 00:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/08/14 19:14:44 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\1O1L1I1PtF1F1C1N
[2013/11/10 17:26:55 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\Amazon
[2013/11/10 21:03:29 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\BabSolution
[2013/11/09 15:04:11 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\defaulttab
[2013/10/28 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\DigitalSite
[2013/11/10 21:03:29 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\FreeFileViewer
[2013/11/10 20:49:39 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\Grig Software
[2013/07/27 20:58:32 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\Lenovo
[2013/07/27 20:31:49 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\LSC
[2013/07/26 21:54:21 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\Nitro
[2013/11/14 22:45:52 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\Nitro PDF
[2013/07/28 18:43:41 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\OpenOffice
[2013/07/28 09:55:06 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\Thunderbird
[2013/07/27 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\WebApp
[2013/07/27 18:45:52 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\WinPatrol

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:9638A27E

< End of report >

#2
Essexboy

Posted 15 November 2013 - 08:19 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there .. On completion of these runs could you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {8E87212A-441D-4705-9FE9-BDB746322B9B}
IE - HKCU\..\SearchScopes,DefaultScope = {8E87212A-441D-4705-9FE9-BDB746322B9B}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...119351&tsp=4975
IE - HKCU\..\SearchScopes\{8E87212A-441D-4705-9FE9-BDB746322B9B}: "URL" = http://search.condui...0551674920&UM=2
FF - prefs.js..browser.search.defaultthis.engineName: "Vafmusic7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3303000&CUI=UN42142339893157787&UM=2&SearchSource=3&q={searchTerms}"
[2013/11/13 13:25:30 | 000,833,307 | ---- | M] () (No name found) -- C:\Users\MotherFudrucker\AppData\Roaming\Mozilla\Firefox\Profiles\3qar24mm.default-1375034615876\extensions\[email protected]
[2013/11/09 15:20:11 | 000,833,307 | ---- | M] () (No name found) -- C:\Users\MotherFudrucker\AppData\Roaming\Mozilla\Firefox\Profiles\y0vwe7me.default-1383676348612\extensions\[email protected]
[2013/11/11 07:47:53 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
O2 - BHO: (BetterSurf) - {6E3C6B04-08FE-43BC-8E50-F90285024DEA} - C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2013/11/14 21:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BetterSurf
[2013/11/11 07:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ErrorEND64
[2013/11/10 06:49:06 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Local\SearchProtect
[2013/11/10 06:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/11/09 18:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iVIDI.org plugin
[2013/11/09 18:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unitech LLC
[2013/11/09 18:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScorpionSaver
[2013/11/09 15:04:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab
[2013/11/09 15:04:11 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Roaming\defaulttab
[2013/11/09 15:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/11/09 15:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InternetHelper3.5
[2013/11/09 15:03:05 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Local\NativeMessaging
[2013/11/09 15:02:59 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Local\CRE
[2013/11/09 15:02:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/11/14 22:36:01 | 000,000,396 | ---- | M] () -- C:\windows\tasks\AmiUpdXp.job
[2013/11/14 22:14:53 | 000,000,422 | ---- | M] () -- C:\windows\tasks\FreeFileViewerUpdateChecker.job
[2013/11/10 21:03:29 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\BabSolution
[2013/11/09 15:04:11 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\defaulttab
[2013/10/28 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\DigitalSite
[2013/11/10 21:03:29 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\FreeFileViewer
[2013/11/10 20:49:39 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\Grig Software
[2013/08/14 19:14:44 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\1O1L1I1PtF1F1C1N

:Files
C:\Users\MotherFudrucker\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap
C:\Users\MotherFudrucker\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg
C:\Program Files (x86)\BetterSurf

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.

Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
please be patient as this can take a while to complete depending on your system's specifications
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
post the contents of JRT.txt into your next message.

#3
SallyMae

Posted 15 November 2013 - 12:54 PM

Member

Topic Starter
Member
88 posts

The adware and pop-ups are gone. I still have something interfering with my Administrative priviledges and this seems to be a rather long-term problem I've been dealing with that has gotten worse and worse. I finally decided to come to you guys because, after downloading and attempting to install Microsoft Live so I could get Movie Maker, I kept getting error message that said it looked like another program was interferring with installation. Microsoft suggested I create another administrator account and when I tried to do that using a hotmail email address it would not let me so I created a new administrator account locally. When I logged in under that account, my desktop ap was gone. I can't remember why I needed to get to my desktop to install the program, maybe it was just that there is a lot I don't understand about the ap window on windows 8 so I bypass it. I still cannot uninstall/install programs that I need to even after making sure I've taken full ownership of folders involved. I've even given full ownership to Users and Everybody to no avail. I notice that some of the check marks under privileges are grey instead of solid black. Don't know what that is all about but I can find no way to change it. Since the installation file for Microsoft Live Movie Maker had disappeared from my desktop, I went to download it again, after following all above instructions for clean up, and was informed the file could not download because I did not have permission to modify the desktop, where I usually place all initial downloads until I'm finished with them, whereupon I file them elsewhere. I went to the desktop folder under my user and checked the permissions, it said I had full control. Nevertheless, I ran a program called "Take Ownership" on the file and was then able to download the program but, as previously stated, still cannot install it. I'm a little concerned I have a hacker or at the very least a piggy-backer, as my bandwidths which should be 5-12 Mbps tend to fall to .8-2 Mbps during the day but they climb closer to 5 at night. I did set my Jetpack AP isolation yesterday to prevent wireless communication between devices through the Jetpack. Anyway,the problem with the Administrative priviledges being interferred with when I am the Administrator and clearly have full ownership of folders is beyond me. Thanks again for your help. New logs posted below.

New OTL Quickscan Log:

OTL logfile created on: 11/15/2013 11:52:05 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MotherFudrucker\Desktop\Cleanup and Computer Tools
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.45 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 69.16% Memory free
4.63 Gb Paging File | 3.13 Gb Available in Paging File | 67.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 426.54 Gb Total Space | 377.13 Gb Free Space | 88.42% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 23.72 Gb Free Space | 94.89% Space Free | Partition Type: NTFS

Computer Name: PEACHESANDCREAM | User Name: MotherFudrucker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/14 06:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/11/11 07:48:23 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/08/16 17:03:00 | 003,502,360 | ---- | M] (TMRG, Inc.) -- C:\Program Files (x86)\OpinionSquare\opnsqr.exe
PRC - [2013/08/16 17:03:00 | 000,186,136 | ---- | M] (TMRG, Inc.) -- C:\Program Files (x86)\OpinionSquare\opservice.exe
PRC - [2013/08/12 20:34:11 | 000,439,360 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/07/28 12:49:58 | 000,503,808 | ---- | M] (www.orangesoftware.net (email: [email protected])) -- C:\Program Files (x86)\Pink Calendar\PinkCal.exe
PRC - [2013/07/27 18:03:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MotherFudrucker\Desktop\Cleanup and Computer Tools\OTL.exe
PRC - [2013/06/29 12:49:28 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exe
PRC - [2013/06/19 13:10:47 | 000,156,000 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/08 17:18:34 | 000,095,192 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
PRC - [2013/03/04 19:25:17 | 000,447,104 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2013/02/02 03:40:58 | 000,375,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2012/12/14 00:18:54 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011/11/22 18:53:28 | 001,327,440 | ---- | M] (Comfort Software Group) -- C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe

========== Modules (No Company Name) ==========

MOD - [2013/11/14 06:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 06:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 06:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 06:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 06:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/11/11 07:48:03 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/07/15 12:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2013/06/19 13:10:48 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
MOD - [2013/06/19 13:10:48 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
MOD - [2013/06/19 13:10:47 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
MOD - [2013/06/19 13:10:47 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
MOD - [2013/06/19 13:10:47 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
MOD - [2013/06/19 13:10:47 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
MOD - [2013/06/19 13:10:47 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
MOD - [2013/06/19 13:10:46 | 000,064,512 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ServiceManagerStarter.dll
MOD - [2013/06/19 13:10:45 | 000,446,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\DeviceProfile.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/08/16 00:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/01 19:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/29 12:49:28 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV:64bit: - [2013/06/24 17:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 04:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/23 15:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/04 01:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 01:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/18 14:19:54 | 000,103,424 | ---- | M] () [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe -- (AdaptiveSleepService)
SRV:64bit: - [2013/04/18 14:18:52 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/04/18 10:29:00 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/04/08 23:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/04 19:25:20 | 000,202,400 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2013/03/01 21:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 21:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 18:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/12/14 00:18:48 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013/11/11 07:48:22 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/16 17:03:00 | 000,186,136 | ---- | M] (TMRG, Inc.) [Auto | Running] -- C:\Program Files (x86)\OpinionSquare\opservice.exe -- (OpinionSquare)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/04 19:25:17 | 000,447,104 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2013/02/28 20:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012/12/14 00:18:54 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/16 00:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/07/09 03:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 20:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/07/01 20:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 20:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/01 19:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 17:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/06/29 01:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/10 16:17:46 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/05/31 22:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/31 14:19:53 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2013/05/31 14:19:53 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2013/05/04 02:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/18 11:23:38 | 011,644,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/18 10:02:52 | 000,581,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/04/18 09:04:28 | 000,219,360 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\appexDrv.sys -- (APXACC)
DRV:64bit: - [2013/04/04 09:56:56 | 000,495,344 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/03/04 19:25:18 | 001,680,992 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2013/03/02 05:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 05:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 05:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/03/01 04:26:40 | 001,045,248 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2013/02/28 20:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/02/14 06:41:14 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/02/07 17:45:32 | 000,017,504 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmdAS4.sys -- (AmdAS4)
DRV:64bit: - [2013/01/15 04:37:12 | 000,327,240 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/30 01:31:02 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/11/30 01:31:00 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/19 04:34:56 | 000,118,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/13 14:36:36 | 006,835,784 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BCMWL63a.SYS -- (BCM43XX)
DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/28 07:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:01 | 000,146,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/06/23 18:24:52 | 015,283,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/06/13 19:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2012/06/02 09:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/06/02 09:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5385CBC3-42D4-43F3-9A93-0AF3AC11F149}
IE:64bit: - HKLM\..\SearchScopes\{5385CBC3-42D4-43F3-9A93-0AF3AC11F149}: "URL" = http://www.bing.com/...E10TR&pc=MALNJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{5385CBC3-42D4-43F3-9A93-0AF3AC11F149}: "URL" = http://www.bing.com/...E10TR&pc=MALNJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Vafmusic7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\MotherFudrucker\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUpx64: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/thinkorswim: C:\Program Files (x86)\thinkTDA\npthinkorswim.dll (TD Ameritrade)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/tossc: C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\OpinionSquare\firefox [2013/11/10 20:57:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\BetterSurf\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/08 10:16:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/08 10:16:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2013/07/28 09:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MotherFudrucker\AppData\Roaming\Mozilla\Extensions
[2013/11/15 10:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MotherFudrucker\AppData\Roaming\Mozilla\Firefox\Profiles\3qar24mm.default-1375034615876\extensions
[2013/11/15 10:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MotherFudrucker\AppData\Roaming\Mozilla\Firefox\Profiles\y0vwe7me.default-1383676348612\extensions
[2013/11/15 11:00:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/11/11 07:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/11 07:48:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Search ()
CHR - default_search_provider: search_url = http://search.ividi....a1719b&affilt=3
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.ividi....a1719b&affilt=3
CHR - Extension: OpinionSquare = C:\Users\MotherFudrucker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.336.2_1\
CHR - Extension: Google Wallet = C:\Users\MotherFudrucker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2013/11/15 11:00:10 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo App Shop] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AmazonMP3DownloaderHelper] C:\Users\MotherFudrucker\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKCU..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_5BF5D935F3209A6C08F4FAAD00927636] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Users\MotherFudrucker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinkCal.lnk = C:\Program Files (x86)\Pink Calendar\PinkCal.exe (www.orangesoftware.net (email: [email protected]))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E694C85E-FF44-45D1-A9F3-6D4CD5FDCF63}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/15 10:59:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/14 22:03:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/13 16:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/11/13 16:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/11/11 07:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/10 18:24:25 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Local\AppEx Networks
[2013/11/10 18:18:19 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Local\MigWiz
[2013/11/10 17:26:55 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Roaming\Amazon
[2013/11/10 07:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/11/10 06:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/11/10 06:59:12 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Local\Apple
[2013/11/10 06:58:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/11/10 06:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/11/09 18:29:37 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/09 18:29:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fast Free Converter
[2013/11/09 15:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MixiDJ_V44
[2013/11/08 13:24:31 | 000,000,000 | ---D | C] -- C:\ldiag
[2013/11/07 10:20:59 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\Documents\Law
[2013/11/07 10:16:30 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\Documents\User Manuals
[2013/11/07 10:15:44 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\Documents\Sociology
[2013/11/07 10:13:57 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\Documents\Psychology
[2013/11/07 10:12:30 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\Documents\Naturopathic Medicine
[2013/11/07 09:24:17 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\Desktop\Documents to Print
[2013/11/07 09:16:29 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\Desktop\Files for Microsoft Movie Maker Install Problem
[2013/11/05 13:16:41 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2013/11/05 13:06:51 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\Documents\Notes
[2013/11/05 11:09:05 | 000,000,000 | R--D | C] -- C:\Users\MotherFudrucker\SkyDrive
[2013/11/05 11:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/11/05 11:07:38 | 000,000,000 | ---D | C] -- C:\Users\MotherFudrucker\AppData\Local\Windows Live
[2013/11/05 11:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/11/01 10:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SpyAlert

========== Files - Modified Within 30 Days ==========

[2013/11/15 11:49:40 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/11/15 11:49:40 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/11/15 11:49:40 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/11/15 11:49:23 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/11/15 11:20:40 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\spu_storage.bin
[2013/11/15 11:16:22 | 000,000,944 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/15 11:15:46 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/11/15 11:15:43 | 2960,551,936 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/15 11:00:10 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2013/11/15 10:37:48 | 000,000,948 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/14 12:09:13 | 003,024,881 | ---- | M] () -- C:\Users\MotherFudrucker\Desktop\Verizon_Jetpack_TM_890L_User_Guide_English_-_PDF_-_3.31MB_.pdf
[2013/11/13 22:07:31 | 000,059,564 | ---- | M] () -- C:\Users\MotherFudrucker\Desktop\My info on archives dot com.pdf
[2013/11/11 08:39:03 | 000,000,535 | ---- | M] () -- C:\Users\MotherFudrucker\Desktop\Desktop.zip
[2013/11/10 20:09:07 | 000,307,584 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/11/10 17:29:23 | 000,000,000 | -H-- | M] () -- C:\Users\MotherFudrucker\Documents\Default.rdp
[2013/11/10 07:01:39 | 000,000,000 | ---- | M] () -- C:\END
[2013/11/07 08:04:21 | 001,208,242 | ---- | M] () -- C:\Users\MotherFudrucker\Documents\2011 Tor Project IRS Filings.pdf
[2013/11/03 20:05:18 | 000,083,136 | ---- | M] () -- C:\Users\MotherFudrucker\Documents\weapons of math instruction.pdf

========== Files Created - No Company Name ==========

[2013/11/14 12:09:12 | 003,024,881 | ---- | C] () -- C:\Users\MotherFudrucker\Desktop\Verizon_Jetpack_TM_890L_User_Guide_English_-_PDF_-_3.31MB_.pdf
[2013/11/13 22:07:31 | 000,059,564 | ---- | C] () -- C:\Users\MotherFudrucker\Desktop\My info on archives dot com.pdf
[2013/11/11 08:39:01 | 000,000,535 | ---- | C] () -- C:\Users\MotherFudrucker\Desktop\Desktop.zip
[2013/11/10 20:08:54 | 000,307,584 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/11/10 17:29:23 | 000,000,000 | -H-- | C] () -- C:\Users\MotherFudrucker\Documents\Default.rdp
[2013/11/07 08:04:21 | 001,208,242 | ---- | C] () -- C:\Users\MotherFudrucker\Documents\2011 Tor Project IRS Filings.pdf
[2013/11/03 20:05:18 | 000,083,136 | ---- | C] () -- C:\Users\MotherFudrucker\Documents\weapons of math instruction.pdf
[2013/09/11 14:17:29 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/09/06 13:47:42 | 000,000,258 | RHS- | C] () -- C:\Users\MotherFudrucker\ntuser.pol
[2013/07/28 12:49:59 | 000,131,584 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall.exe
[2013/07/28 12:49:59 | 000,001,041 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-Pink Calendar & Day Planner.dat
[2013/05/31 13:57:04 | 000,001,677 | ---- | C] () -- C:\windows\vm331Rmv.ini
[2013/05/31 13:57:04 | 000,001,677 | ---- | C] () -- C:\windows\SysWow64\vm331Rmv.ini
[2013/05/31 13:55:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/05/31 13:51:49 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2013/04/28 19:29:42 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2013/04/28 19:29:42 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2013/04/28 19:29:41 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2013/04/28 19:29:38 | 000,798,734 | ---- | C] () -- C:\windows\SysWow64\amdocl_ld32.exe
[2013/04/28 19:29:37 | 000,995,342 | ---- | C] () -- C:\windows\SysWow64\amdocl_as32.exe
[2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
[2012/11/27 03:18:46 | 000,038,912 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/07/25 15:22:56 | 000,267,284 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012/07/25 15:22:54 | 000,963,376 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013/08/08 16:03:06 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 01:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 00:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/10 17:26:55 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\Amazon
[2013/07/27 20:58:32 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\Lenovo
[2013/07/27 20:31:49 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\LSC
[2013/07/26 21:54:21 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\Nitro
[2013/11/14 22:45:52 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\Nitro PDF
[2013/07/28 18:43:41 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\OpenOffice
[2013/07/28 09:55:06 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\Thunderbird
[2013/07/27 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\WebApp
[2013/07/27 18:45:52 | 000,000,000 | ---D | M] -- C:\Users\MotherFudrucker\AppData\Roaming\WinPatrol

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:9638A27E

< End of report >

JRT Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by MotherFudrucker on Fri 11/15/2013 at 12:06:07.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowser
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowser.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowseractivex
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowseractivex.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\defaulttabbho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyrics_monkey
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2444015620-226442998-1639151450-1002\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289847
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3304781

~~~ Files

Successfully deleted: [File] C:\windows\Tasks\digitalsite.job
Successfully deleted: [File] "C:\end"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\browserdefender"
Successfully deleted: [Folder] "C:\Users\MotherFudrucker\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\MotherFudrucker\appdata\local\defineext"
Successfully deleted: [Folder] "C:\Users\MotherFudrucker\appdata\local\filetypeassistant"
Successfully deleted: [Folder] "C:\Users\MotherFudrucker\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\MotherFudrucker\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\fast free converter"

~~~ FireFox

Successfully deleted: [File] C:\Users\MotherFudrucker\AppData\Roaming\mozilla\firefox\profiles\3qar24mm.default-1375034615876\user.js
Successfully deleted: [File] C:\Users\MotherFudrucker\AppData\Roaming\mozilla\firefox\profiles\3qar24mm.default-1375034615876\invalidprefs.js
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{c7ae725d-fa5c-4027-bb4c-787ef9f8248a}
Successfully deleted the following from C:\Users\MotherFudrucker\AppData\Roaming\mozilla\firefox\profiles\3qar24mm.default-1375034615876\prefs.js

user_pref("Smartbar.ConduitHomepagesList", "");
user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3303000");
user_pref("browser.search.defaultthis.engineName", "Vafmusic7 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3303000&CUI=UN42142339893157787&UM=2&SearchSource=3&q={searchTerms}");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "46e7b0b0000000000000208984a1719b");
user_pref("extensions.delta.instlDay", "15932");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.22.0");
user_pref("extensions.delta.vrsnTs", "1.8.22.017:14:08");
user_pref("extensions.delta.vrsni", "1.8.22.0");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=119351&tsp=4975");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("smartbar.machineId", "7RXR9DTTSNAGP2PFIMSF8RGP2WNYR+O8IAAQ6K8WVGIZ7HS6UKEVQOPCOO7IGUIZ8BDVWJFA65N8RBDWSIEFMW");
Emptied folder: C:\Users\MotherFudrucker\AppData\Roaming\mozilla\firefox\profiles\3qar24mm.default-1375034615876\minidumps [1 files]

~~~ Chrome

Successfully deleted: [Folder] C:\Users\MotherFudrucker\appdata\local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/15/2013 at 12:16:10.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#4
Essexboy

Posted 15 November 2013 - 01:24 PM

GeekU Moderator

Retired Staff
69,964 posts

Based on what you have said then windows may actually be corrupted in some way. Now windows 8 has a nifty new function called Refresh, what this does is reinstall windows files and registry to a proper state whilst keeping all your settings, documents and folders. You will lose some programmes but windows will let you know what those are and give you download links for them

I have done this myself a while back to test it out and it took about 30 minutes to complete

There is a little guide here http://www.pcadvisor...eset-windows-8/ have a look and let me know what you think

#5
SallyMae

Posted 15 November 2013 - 05:35 PM

Member

Topic Starter
Member
88 posts

I had actually read about this on the Microsoft website. I wondered if that might be my problem too. My only concern was that the Microsoft website said something about this process may ask for a disk that would have come with the computer. I wasn't sure I should try it since I have no disk. None came with the computer. I didn't want to get myself in a mess I couldn't back out of trying to run it and seeing if it asked for the disk. Do you know if I will need a disk for this process? Thanks.

Edited by SallyMae, 15 November 2013 - 05:37 PM.

#6
Essexboy

Posted 16 November 2013 - 05:23 AM

GeekU Moderator

Retired Staff
69,964 posts

When I did my refresh it did not ask for a disc. However, it would be worth starting it and if it asks for a disc then cancel and we will have a rethink

#7
SallyMae

Posted 19 November 2013 - 05:46 PM

Member

Topic Starter
Member
88 posts

Hello. I have been in the middle of a move. Some friends finally had time to move me so I had to take advantage of the time I had with them. Sorry I have not replied back by now. I will attempt your suggestion tonight and get back with you ASAP. Thanks again.

#8
SallyMae

Posted 19 November 2013 - 08:39 PM

Member

Topic Starter
Member
88 posts

OK. I attempted to follow the instructions at the link you provided. When I clicked the change pc settings link, nothing happened. I noticed there is also a link for this action in the action center. When I click it nothing happens. I got curious and searched my computer for "pc settings" and a few hits for a short cutcame up. When I visit the folders where the shortcut is at and click the shortcut, nothing happens. The shortcut is a blank page picture on the icon. Does this mean I do not have a recovery partition? When I went to the action center, I had some notices. One said that I needed to run a Windows Defender and when I tried I got an error saying Windows Defender could not scan the computer because it could not access some history items. It said to wait a few minutes and try again which I did but I got the same error. So, I can no longer run Windows Defender scans.

#9
Essexboy

Posted 20 November 2013 - 07:38 AM

GeekU Moderator

Retired Staff
69,964 posts

Time is not a problem

Could you let me know the make and model of your computer and I will see what reset options are available to you.

#10
SallyMae

Posted 20 November 2013 - 03:37 PM

Member

Topic Starter
Member
88 posts

I have a Lenovo G505. It is almost brand new. I bought it from Best Buy this last August. I've tried doing the restore points. I went back to the oldest one in the computer but it didn't solve my problem. I thought about calling them and seeing if it is possible to get some OEM disks. I don't know if they're doing that with Windows 8. But, I was wondering if that might be my only option right about now.

Edited by SallyMae, 20 November 2013 - 03:41 PM.

#11
Essexboy

Posted 20 November 2013 - 04:12 PM

GeekU Moderator

Retired Staff
69,964 posts

OK there is a recovery partition on this computer ..

This will reset the computer to as it was the day you first used it.

So first copy any files/data/pictures that you want saved to a USB or CD
Then copy any licence data to the same USB

This is taken from the Lenovo manual .. Have a read and let me know of any questions before you start

Restoring
You can choose to restore the system partition to its original status or to a
previously created back-up point. To restore the system partition:
1 Press the Novo button to start the Lenovo OneKey Recovery system.
2 Click System Recovery . The computer will restart to the recovery environment.
3 Follow the on-screen instructions to restore the system partition to its
original status or to a previously created back-up point.

If Windows cannot be started, then follow the steps below to start the Lenovo
OneKey Recovery system:
1 Shut down the computer.
2 Press the Novo button. From Novo Button Menu, select System recovery
and press Enter.
Note: To utilize the features of the OneKey Recovery system, your hard disk already
includes a hidden partition by default to store the system image file and the OneKey
Recovery system program files. This default partition is hidden for security reasons,
which explains why the available disk space is less than the stated capacity.
Notes:
• You can choose a back-up location on the local hard disk drive or an external storage device.
• The back-up process may take a while.
• The back-up process is only available when Windows can be started normally.
Notes:
• The recovery process is irreversible. Make sure to back up any data you wish to save on
the system partition before starting the recovery process.
• The recovery process may take a while. So be sure to connect the AC adapter to your
computer during the recovery process.
• The above instructions should be followed when Windows can be started normally.

#12
SallyMae

Posted 23 November 2013 - 05:45 PM

Member

Topic Starter
Member
88 posts

It would appear that following the above instructions has taken care of the last of the problems I was initially complaining about. Unfortunately, during the re-install of some of my programs I am afraid I may have missed some cues in the installers and slipped up and let some crapware get by me. Sorry to be a pain but is it at all possible that we could check and make sure no crapware slipped by me? I'm getting an ad banner on my IE that suggests this is the case. Sorry for the flub. Thank you so much for getting the problems fixed. My computer is so much more back to normal now!

Edited by SallyMae, 23 November 2013 - 05:45 PM.

#13
Essexboy

Posted 24 November 2013 - 04:45 AM

GeekU Moderator

Retired Staff
69,964 posts

No problem, lets remove the rubbish

Please download Junkware Removal Tool to your desktop.

Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
please be patient as this can take a while to complete depending on your system's specifications
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
post the contents of JRT.txt into your next message.

THEN

Download OTL to your Desktop
Secondary link

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Select LOP and Purity
Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Attach both logs

#14
SallyMae

Posted 26 November 2013 - 12:41 PM

Member

Topic Starter
Member
88 posts

JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by Angela on Tue 11/26/2013 at 13:08:38.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311121157}

~~~ Files

Successfully deleted: [File] "C:\end"

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Angela\appdata\local\filetypeassistant"

~~~ FireFox

Successfully deleted the following from C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\3qar24mm.default-1375034615876\prefs.js

user_pref("extensions.crossrider.bic", "14283a8e89171d7c189b07301a3387e9");

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/26/2013 at 13:19:47.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL Text Log

OTL logfile created on: 11/26/2013 1:26:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Angela\Desktop\Cleanup and Computer Tools
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.45 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 62.14% Memory free
6.70 Gb Paging File | 4.78 Gb Available in Paging File | 71.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 426.54 Gb Total Space | 379.37 Gb Free Space | 88.94% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 23.72 Gb Free Space | 94.89% Space Free | Partition Type: NTFS

Computer Name: PEACHESANDCREAM | User Name: Angela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/21 14:36:59 | 000,503,808 | ---- | M] (www.orangesoftware.net (email: [email protected])) -- C:\Program Files (x86)\Pink Calendar\PinkCal.exe
PRC - [2013/11/12 17:15:56 | 000,456,768 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/07/27 21:03:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Angela\Desktop\Cleanup and Computer Tools\OTL.exe
PRC - [2013/05/22 14:04:58 | 000,400,704 | ---- | M] () -- C:\Users\Angela\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
PRC - [2013/04/04 17:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 17:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 17:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/08 17:18:34 | 000,095,192 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
PRC - [2013/03/04 19:25:17 | 000,447,104 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2013/03/01 04:25:24 | 000,552,960 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331STI.EXE
PRC - [2012/12/14 00:18:54 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011/11/22 19:53:28 | 001,327,440 | ---- | M] (Comfort Software Group) -- C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe

========== Modules (No Company Name) ==========

MOD - [2013/07/15 12:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2013/05/22 14:04:58 | 000,400,704 | ---- | M] () -- C:\Users\Angela\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe

========== Services (SafeList) ==========

SRV:64bit: - [2013/08/16 00:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/01 19:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/05/23 15:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/04 01:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 01:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/18 14:19:54 | 000,103,424 | ---- | M] () [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe -- (AdaptiveSleepService)
SRV:64bit: - [2013/04/18 14:18:52 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/04/18 10:29:00 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/04/08 23:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/04 19:25:20 | 000,202,400 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2013/03/01 21:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 21:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 18:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/12/14 00:18:48 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013/11/21 17:41:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/21 14:44:52 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 17:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 17:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/04 19:25:17 | 000,447,104 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2013/02/28 20:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012/12/14 00:18:54 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/10 06:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/08/16 00:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/07/01 20:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/07/01 20:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 20:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/01 19:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 17:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/05/31 14:19:53 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2013/05/31 14:19:53 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2013/05/04 02:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/18 11:23:38 | 011,644,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/18 10:02:52 | 000,581,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/04/18 09:04:28 | 000,219,360 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\appexDrv.sys -- (APXACC)
DRV:64bit: - [2013/04/04 17:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/04/04 09:56:56 | 000,495,344 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/03/04 19:25:18 | 001,680,992 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2013/03/02 05:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 05:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 05:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/03/02 05:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/03/01 04:26:40 | 001,045,248 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2013/02/28 20:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/02/14 06:41:14 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/02/07 17:45:32 | 000,017,504 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmdAS4.sys -- (AmdAS4)
DRV:64bit: - [2013/02/02 02:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/01/15 04:37:12 | 000,327,240 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/30 01:31:02 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/11/30 01:31:00 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/19 04:34:56 | 000,118,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/13 14:36:36 | 006,835,784 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BCMWL63a.SYS -- (BCM43XX)
DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/20 02:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/28 07:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/06/23 18:24:52 | 015,283,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/06/13 19:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2012/06/02 09:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/06/02 09:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5385CBC3-42D4-43F3-9A93-0AF3AC11F149}
IE:64bit: - HKLM\..\SearchScopes\{5385CBC3-42D4-43F3-9A93-0AF3AC11F149}: "URL" = http://www.bing.com/...E10TR&pc=MALNJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {5385CBC3-42D4-43F3-9A93-0AF3AC11F149}
IE - HKLM\..\SearchScopes\{5385CBC3-42D4-43F3-9A93-0AF3AC11F149}: "URL" = http://www.bing.com/...E10TR&pc=MALNJS

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2444015620-226442998-1639151450-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
IE - HKU\S-1-5-21-2444015620-226442998-1639151450-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com [binary data]
IE - HKU\S-1-5-21-2444015620-226442998-1639151450-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com [binary data]
IE - HKU\S-1-5-21-2444015620-226442998-1639151450-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com
IE - HKU\S-1-5-21-2444015620-226442998-1639151450-1002\..\SearchScopes,DefaultScope = {5385CBC3-42D4-43F3-9A93-0AF3AC11F149}
IE - HKU\S-1-5-21-2444015620-226442998-1639151450-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2444015620-226442998-1639151450-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: feedly%40devhd:16.0.528
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Angela\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/thinkorswim: C:\Program Files (x86)\thinkTDA\npthinkorswim.dll (TD Ameritrade)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/tossc: C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/11/21 18:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.17.1\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2013/11/21 18:07:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.17.1\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/11/21 14:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\Extensions
[2013/11/25 12:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\Firefox\Profiles\3qar24mm.default-1375034615876\extensions
[2013/11/21 17:51:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\Firefox\Profiles\gtar0ss4.default\extensions
[2013/11/15 13:59:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\Firefox\Profiles\y0vwe7me.default-1383676348612\extensions
[2013/11/21 18:07:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\SeaMonkey\Profiles\0eahbu6m.default\extensions
[2013/11/16 20:31:28 | 000,027,050 | ---- | M] () (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\3qar24mm.default-1375034615876\extensions\[email protected]
[2013/11/21 14:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/21 14:44:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: No name found = C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE (Vimicro)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2444015620-226442998-1639151450-1002..\Run: [AmazonMP3DownloaderHelper] C:\Users\Angela\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKU\S-1-5-21-2444015620-226442998-1639151450-1002..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKU\S-1-5-21-2444015620-226442998-1639151450-1002..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - HKU\S-1-5-21-2444015620-226442998-1639151450-1002..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinkCal.lnk = C:\Program Files (x86)\Pink Calendar\PinkCal.exe (www.orangesoftware.net (email: [email protected]))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E694C85E-FF44-45D1-A9F3-6D4CD5FDCF63}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/26 13:08:32 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/11/26 02:48:51 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\NetSpeedMonitor
[2013/11/26 02:40:40 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Diagnostics
[2013/11/26 02:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor
[2013/11/25 15:54:48 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\OpenOffice
[2013/11/25 12:12:45 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\cache
[2013/11/25 12:12:44 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Mobogenie
[2013/11/25 12:12:44 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Mobogenie
[2013/11/25 12:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Allmyapps
[2013/11/25 12:12:11 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\CrashRpt
[2013/11/25 12:11:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2013/11/24 11:03:40 | 000,694,232 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/11/24 11:03:40 | 000,078,296 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/23 14:52:24 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\FreeFileViewer
[2013/11/23 11:29:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2013/11/23 01:29:31 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\FreeFileViewer
[2013/11/22 19:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble
[2013/11/22 19:40:06 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Barnes & Noble
[2013/11/22 19:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Barnes & Noble
[2013/11/21 21:43:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WorldWinner.com, Inc
[2013/11/21 21:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WorldWinner Games
[2013/11/21 21:43:48 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Worldwinner
[2013/11/21 20:57:53 | 000,000,000 | ---D | C] -- C:\Users\Angela\Tracing
[2013/11/21 20:38:51 | 000,000,000 | ---D | C] -- C:\windows\en
[2013/11/21 20:38:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013/11/21 20:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013/11/21 20:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/11/21 20:37:24 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2013/11/21 20:37:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013/11/21 20:36:19 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_7.dll
[2013/11/21 20:36:19 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_7.dll
[2013/11/21 20:36:19 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_5.dll
[2013/11/21 20:36:19 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_5.dll
[2013/11/21 20:36:16 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_43.dll
[2013/11/21 20:36:16 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_43.dll
[2013/11/21 20:36:14 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_43.dll
[2013/11/21 20:36:14 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_43.dll
[2013/11/21 20:36:04 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_42.dll
[2013/11/21 20:36:04 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_42.dll
[2013/11/21 20:35:55 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_32.dll
[2013/11/21 20:35:55 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_32.dll
[2013/11/21 20:35:41 | 000,000,000 | R--D | C] -- C:\Users\Angela\SkyDrive
[2013/11/21 20:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013/11/21 20:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/11/21 20:34:12 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Windows Live
[2013/11/21 20:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/11/21 20:14:16 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/11/21 20:14:12 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2013/11/21 20:14:12 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfasfsrcsnk.dll
[2013/11/21 20:14:11 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfasfsrcsnk.dll
[2013/11/21 20:14:10 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmpmde.dll
[2013/11/21 20:14:10 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Classpnp.sys
[2013/11/21 20:14:09 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winmde.dll
[2013/11/21 20:14:07 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2013/11/21 20:14:07 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Globalization.dll
[2013/11/21 20:14:06 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013/11/21 20:14:06 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcfgx.dll
[2013/11/21 20:14:06 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SystemEventsBrokerServer.dll
[2013/11/21 20:14:05 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2013/11/21 20:14:05 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TimeBrokerServer.dll
[2013/11/21 20:14:04 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winmde.dll
[2013/11/21 20:14:04 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Globalization.dll
[2013/11/21 20:14:04 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcfgx.dll
[2013/11/21 20:14:04 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSync.dll
[2013/11/21 20:14:04 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usbmon.dll
[2013/11/21 20:14:03 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvstore.dll
[2013/11/21 20:14:03 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013/11/21 20:14:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drvstore.dll
[2013/11/21 20:14:01 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSync.dll
[2013/11/21 20:14:01 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\discan.dll
[2013/11/21 20:14:00 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdbus.sys
[2013/11/21 20:14:00 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\tpm.sys
[2013/11/21 20:14:00 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpsd.sys
[2013/11/21 20:14:00 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\NdisImPlatform.dll
[2013/11/21 20:14:00 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storahci.sys
[2013/11/21 20:13:59 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\powercfg.cpl
[2013/11/21 20:13:59 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\powercfg.cpl
[2013/11/21 20:13:58 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSyncInfo.dll
[2013/11/21 20:13:58 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSyncInfo.dll
[2013/11/21 20:13:58 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSDPrintProxy.DLL
[2013/11/21 20:13:58 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevDispItemProvider.dll
[2013/11/21 20:13:57 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevDispItemProvider.dll
[2013/11/21 20:11:07 | 013,644,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Xaml.dll
[2013/11/21 20:11:01 | 010,788,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.dll
[2013/11/21 20:10:58 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentServer.dll
[2013/11/21 20:10:57 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\BCP47Langs.dll
[2013/11/21 20:10:57 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ubpm.dll
[2013/11/21 20:10:56 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netprofmsvc.dll
[2013/11/21 20:10:56 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ubpm.dll
[2013/11/21 20:10:55 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\BCP47Langs.dll
[2013/11/21 20:10:53 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\stobject.dll
[2013/11/21 20:10:53 | 000,014,848 | ---- | C] (Microsoft) -- C:\windows\SysWow64\rars.rs
[2013/11/21 20:10:53 | 000,014,848 | ---- | C] (Microsoft) -- C:\windows\SysNative\rars.rs
[2013/11/21 20:10:52 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Magnify.exe
[2013/11/21 20:10:52 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentExtensions.dll
[2013/11/21 20:10:52 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netplwiz.dll
[2013/11/21 20:10:51 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfmp4srcsnk.dll
[2013/11/21 20:10:51 | 000,284,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\spaceport.sys
[2013/11/21 20:10:51 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netplwiz.dll
[2013/11/21 20:10:51 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psmsrv.dll
[2013/11/21 20:10:50 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevicePairing.dll
[2013/11/21 20:10:50 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\intl.cpl
[2013/11/21 20:10:50 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013/11/21 20:10:49 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Magnify.exe
[2013/11/21 20:10:49 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevicePairing.dll
[2013/11/21 20:10:49 | 000,120,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AuthHost.exe
[2013/11/21 20:10:48 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\biwinrt.dll
[2013/11/21 20:10:48 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\biwinrt.dll
[2013/11/21 20:10:47 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmp4srcsnk.dll
[2013/11/21 20:10:47 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\intl.cpl
[2013/11/21 20:10:47 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\bisrv.dll
[2013/11/21 20:10:47 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhostex.exe
[2013/11/21 20:10:45 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\muifontsetup.dll
[2013/11/21 20:10:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\muifontsetup.dll
[2013/11/21 20:10:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nlmproxy.dll
[2013/11/21 20:10:44 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nlmsprep.dll
[2013/11/21 20:10:10 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\autochk.exe
[2013/11/21 20:10:10 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\autochk.exe
[2013/11/21 20:10:10 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\untfs.dll
[2013/11/21 20:10:10 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\untfs.dll
[2013/11/21 20:10:09 | 001,257,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013/11/21 20:09:58 | 000,247,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdFilter.sys
[2013/11/21 20:09:57 | 000,036,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdBoot.sys
[2013/11/21 20:09:42 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013/11/21 20:09:42 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013/11/21 20:09:42 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013/11/21 20:09:42 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2013/11/21 20:09:42 | 000,096,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\wfplwfs.sys
[2013/11/21 20:09:27 | 002,371,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSService.dll
[2013/11/21 20:09:27 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppobjs.dll
[2013/11/21 20:09:27 | 000,209,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\NotificationUI.exe
[2013/11/21 20:09:25 | 000,773,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2013/11/21 20:09:25 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSShared.dll
[2013/11/21 20:09:25 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSShared.dll
[2013/11/21 20:09:25 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppwinob.dll
[2013/11/21 20:09:25 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppc.dll
[2013/11/21 20:09:25 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinSetupUI.dll
[2013/11/21 20:09:25 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sppc.dll
[2013/11/21 20:09:24 | 001,621,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2013/11/21 20:09:24 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2013/11/21 20:09:24 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUSettingsProvider.dll
[2013/11/21 20:09:24 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSSync.dll
[2013/11/21 20:09:24 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
[2013/11/21 20:09:24 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2013/11/21 20:09:23 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSClient.dll
[2013/11/21 20:09:23 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.dll
[2013/11/21 20:09:23 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\storewuauth.dll
[2013/11/21 20:09:23 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSClient.dll
[2013/11/21 20:09:23 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSSync.dll
[2013/11/21 20:09:23 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2013/11/21 20:09:23 | 000,058,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dam.sys
[2013/11/21 20:09:23 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2013/11/21 20:09:23 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll
[2013/11/21 20:09:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2013/11/21 20:09:22 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2013/11/21 20:09:22 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2013/11/21 20:09:22 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2013/11/21 20:09:22 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\setupcln.dll
[2013/11/21 20:09:22 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2013/11/21 20:09:22 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2013/11/21 20:09:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/11/21 20:09:21 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/11/21 20:09:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setupcln.dll
[2013/11/21 20:07:24 | 002,842,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/11/21 20:07:23 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/11/21 20:07:23 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/11/21 20:07:23 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/11/21 20:05:42 | 001,300,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2013/11/21 20:05:40 | 002,062,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/11/21 20:05:39 | 001,711,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/11/21 20:05:02 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\esent.dll
[2013/11/21 20:05:01 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\esent.dll
[2013/11/21 20:04:24 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2013/11/21 20:03:37 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
[2013/11/21 20:03:37 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidparse.sys
[2013/11/21 20:01:29 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe
[2013/11/21 20:01:28 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe
[2013/11/21 20:01:28 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/11/21 20:01:05 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2013/11/21 19:59:25 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\duser.dll
[2013/11/21 19:59:24 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlroamextension.dll
[2013/11/21 19:59:23 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WWanAPI.dll
[2013/11/21 19:59:23 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2013/11/21 19:59:23 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.Connectivity.dll
[2013/11/21 19:59:22 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hotspotauth.dll
[2013/11/21 19:59:22 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.Connectivity.dll
[2013/11/21 19:59:22 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskkill.exe
[2013/11/21 19:59:22 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthAvrcpTg.sys
[2013/11/21 19:59:21 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlroamextension.dll
[2013/11/21 19:59:21 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WWanAPI.dll
[2013/11/21 19:59:21 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mbsmsapi.dll
[2013/11/21 19:59:21 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mbsmsapi.dll
[2013/11/21 19:59:21 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tasklist.exe
[2013/11/21 19:59:21 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\taskkill.exe
[2013/11/21 19:59:20 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpd_ci.dll
[2013/11/21 19:59:20 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tasklist.exe
[2013/11/21 19:59:20 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\crashdmp.sys
[2013/11/21 19:59:12 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2013/11/21 19:59:12 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2013/11/21 19:59:12 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2013/11/21 19:59:12 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2013/11/21 19:57:07 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\reseteng.dll
[2013/11/21 19:57:07 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ReAgent.dll
[2013/11/21 19:57:07 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgent.dll
[2013/11/21 19:57:05 | 000,447,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBHUB3.SYS
[2013/11/21 19:57:05 | 000,337,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBXHCI.SYS
[2013/11/21 19:57:05 | 000,213,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\UCX01000.SYS
[2013/11/21 19:57:03 | 000,498,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys
[2013/11/21 19:57:03 | 000,021,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys
[2013/11/21 19:56:45 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/11/21 19:56:09 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\GdiPlus.dll
[2013/11/21 19:56:08 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\GdiPlus.dll
[2013/11/21 19:56:07 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys
[2013/11/21 19:55:31 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/11/21 19:55:23 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll
[2013/11/21 19:55:22 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/11/21 19:55:21 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/11/21 19:55:20 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/11/21 19:55:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/11/21 19:55:19 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/11/21 19:55:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/11/21 19:55:19 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/11/21 19:55:19 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/11/21 19:55:18 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll
[2013/11/21 19:55:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll
[2013/11/21 19:48:52 | 000,652,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\comctl32.dll
[2013/11/21 19:43:32 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2013/11/21 19:43:31 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2013/11/21 19:42:27 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/11/21 19:41:07 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll
[2013/11/21 19:41:07 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll
[2013/11/21 19:31:44 | 000,000,000 | ---D | C] -- C:\Users\Angela\Desktop\Notes
[2013/11/21 19:31:44 | 000,000,000 | ---D | C] -- C:\Users\Angela\Desktop\Mind Control Docs to Convert
[2013/11/21 19:31:42 | 000,000,000 | ---D | C] -- C:\Users\Angela\Desktop\Finance
[2013/11/21 19:31:41 | 000,000,000 | ---D | C] -- C:\Users\Angela\Desktop\Files for Microsoft Movie Maker Install Problem
[2013/11/21 19:31:28 | 000,000,000 | R--D | C] -- C:\Users\Angela\Desktop\Entertainment
[2013/11/21 19:31:28 | 000,000,000 | ---D | C] -- C:\Users\Angela\Desktop\Documents to Print
[2013/11/21 19:31:27 | 000,000,000 | ---D | C] -- C:\Users\Angela\Desktop\Converted mind control docs
[2013/11/21 19:31:26 | 000,000,000 | ---D | C] -- C:\Users\Angela\Desktop\Computers
[2013/11/21 19:31:02 | 000,000,000 | R--D | C] -- C:\Users\Angela\Desktop\Cleanup and Computer Tools
[2013/11/21 19:11:32 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\WinPatrol
[2013/11/21 19:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2013/11/21 19:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/11/21 19:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2013/11/21 19:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2013/11/21 19:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013/11/21 19:08:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2013/11/21 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Interfathom TaskMerlin
[2013/11/21 18:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Interfathom
[2013/11/21 18:35:23 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Thunderbird
[2013/11/21 18:35:23 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Thunderbird
[2013/11/21 18:34:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013/11/21 18:29:19 | 000,000,000 | ---D | C] -- C:\Users\Angela\.swt
[2013/11/21 18:26:14 | 000,000,000 | ---D | C] -- C:\Users\Angela\.thinkorswim
[2013/11/21 18:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\thinkTDA
[2013/11/21 18:21:07 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Interfathom
[2013/11/21 18:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Interfathom
[2013/11/21 18:20:20 | 000,054,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2013/11/21 18:20:01 | 001,890,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/11/21 18:19:05 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll
[2013/11/21 18:19:04 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll
[2013/11/21 18:19:01 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
[2013/11/21 18:19:00 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll
[2013/11/21 18:18:57 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll
[2013/11/21 18:18:56 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll
[2013/11/21 18:18:55 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/11/21 18:18:52 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSAudDecMFT.dll
[2013/11/21 18:18:50 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSAudDecMFT.dll
[2013/11/21 18:18:49 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kd_02_10ec.dll
[2013/11/21 18:18:47 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll
[2013/11/21 18:18:47 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rsaenh.dll
[2013/11/21 18:18:46 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioSes.dll
[2013/11/21 18:18:46 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe
[2013/11/21 18:18:45 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEng.dll
[2013/11/21 18:18:45 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/11/21 18:18:45 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwmredir.dll
[2013/11/21 18:18:44 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RecoveryDrive.exe
[2013/11/21 18:18:44 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.dll
[2013/11/21 18:18:44 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll
[2013/11/21 18:18:44 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\audiodg.exe
[2013/11/21 18:18:43 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi
[2013/11/21 18:18:43 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpncore.dll
[2013/11/21 18:18:43 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013/11/21 18:18:42 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe
[2013/11/21 18:18:42 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/11/21 18:18:42 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFMediaEngine.dll
[2013/11/21 18:18:41 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi
[2013/11/21 18:18:40 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe
[2013/11/21 18:18:40 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ci.dll
[2013/11/21 18:18:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhengine.dll
[2013/11/21 18:18:40 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dmvdsitf.dll
[2013/11/21 18:18:39 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll
[2013/11/21 18:18:39 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.dll
[2013/11/21 18:18:39 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll
[2013/11/21 18:18:39 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsRasterService.dll
[2013/11/21 18:18:38 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfreadwrite.dll
[2013/11/21 18:18:37 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013/11/21 18:18:37 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEndpointBuilder.dll
[2013/11/21 18:18:37 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wscapi.dll
[2013/11/21 18:18:36 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe
[2013/11/21 18:18:36 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Robocopy.exe
[2013/11/21 18:18:36 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdvm.dll
[2013/11/21 18:18:35 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iuilp.dll
[2013/11/21 18:18:35 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsRasterService.dll
[2013/11/21 18:18:35 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Robocopy.exe
[2013/11/21 18:18:34 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dmvdsitf.dll
[2013/11/21 18:18:34 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdnet.dll
[2013/11/21 18:18:33 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll
[2013/11/21 18:18:33 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/11/21 18:18:33 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfreadwrite.dll
[2013/11/21 18:18:32 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\GenuineCenter.dll
[2013/11/21 18:18:31 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fmifs.dll
[2013/11/21 18:18:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fmifs.dll
[2013/11/21 18:18:30 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssprxy.dll
[2013/11/21 18:18:30 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msshooks.dll
[2013/11/21 18:18:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msshooks.dll
[2013/11/21 18:18:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll
[2013/11/21 18:13:01 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\SUPERAntiSpyware.com
[2013/11/21 18:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/11/21 18:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/11/21 18:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/11/21 18:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/11/21 18:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/11/21 18:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/11/21 18:10:28 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinui.dll
[2013/11/21 18:10:26 | 008,858,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll
[2013/11/21 18:10:25 | 002,304,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/11/21 18:10:25 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\actxprxy.dll
[2013/11/21 18:10:25 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/11/21 18:10:24 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\pdc.sys
[2013/11/21 18:08:03 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
[2013/11/21 18:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2013/11/21 18:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
[2013/11/21 18:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SeaMonkey
[2013/11/21 18:00:59 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Apple Computer
[2013/11/21 18:00:59 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Apple Computer
[2013/11/21 18:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2013/11/21 18:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/11/21 18:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/11/21 18:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/11/21 18:00:15 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Apple
[2013/11/21 18:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/11/21 18:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/11/21 17:52:23 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Macromedia
[2013/11/21 17:07:21 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013/11/21 17:07:20 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013/11/21 17:06:50 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tssdisai.dll
[2013/11/21 17:06:48 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\appserverai.dll
[2013/11/21 17:06:48 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RDWebAI.dll
[2013/11/21 17:06:48 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\VmHostAI.dll
[2013/11/21 17:06:45 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe
[2013/11/21 17:06:45 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe
[2013/11/21 17:05:38 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2013/11/21 17:05:37 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\apprepapi.dll
[2013/11/21 17:05:37 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\apprepsync.dll
[2013/11/21 17:05:37 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apprepapi.dll
[2013/11/21 17:05:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apprepsync.dll
[2013/11/21 17:05:28 | 006,987,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/11/21 16:53:49 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Opera
[2013/11/21 16:53:49 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Opera
[2013/11/21 16:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013/11/21 16:34:32 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Malwarebytes
[2013/11/21 16:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/21 16:34:29 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/11/21 16:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/21 16:34:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/21 16:28:10 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\My Kindle Content
[2013/11/21 16:28:05 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Amazon
[2013/11/21 16:27:10 | 000,873,384 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013/11/21 16:27:10 | 000,796,072 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013/11/21 15:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/11/21 15:50:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/11/21 15:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/21 15:49:10 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/11/21 15:49:08 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/11/21 15:49:08 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/11/21 15:49:08 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/11/21 15:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/21 15:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/11/21 15:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/11/21 15:33:23 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Google
[2013/11/21 15:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/11/21 15:27:20 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\User Manuals
[2013/11/21 15:27:15 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\TI Stuff
[2013/11/21 15:27:15 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Sociology
[2013/11/21 15:23:35 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Sima
[2013/11/21 15:23:34 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Psychology_Psychiatry
[2013/11/21 15:23:23 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\People Searches
[2013/11/21 15:23:18 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Old Firefox Data
[2013/11/21 15:23:18 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Notes
[2013/11/21 15:23:17 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Nonprofit formation information
[2013/11/21 15:23:17 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Naturopathic Medicine
[2013/11/21 15:23:16 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\My Barnes & Noble eBooks
[2013/11/21 15:23:15 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Math
[2013/11/21 15:23:15 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Lyrics
[2013/11/21 15:23:14 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Linguistics
[2013/11/21 15:23:14 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Letters
[2013/11/21 15:23:14 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Lenovo
[2013/11/21 15:23:13 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Legal Research
[2013/11/21 15:23:13 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Law
[2013/11/21 15:23:13 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Initial mail files from Thunderbird reinstall 7_28_2013
[2013/11/21 15:23:12 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Electronics
[2013/11/21 15:23:12 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\CyberLink
[2013/11/21 15:23:11 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Biology
[2013/11/21 15:23:08 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\appdata files from old acer
[2013/11/21 15:23:08 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Amazon MP3
[2013/11/21 15:22:48 | 038,494,576 | ---- | C] (Apple Inc.) -- C:\Users\Angela\Documents\SafariSetup.exe
[2013/11/21 15:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013/11/21 15:11:51 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Programs
[2013/11/21 15:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant
[2013/11/21 15:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
[2013/11/21 15:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeFileViewer
[2013/11/21 15:00:27 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/11/21 14:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
[2013/11/21 14:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeAlarmClock
[2013/11/21 14:51:04 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Flock
[2013/11/21 14:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/21 14:39:21 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Mozilla
[2013/11/21 14:39:21 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Mozilla
[2013/11/21 14:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/11/21 14:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/11/21 14:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/11/21 14:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/11/21 14:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pink Calendar
[2013/11/21 14:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compare It!
[2013/11/21 14:35:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Compare It!
[2013/11/21 14:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2013/11/21 14:25:43 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0
[2013/11/21 14:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2013/11/21 14:22:58 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2013/11/21 14:22:57 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Program Files
[2013/11/21 14:20:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/11/21 14:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2013/11/21 14:10:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2013/11/21 13:39:29 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Clipboarder
[2013/11/21 13:39:14 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Sidebar7
[2013/11/21 13:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8GadgetPack
[2013/11/21 13:31:39 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\ClassicShell
[2013/11/21 13:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
[2013/11/21 13:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Shell
[2013/11/21 13:26:00 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Adobe
[2013/11/21 13:25:49 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\LSC
[2013/11/21 13:25:31 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\LSC
[2013/11/21 13:23:23 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Nitro PDF
[2013/11/21 13:21:14 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\AMD
[2013/11/21 13:20:50 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\ATI
[2013/11/21 13:20:50 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\ATI
[2013/11/21 13:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/11/21 13:18:45 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Lenovo
[2013/11/21 13:18:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/21 13:18:03 | 000,000,000 | R--D | C] -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/21 13:18:03 | 000,000,000 | R--D | C] -- C:\Users\Angela\Searches
[2013/11/21 13:18:03 | 000,000,000 | R--D | C] -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/11/21 13:18:02 | 000,000,000 | R--D | C] -- C:\Users\Angela\Contacts
[2013/11/21 13:18:02 | 000,000,000 | -H-D | C] -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/11/21 13:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay
[2013/11/21 13:16:15 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Adobe
[2013/11/21 13:15:37 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\VirtualStore
[2013/11/21 13:15:28 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Packages
[2013/11/21 13:15:17 | 000,000,000 | -HSD | C] -- C:\Users\Angela\AppData\Local\Temporary Internet Files
[2013/11/21 13:15:17 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Templates
[2013/11/21 13:15:17 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Start Menu
[2013/11/21 13:15:17 | 000,000,000 | -HSD | C] -- C:\Users\Angela\SendTo
[2013/11/21 13:15:17 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Recent
[2013/11/21 13:15:17 | 000,000,000 | -HSD | C] -- C:\Users\Angela\PrintHood
[2013/11/21 13:15:17 | 000,000,000 | -HSD | C] -- C:\Users\Angela\NetHood
[2013/11/21 13:15:17 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Documents\My Videos
[2013/11/21 13:15:17 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Documents\My Pictures
[2013/11/21 13:15:17 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Documents\My Music
[2013/11/21 13:15:17 | 000,000,000 | -HSD | C] -- C:\Users\Angela\My Documents
[2013/11/21 13:15:17 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Local Settings
[2013/11/21 13:15:17 | 000,000,000 | -HSD | C] -- C:\Users\Angela\AppData\Local\History
[2013/11/21 13:15:17 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Cookies
[2013/11/21 13:15:17 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Application Data
[2013/11/21 13:15:17 | 000,000,000 | -HSD | C] -- C:\Users\Angela\AppData\Local\Application Data
[2013/11/21 13:15:16 | 000,000,000 | --SD | C] -- C:\Users\Angela\AppData\Roaming\Microsoft
[2013/11/21 13:15:16 | 000,000,000 | R--D | C] -- C:\Users\Angela\Videos
[2013/11/21 13:15:16 | 000,000,000 | R--D | C] -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/11/21 13:15:16 | 000,000,000 | R--D | C] -- C:\Users\Angela\Saved Games
[2013/11/21 13:15:16 | 000,000,000 | R--D | C] -- C:\Users\Angela\Pictures
[2013/11/21 13:15:16 | 000,000,000 | R--D | C] -- C:\Users\Angela\Music
[2013/11/21 13:15:16 | 000,000,000 | R--D | C] -- C:\Users\Angela\Links
[2013/11/21 13:15:16 | 000,000,000 | R--D | C] -- C:\Users\Angela\Favorites
[2013/11/21 13:15:16 | 000,000,000 | R--D | C] -- C:\Users\Angela\Downloads
[2013/11/21 13:15:16 | 000,000,000 | R--D | C] -- C:\Users\Angela\Documents
[2013/11/21 13:15:16 | 000,000,000 | R--D | C] -- C:\Users\Angela\Desktop
[2013/11/21 13:15:16 | 000,000,000 | R--D | C] -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/11/21 13:15:16 | 000,000,000 | R--D | C] -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/11/21 13:15:16 | 000,000,000 | -H-D | C] -- C:\Users\Angela\AppData
[2013/11/21 13:15:16 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Temp
[2013/11/21 13:15:16 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Microsoft
[2013/11/21 13:15:16 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/11/21 13:15:16 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Macromedia
[2013/11/21 13:15:16 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo

========== Files - Modified Within 30 Days ==========

[2013/11/26 13:26:39 | 000,007,643 | ---- | M] () -- C:\Users\Angela\AppData\Local\Resmon.ResmonCfg
[2013/11/26 13:08:41 | 000,000,404 | ---- | M] () -- C:\windows\tasks\FreeFileViewerUpdateChecker.job
[2013/11/26 13:05:41 | 000,000,926 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/26 12:52:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/11/26 12:43:01 | 000,000,930 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/26 12:39:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/11/26 02:55:41 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\spu_storage.bin
[2013/11/26 02:48:02 | 000,001,416 | ---- | M] () -- C:\Users\Angela\Desktop\nsmc - Shortcut.lnk
[2013/11/26 02:35:46 | 003,652,608 | ---- | M] () -- C:\Users\Angela\Desktop\netspeedmonitor_2_5_4_0_x64_setup.msi
[2013/11/25 18:35:38 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/11/25 18:35:38 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/11/25 18:35:38 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/11/24 11:04:54 | 000,307,584 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/11/24 11:04:44 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/11/24 11:04:42 | 2960,551,936 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/23 13:37:29 | 000,145,516 | ---- | M] () -- C:\Users\Angela\Documents\WIPS-Comparisons Retail Market.pdf
[2013/11/23 01:29:34 | 000,002,290 | ---- | M] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/22 19:40:08 | 000,001,219 | ---- | M] () -- C:\Users\Public\Desktop\NOOK for PC.lnk
[2013/11/21 21:19:23 | 000,001,316 | ---- | M] () -- C:\Users\Angela\Desktop\Movie Maker.lnk
[2013/11/21 21:00:52 | 000,001,445 | ---- | M] () -- C:\Users\Angela\Desktop\Journal - Shortcut.lnk
[2013/11/21 20:28:55 | 000,001,347 | ---- | M] () -- C:\Users\Angela\Desktop\Windows Media Player.lnk
[2013/11/21 19:10:04 | 000,001,557 | ---- | M] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/11/21 18:35:50 | 000,002,121 | ---- | M] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/11/21 18:07:18 | 000,001,993 | ---- | M] () -- C:\Users\Angela\Desktop\SeaMonkey.lnk
[2013/11/21 18:07:16 | 000,002,017 | ---- | M] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2013/11/21 18:00:48 | 000,002,491 | ---- | M] () -- C:\Users\Angela\Desktop\Safari.lnk
[2013/11/21 18:00:47 | 000,002,515 | ---- | M] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2013/11/21 16:53:42 | 000,001,840 | ---- | M] () -- C:\Users\Angela\Desktop\Opera.lnk
[2013/11/21 16:28:06 | 000,002,005 | ---- | M] () -- C:\Users\Angela\Desktop\Kindle.lnk
[2013/11/21 15:49:02 | 000,873,384 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013/11/21 15:49:02 | 000,796,072 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013/11/21 15:49:02 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/11/21 15:49:02 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/11/21 15:49:02 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/11/21 15:49:02 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/11/21 15:15:26 | 000,001,461 | ---- | M] () -- C:\Users\Angela\Desktop\gimp-2.8 - Shortcut.lnk
[2013/11/21 15:08:32 | 000,001,090 | ---- | M] () -- C:\Users\Angela\Desktop\FreeFileViewer.lnk
[2013/11/21 15:08:31 | 000,001,114 | ---- | M] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2013/11/21 14:39:14 | 000,001,158 | ---- | M] () -- C:\Users\Angela\Desktop\Mozilla Firefox.lnk
[2013/11/21 14:37:00 | 000,131,584 | ---- | M] () -- C:\windows\SysWow64\SpoonUninstall.exe
[2013/11/21 14:37:00 | 000,001,084 | ---- | M] () -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinkCal.lnk
[2013/11/21 14:37:00 | 000,001,041 | ---- | M] () -- C:\windows\SysWow64\SpoonUninstall-Pink Calendar & Day Planner.dat
[2013/11/21 14:36:54 | 000,034,358 | ---- | M] () -- C:\windows\SysWow64\SpoonUninstall-Pink Calendar & Day Planner.bmp
[2013/11/21 14:26:56 | 000,002,155 | ---- | M] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/11/21 14:25:46 | 000,001,112 | ---- | M] () -- C:\Users\Angela\Desktop\OpenOffice 4.0.0.lnk
[2013/11/21 14:20:58 | 000,002,030 | ---- | M] () -- C:\Users\Angela\Desktop\Adobe Reader XI.lnk
[2013/11/21 13:38:55 | 000,000,883 | ---- | M] () -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
[2013/11/21 13:25:11 | 000,001,435 | ---- | M] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/20 23:29:20 | 000,192,820 | ---- | M] () -- C:\Users\Angela\Documents\duke energy epay security certificate warning.pdf
[2013/11/20 23:23:32 | 000,145,547 | ---- | M] () -- C:\Users\Angela\Documents\duke energy epay security certificate warning.odt
[2013/11/20 23:12:12 | 000,054,130 | ---- | M] () -- C:\Users\Angela\Documents\Nothing says i love you like....pdf
[2013/11/20 03:15:12 | 001,449,984 | ---- | M] () -- C:\Users\Angela\Documents\MyTasks.tmdb
[2013/11/20 01:54:14 | 000,071,068 | ---- | M] () -- C:\Users\Angela\Documents\deep web search engines.pdf
[2013/11/10 20:29:24 | 000,000,000 | -H-- | M] () -- C:\Users\Angela\Documents\Default.rdp
[2013/11/07 11:04:22 | 001,208,242 | ---- | M] () -- C:\Users\Angela\Documents\2011 Tor Project IRS Filings.pdf
[2013/11/05 17:58:57 | 000,694,232 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/11/05 17:58:57 | 000,078,296 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/03 23:05:20 | 000,083,136 | ---- | M] () -- C:\Users\Angela\Documents\weapons of math instruction.pdf

========== Files Created - No Company Name ==========

[2013/11/26 13:18:10 | 000,007,643 | ---- | C] () -- C:\Users\Angela\AppData\Local\Resmon.ResmonCfg
[2013/11/26 02:48:02 | 000,001,416 | ---- | C] () -- C:\Users\Angela\Desktop\nsmc - Shortcut.lnk
[2013/11/26 02:35:36 | 003,652,608 | ---- | C] () -- C:\Users\Angela\Desktop\netspeedmonitor_2_5_4_0_x64_setup.msi
[2013/11/24 11:04:47 | 000,307,584 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/11/23 13:37:29 | 000,145,516 | ---- | C] () -- C:\Users\Angela\Documents\WIPS-Comparisons Retail Market.pdf
[2013/11/22 19:40:08 | 000,001,219 | ---- | C] () -- C:\Users\Public\Desktop\NOOK for PC.lnk
[2013/11/21 21:19:23 | 000,001,316 | ---- | C] () -- C:\Users\Angela\Desktop\Movie Maker.lnk
[2013/11/21 21:00:52 | 000,001,445 | ---- | C] () -- C:\Users\Angela\Desktop\Journal - Shortcut.lnk
[2013/11/21 20:38:40 | 000,001,316 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/11/21 20:38:34 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/11/21 20:38:20 | 000,001,469 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/11/21 20:37:57 | 000,002,497 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/11/21 20:35:40 | 000,002,132 | ---- | C] () -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2013/11/21 20:28:55 | 000,001,347 | ---- | C] () -- C:\Users\Angela\Desktop\Windows Media Player.lnk
[2013/11/21 20:10:45 | 000,386,646 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013/11/21 20:09:21 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/11/21 19:32:09 | 000,002,491 | ---- | C] () -- C:\Users\Angela\Desktop\Safari.lnk
[2013/11/21 19:32:09 | 000,002,030 | ---- | C] () -- C:\Users\Angela\Desktop\Adobe Reader XI.lnk
[2013/11/21 19:32:09 | 000,002,005 | ---- | C] () -- C:\Users\Angela\Desktop\Kindle.lnk
[2013/11/21 19:32:09 | 000,001,993 | ---- | C] () -- C:\Users\Angela\Desktop\SeaMonkey.lnk
[2013/11/21 19:32:09 | 000,001,840 | ---- | C] () -- C:\Users\Angela\Desktop\Opera.lnk
[2013/11/21 19:32:09 | 000,001,461 | ---- | C] () -- C:\Users\Angela\Desktop\gimp-2.8 - Shortcut.lnk
[2013/11/21 19:32:09 | 000,001,158 | ---- | C] () -- C:\Users\Angela\Desktop\Mozilla Firefox.lnk
[2013/11/21 19:32:09 | 000,001,112 | ---- | C] () -- C:\Users\Angela\Desktop\OpenOffice 4.0.0.lnk
[2013/11/21 19:32:09 | 000,001,090 | ---- | C] () -- C:\Users\Angela\Desktop\FreeFileViewer.lnk
[2013/11/21 19:31:02 | 000,192,820 | ---- | C] () -- C:\Users\Angela\Documents\duke energy epay security certificate warning.pdf
[2013/11/21 19:31:02 | 000,145,547 | ---- | C] () -- C:\Users\Angela\Documents\duke energy epay security certificate warning.odt
[2013/11/21 19:31:02 | 000,071,068 | ---- | C] () -- C:\Users\Angela\Documents\deep web search engines.pdf
[2013/11/21 19:31:02 | 000,054,130 | ---- | C] () -- C:\Users\Angela\Documents\Nothing says i love you like....pdf
[2013/11/21 19:31:02 | 000,003,009 | ---- | C] () -- C:\Users\Angela\Desktop\TaskMerlin.lnk
[2013/11/21 19:31:02 | 000,001,973 | ---- | C] () -- C:\Users\Angela\Desktop\Nitro Pro 8.lnk
[2013/11/21 19:31:02 | 000,001,908 | ---- | C] () -- C:\Users\Angela\Desktop\thinkorswim from TD AMERITRADE.lnk
[2013/11/21 19:31:02 | 000,001,805 | ---- | C] () -- C:\Users\Angela\Desktop\chrome - Shortcut.lnk
[2013/11/21 19:31:02 | 000,001,593 | ---- | C] () -- C:\Users\Angela\Desktop\thunderbird - Shortcut.lnk
[2013/11/21 19:31:02 | 000,001,467 | ---- | C] () -- C:\Users\Angela\Desktop\wincmp3 - Shortcut.lnk
[2013/11/21 19:31:02 | 000,001,441 | ---- | C] () -- C:\Users\Angela\Desktop\Internet Explorer.lnk
[2013/11/21 19:31:02 | 000,001,014 | ---- | C] () -- C:\Users\Angela\Desktop\Free Alarm Clock.lnk
[2013/11/21 19:10:04 | 000,001,557 | ---- | C] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/11/21 19:10:04 | 000,001,545 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2013/11/21 18:35:08 | 000,002,121 | ---- | C] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/11/21 18:35:08 | 000,002,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013/11/21 18:25:27 | 000,001,964 | ---- | C] () -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thinkorswim from TD AMERITRADE.lnk
[2013/11/21 18:07:16 | 000,002,017 | ---- | C] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2013/11/21 18:00:47 | 000,002,515 | ---- | C] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2013/11/21 18:00:47 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2013/11/21 18:00:14 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/11/21 17:41:36 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/11/21 16:53:41 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013/11/21 15:43:03 | 000,002,290 | ---- | C] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/21 15:33:31 | 000,000,930 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/21 15:33:30 | 000,000,926 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/21 15:23:08 | 000,083,136 | ---- | C] () -- C:\Users\Angela\Documents\weapons of math instruction.pdf
[2013/11/21 15:22:50 | 009,282,540 | ---- | C] () -- C:\Users\Angela\Documents\The_7_Keys_To_V2k_And_The_Truth_Will_Set_You_Free.exe
[2013/11/21 15:22:48 | 001,449,984 | ---- | C] () -- C:\Users\Angela\Documents\MyTasks.tmdb
[2013/11/21 15:22:48 | 001,208,320 | ---- | C] () -- C:\Users\Angela\Documents\MyTasks.backup1.tmdb
[2013/11/21 15:22:48 | 000,008,252 | ---- | C] () -- C:\Users\Angela\Documents\ClassicShellReadme.rtf
[2013/11/21 15:22:48 | 000,000,000 | -H-- | C] () -- C:\Users\Angela\Documents\Default.rdp
[2013/11/21 15:22:47 | 001,208,242 | ---- | C] () -- C:\Users\Angela\Documents\2011 Tor Project IRS Filings.pdf
[2013/11/21 15:13:50 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013/11/21 15:08:35 | 000,000,404 | ---- | C] () -- C:\windows\tasks\FreeFileViewerUpdateChecker.job
[2013/11/21 15:08:31 | 000,001,114 | ---- | C] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2013/11/21 15:00:28 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2013/11/21 15:00:24 | 2960,551,936 | -HS- | C] () -- C:\hiberfil.sys
[2013/11/21 14:39:13 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/11/21 14:37:00 | 000,131,584 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall.exe
[2013/11/21 14:37:00 | 000,034,358 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-Pink Calendar & Day Planner.bmp
[2013/11/21 14:37:00 | 000,001,084 | ---- | C] () -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PinkCal.lnk
[2013/11/21 14:37:00 | 000,001,041 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-Pink Calendar & Day Planner.dat
[2013/11/21 14:26:56 | 000,002,155 | ---- | C] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/11/21 14:26:56 | 000,002,143 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2013/11/21 14:20:57 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/11/21 13:38:55 | 000,000,883 | ---- | C] () -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
[2013/11/21 13:32:01 | 000,000,354 | ---- | C] () -- C:\Users\Angela\Desktop\All Control Panel Items - Shortcut.lnk
[2013/11/21 13:31:57 | 000,000,355 | ---- | C] () -- C:\Users\Angela\Desktop\Computer - Shortcut.lnk
[2013/11/21 13:25:11 | 000,001,435 | ---- | C] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/21 13:17:11 | 000,001,441 | ---- | C] () -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/11/21 13:15:16 | 000,000,352 | ---- | C] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/11/21 13:15:16 | 000,000,334 | ---- | C] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/05/31 13:57:04 | 000,001,677 | ---- | C] () -- C:\windows\vm331Rmv.ini
[2013/05/31 13:57:04 | 000,001,677 | ---- | C] () -- C:\windows\SysWow64\vm331Rmv.ini
[2013/05/31 13:55:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/05/31 13:51:49 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2013/04/28 19:29:42 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2013/04/28 19:29:42 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2013/04/28 19:29:41 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2013/04/28 19:29:38 | 000,798,734 | ---- | C] () -- C:\windows\SysWow64\amdocl_ld32.exe
[2013/04/28 19:29:37 | 000,995,342 | ---- | C] () -- C:\windows\SysWow64\amdocl_as32.exe
[2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
[2012/11/27 03:18:46 | 000,038,912 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/07/25 15:22:56 | 000,267,284 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012/07/25 15:22:54 | 000,963,376 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013/11/21 18:46:54 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 01:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 00:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/22 19:40:06 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Barnes & Noble
[2013/11/26 02:55:28 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\ClassicShell
[2013/11/23 01:32:34 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\FreeFileViewer
[2013/11/21 13:18:45 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Lenovo
[2013/11/23 01:39:29 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\LSC
[2013/11/26 13:35:10 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\NetSpeedMonitor
[2013/11/26 13:15:54 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Nitro PDF
[2013/11/25 15:54:48 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\OpenOffice
[2013/11/21 16:53:49 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Opera
[2013/11/21 18:35:23 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Thunderbird
[2013/11/21 19:11:41 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\WinPatrol
[2013/11/21 21:43:48 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Worldwinner

========== Purity Check ==========

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2012/09/20 01:30:35 | 000,190,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/03/06 01:29:15 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2012/07/25 22:08:16 | 000,094,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2012/07/25 22:07:01 | 000,826,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2013/10/10 04:20:43 | 000,723,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2012/07/25 22:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:36 | 000,507,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2012/07/25 22:18:26 | 000,394,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/25 22:05:12 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/13 01:16:06 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2012/07/25 22:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2012/10/11 00:43:40 | 000,331,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2012/10/11 00:06:02 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2012/09/20 01:31:07 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2012/07/25 22:05:34 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:64bit: - [2012/07/25 22:05:46 | 000,036,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2012/07/25 22:18:34 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2012/07/25 22:05:51 | 000,438,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2012/07/25 22:05:51 | 000,474,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2012/07/25 22:07:25 | 000,502,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2012/09/20 01:31:57 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2012/07/25 22:06:34 | 000,255,488 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2013/05/04 01:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/09/20 01:32:17 | 000,356,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2012/07/26 00:26:47 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2012/09/20 01:33:04 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/07/25 22:08:47 | 000,769,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:64bit: - [2012/07/25 22:07:03 | 000,099,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2012/07/25 22:07:03 | 000,358,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2012/07/25 22:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2012/07/25 22:07:09 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2012/09/20 01:33:39 | 000,035,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2013/04/08 23:51:41 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2012/07/25 22:07:23 | 000,309,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2012/07/25 22:07:16 | 000,565,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2012/07/25 22:19:59 | 000,506,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2013/04/08 23:50:39 | 001,285,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2012/07/25 22:07:28 | 000,305,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2012/07/25 22:20:06 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2012/07/25 22:07:30 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/07/25 22:07:00 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2013/05/04 01:59:51 | 001,483,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2013/04/08 23:48:42 | 000,785,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:64bit: - [2013/04/08 23:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/07/25 22:07:08 | 000,148,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/07/01 19:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 22:07:47 | 001,731,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:64bit: - [2012/10/11 00:44:35 | 000,904,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2012/07/25 22:07:47 | 000,570,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2012/07/25 22:08:34 | 000,124,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2012/07/25 22:20:50 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2012/07/25 22:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2013/08/16 00:21:55 | 003,275,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2012/07/25 22:05:31 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2012/11/05 23:19:59 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:64bit: - [2012/07/25 22:08:02 | 000,191,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< End of report >

OTL Extras Log

OTL Extras logfile created on: 11/26/2013 1:26:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Angela\Desktop\Cleanup and Computer Tools
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.45 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 62.14% Memory free
6.70 Gb Paging File | 4.78 Gb Available in Paging File | 71.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 426.54 Gb Total Space | 379.37 Gb Free Space | 88.94% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 23.72 Gb Free Space | 94.89% Space Free | Partition Type: NTFS

Computer Name: PEACHESANDCREAM | User Name: Angela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2444015620-226442998-1639151450-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lenovo Photos] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Lenovo Photos.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lenovo Photos] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Lenovo Photos.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{67B0E137-2286-4490-BEB0-50E86D870B72}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{71018767-BD99-4D12-8371-C408BAFEADC3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0845D3DD-32CF-47F0-896F-629870DDFCF6}" = dir=in | name=kindle |
"{0E007946-FC2B-45A7-87D5-1C76DD3076D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0FC21BD6-DA10-4EA0-8511-1F8494E03573}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{1BF8A306-C947-47F7-915F-1714CD41DE29}" = dir=out | name=zinio |
"{1E5677B9-F47E-4C46-9976-6CD9BFDA7D8B}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{1F47675A-1EF4-448F-806C-D135A8820129}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{27A6214A-D907-493B-A78C-D0150FD291CE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{28F4CF7D-72F2-4A1A-B76E-E0A61FE175E4}" = dir=out | name=merriam-webster dictionary |
"{29097849-5A81-4394-A35D-D510D2CB2A3F}" = dir=out | name=windows_ie_ac_001 |
"{39372E28-5AD2-446B-ACE9-EBAD65BE2BD4}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{3CA38393-0BFD-4888-91B0-04509CE7201F}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{4B672F47-7A48-4AE4-81E8-95CAC9D6751B}" = dir=out | name=rara.com |
"{5216B9A7-9056-4453-A4CC-C9E8F6477673}" = dir=out | name=ebay |
"{546A39D0-D460-4452-9048-BC12A0A16870}" = dir=out | name=mcafee security advisor for lenovo |
"{54702E53-867D-4C85-AB2A-6D8979453DED}" = dir=out | name=lenovo companion |
"{5B41F574-9C5D-47A0-86E0-A86E8D3101D7}" = dir=in | name=ebay |
"{5CE5A27F-0D86-403E-9297-675E631C3E80}" = dir=in | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{61B59D12-25CA-4365-B77B-378E213BBDBC}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{61CB88A7-1466-428F-A223-D3B9F79DC31D}" = dir=out | name=accuweather for windows 8 |
"{63E33164-782E-48CC-9E75-26475519E636}" = dir=out | name=kindle |
"{64E8E172-22E6-4C3A-9EE7-210821EEE6F8}" = dir=out | name=lenovo cloud storage by sugarsync |
"{679059CA-EB8D-4B84-A1A1-29352DEB55E7}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{7C66EC8D-0311-4AD4-BD31-A9AEAA1122EF}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{822D40BA-9DB1-4E23-85AA-4FF00AD30EE8}" = dir=in | app=c:\users\angela\appdata\roaming\allmyapps\allmyapps.exe |
"{826C7E58-4BAF-4C08-9835-064AB3A748C8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{86F68289-98EA-4B48-984B-DEE8F7254775}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{8AAAFCD4-01FD-4442-A362-812FA7E35817}" = dir=in | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.87_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/resources/app-name} |
"{982208A2-7732-4C67-97BE-E7784096A4CF}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{9B72B842-C21D-4ABE-A39E-E392959DC534}" = dir=in | name=rara.com |
"{A54C8EAB-EFF6-4A37-A332-B03104050133}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{A8871FCA-45BA-4A82-B145-C3B9EEEEC998}" = dir=in | name=accuweather for windows 8 |
"{B098A5B8-7C60-4CFA-BD19-83DECDB4F26A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{B433F298-D6D3-4809-9AFF-3BBD314F7F83}" = dir=out | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{B5F3846D-9F7D-4A8E-9618-592E7FCC2149}" = dir=in | app=c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe |
"{BEFBBED8-3DF6-4C5C-B3D0-044BAABAC926}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe |
"{C4A0CAD2-E7DD-4270-84D7-2FA30515DB7D}" = dir=in | name=evernote |
"{C5901077-911F-45F7-8B36-DC6FAC82B413}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{CAA8AD64-2DAF-41DD-A266-7900E09B78FA}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{CD935E76-E069-47D0-B8A9-83AA45CEADB1}" = dir=out | name=lenovo support |
"{CDB54E3C-0C54-4EE2-BB1B-5EE5D8F3BD45}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{CF09BCE6-67D9-44E0-9404-AB791FEB24C8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D014B1CC-D4BA-48A9-8226-8114F988108A}" = dir=in | app=c:\users\angela\appdata\local\microsoft\skydrive\skydrive.exe |
"{D4187A4D-8E9C-419F-8DB8-79FD97651FF4}" = dir=out | name=encyclopaedia britannica |
"{D70F3CBE-624F-4443-9A5D-AB3F32B66B7C}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{DDF42896-CCC0-41CC-9DF7-8F74D77A99B1}" = dir=out | name=powerdvd for lenovo idea |
"{E038CC1B-B467-43A8-A2D7-EBA2225FC47B}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E6E2BB3E-0B9E-4573-AF71-538C3B2015D4}" = dir=out | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.87_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/resources/app-name} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E8EC2784-393F-4961-9C22-F8CF0A526D02}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{EBA42DA8-EE78-4D6A-8781-87B7C72D646A}" = dir=out | name=evernote |
"{EF328F27-3B85-46AC-8CB1-3D50BAD9A1F0}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{EFE56CF6-4610-4619-B0E4-F6E753F6F85C}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{F2E138A7-878F-4B08-A0CF-47F68509FAA1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FBC957A2-047E-4ADC-8CB7-AB0F30C7A0C6}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{FFF6DAD2-9842-45F3-9E63-0FA0A4752FDB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CE060F8-9E74-5441-F969-3F3DFA3EE254}" = AMD Fuel
"{1504DE35-C46A-0E9B-65DE-5A73732B333C}" = AMD Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}" = Nitro Pro 8
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5F86FA8F-9368-31D3-1D44-B515C2697065}" = AMD Accelerated Video Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98BB5224-BC5D-4028-9D20-536C1C263AA9}" = Classic Shell
"{B8908ABE-8AAE-41FD-A367-391CD492981B}" = Lenovo Solution Center
"{CC12D703-1845-B270-3F29-AB2906BD29C8}" = AMD Start Now
"{CCE952EA-8F20-CDBA-FB9D-F5C4FC84A026}" = ccc-utility64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E9EED4AE-682B-4501-9574-D09A21717599}_is1" = AMD Quick Stream
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42" = Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1)
"8A223E56FB1ED4F697B54E5BF96F1EB63B512684" = Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"GIMP-2_is1" = GIMP 2.8.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0CB174B5-FF8F-3B62-EE85-85934A449505}" = CCC Help Japanese
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{1820BB32-C2B5-8A7D-D8E6-719AF74B0193}" = CCC Help Korean
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1E496A68-4943-424E-829D-5C3C85B7B8F2}" = Realtek USB Card Reader
"{24139388-C988-02B0-0A4C-FD830466DB15}" = CCC Help Thai
"{26A24AE4-039D-4CA4-87B4-2F83217025F0}" = Java 7 Update 25
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2A82EBFC-89AB-41EA-80E8-A07C73C752A0}" = WorldWinner Games
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2F503139-7C61-4A82-9B0B-59A7A110FACB}" = 8GadgetPack
"{3060F279-C46A-83A7-7116-4B7AA92DF6BB}" = CCC Help Danish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43FB500D-4569-73B4-E545-59F55D6E3AC9}" = CCC Help English
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}" = OpenOffice 4.0.0
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5D642A72-8194-4A22-80DA-11FE610CCA8E}" = Lenovo_Wireless_Driver
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{61FACC53-0D58-31CB-D7AA-DC67AD025CAF}" = CCC Help French
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{65E5377E-A494-5408-2408-887185A9F0A8}" = CCC Help Dutch
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{7D8E2577-F930-A1BA-AC07-680237BEBCDC}" = CCC Help German
"{82331D63-F7EF-7E65-0A02-B0FFADFE1174}" = CCC Help Italian
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8AFFD4F4-7ABD-613E-C0DE-F511E97D532A}" = AMD VISION Engine Control Center
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.5.0
"{9994DB2E-5B78-4D7A-B446-1A071A4C4CD9}" = Interfathom TaskMerlin
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{A5787473-8C04-664A-DE9C-6D80CA4D4A2F}" = CCC Help Chinese Traditional
"{A673EB7C-902B-875E-C664-6A51BFBFB2C8}" = Catalyst Control Center InstallProxy
"{A7679943-6AE3-D39E-77BF-8561D2CAD314}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A932469B-98E8-DD1B-1F44-A80A7F395F02}" = CCC Help Portuguese
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{ABD2036E-260F-6815-9EB7-9287210E6733}" = CCC Help Czech
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{B24890AB-CE32-78C3-3A1D-8DCB25DF89AC}" = Catalyst Control Center Localization All
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C47BD14D-210F-4EC3-8B41-0149954C71D4}" = Catalyst Control Center - Branding
"{C4E93371-E971-1B80-18CA-9737342711AF}" = CCC Help Russian
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C89A97B6-F991-EBB5-77B7-927BCF420EBE}" = OEM Application Profile
"{CE51FC14-13FF-3A11-5A49-6B8B9AA0AC91}" = CCC Help Greek
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DDD1B-C406-2A8D-EBC8-281E7FCD0A83}" = CCC Help Polish
"{D413EA75-8232-47A2-134D-190C04C5B42B}" = CCC Help Swedish
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D73A21E0-ECE5-9AE8-2293-DBC373CD86E8}" = CCC Help Norwegian
"{D9A92E01-E425-6B5C-B79E-9FF87C099497}" = CCC Help Finnish
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0491A19-2250-DFCD-5C60-9DD5DF9D9035}" = CCC Help Spanish
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F20ED5D1-7033-DE04-CA59-860AD12325EA}" = CCC Help Turkish
"{F3204A9B-7410-D495-5DD5-00B1DCEF5622}" = CCC Help Chinese Standard
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Kindle" = Amazon Kindle
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Belarc Advisor" = Belarc Advisor 8.3
"BN_DesktopReader" = NOOK for PC
"Compare It!_is1" = Compare It!
"FreeFileViewer_is1" = Free File Viewer 2012
"Google Chrome" = Google Chrome
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Intel AppUp(SM) center 33057" = Intel AppUp(SM) center
"Lenovo Photos" = Lenovo Photos
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"Mozilla Thunderbird 17.0.7 (x86 en-US)" = Mozilla Thunderbird 17.0.7 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NirSoft ShellExView" = NirSoft ShellExView
"Opera 12.15.1748" = Opera 12.15
"Pink Calendar & Day Planner" = Pink Calendar & Day Planner
"SeaMonkey 2.17.1 (x86 en-US)" = SeaMonkey 2.17.1 (x86 en-US)
"SugarSync" = SugarSync Manager
"thinkorswim from TD AMERITRADE" = thinkorswim from TD AMERITRADE
"Trusted Software Assistant_is1" = File Type Assistant
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.3
"Wireshark" = Wireshark 1.8.5 (64-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2444015620-226442998-1639151450-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.18
"SkyDriveSetup.exe" = Microsoft SkyDrive

< End of report >

Thanks Again...

#15
Essexboy

Posted 26 November 2013 - 12:53 PM

GeekU Moderator

Retired Staff
69,964 posts

Looks to have killed most of them could you confirm that you want to keep the following programmes :

File Type Assistant
FreeFileViewer
Free Alarm Clock