Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

redirects and pop up madness :) [Solved]


  • This topic is locked This topic is locked

#1
melint

melint

    Member

  • Member
  • PipPipPip
  • 166 posts
I have been getting tons of redirects and pop up ads and surveys. I am using mozilla firefox. thanks for all the help that you do :) this is driving me crazy~~

OTL logfile created on: 3/6/2014 11:02:03 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chops Towing\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.74 Gb Total Physical Memory | 4.13 Gb Available Physical Memory | 53.30% Memory free
15.48 Gb Paging File | 11.48 Gb Available in Paging File | 74.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.32 Gb Total Space | 529.34 Gb Free Space | 77.02% Space Free | Partition Type: NTFS
Drive D: | 11.07 Gb Total Space | 1.60 Gb Free Space | 14.47% Space Free | Partition Type: NTFS

Computer Name: TWI | User Name: Chops Towing | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/06 11:01:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chops Towing\Downloads\OTL(2).exe
PRC - [2014/02/25 02:55:33 | 003,775,800 | ---- | M] (Intuit Inc. All rights reserved.) -- C:\Users\Chops Towing\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
PRC - [2014/02/21 13:50:28 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
PRC - [2014/02/17 17:51:38 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/01/02 18:32:12 | 033,508,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Chops Towing\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/02 16:59:28 | 001,129,288 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2013/12/02 16:57:54 | 001,215,304 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
PRC - [2013/12/02 16:20:28 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2013/12/02 14:27:20 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2013/11/20 15:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/09/07 08:14:40 | 000,055,624 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2013/09/07 08:14:38 | 000,055,624 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2013/04/21 20:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe
PRC - [2009/10/22 20:50:40 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/09/19 16:40:54 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/09/19 16:40:48 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/09/19 16:39:06 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/09/19 16:38:48 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2009/08/24 20:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/10/21 17:02:08 | 000,176,128 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files (x86)\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
PRC - [2004/09/17 02:45:56 | 000,118,784 | ---- | M] (Avanquest USA LLC) -- C:\Program Files (x86)\MySoftware\MyInvoices\Tracker.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/06 10:20:12 | 000,041,984 | ---- | M] () -- c:\Users\Chops Towing\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppfkju2.dll
MOD - [2014/02/21 13:50:28 | 016,265,096 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
MOD - [2014/02/17 17:51:38 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/02/06 21:17:00 | 000,099,872 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\extensions\{78bb4af5-a701-c8c9-f2bc-14386ddd1c49}\components\SmartbarFireFoxRemotePlugin_27.dll
MOD - [2013/12/17 20:25:54 | 003,610,624 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/12/02 16:58:40 | 000,140,616 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBProActiveCore.DLL
MOD - [2013/12/02 16:58:38 | 000,148,296 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBMAPILibrary.dll
MOD - [2013/12/02 16:58:34 | 000,021,320 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBCompressor.DLL
MOD - [2013/12/02 16:58:24 | 000,043,848 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\mbpopup.dll
MOD - [2013/12/02 16:58:16 | 000,760,648 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\FeaturesBridge.DLL
MOD - [2013/12/02 16:58:16 | 000,621,896 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\FtuEngine.dll
MOD - [2013/12/02 16:58:04 | 000,623,432 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
MOD - [2013/12/02 16:58:04 | 000,247,112 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll
MOD - [2013/12/02 16:58:00 | 000,578,888 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\BackupLib.dll
MOD - [2013/12/02 14:27:14 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\zlib1.dll
MOD - [2013/10/18 17:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/09/14 00:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 00:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/08/15 06:40:49 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6e0e5467e23a80c5c7d34f65dc7f87f2\System.IdentityModel.ni.dll
MOD - [2013/08/15 06:40:48 | 018,101,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\918ce68a67ddb5558994e20dc3a74c8a\System.ServiceModel.ni.dll
MOD - [2013/08/15 06:39:20 | 012,100,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\c7a85f1270da03424f153ed84a2fae51\System.Web.ni.dll
MOD - [2013/08/15 06:39:12 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll
MOD - [2013/08/15 06:39:12 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.Wrapper.dll
MOD - [2013/08/15 06:39:11 | 001,021,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\b12cbfa020af0c619d8f58c6b665efc1\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/08/15 06:39:11 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/15 06:39:10 | 002,646,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\332407a3f224f388f70120d33cb872d5\System.Runtime.Serialization.ni.dll
MOD - [2013/08/15 06:39:10 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d083ee23a4c0d8cf76ae9e95e52d0388\SMDiagnostics.ni.dll
MOD - [2013/08/15 06:38:44 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/14 16:06:54 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e205d971e9ffa1771cff3d3dde1c3c2b\PresentationFramework.ni.dll
MOD - [2013/08/14 16:06:42 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\107b8a28ba272e93556f0e2bfa2c4e16\PresentationCore.ni.dll
MOD - [2013/08/14 16:06:35 | 006,813,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\a10f361c888b8b98f7ad1fa8d7a51516\System.Data.ni.dll
MOD - [2013/08/14 16:06:33 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6405f08f877802703cfd956c072a4ad0\WindowsBase.ni.dll
MOD - [2013/08/14 16:06:32 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1a3b614a84244ea5fa4147b5cf007333\System.Windows.Forms.ni.dll
MOD - [2013/08/14 16:06:31 | 007,053,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\608aa2db27d45e63a4863f1f1d06897a\System.Core.ni.dll
MOD - [2013/08/14 16:06:29 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\df40dab689e9d8febfb943599ba79f8d\System.Configuration.ni.dll
MOD - [2013/08/14 16:06:27 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/14 16:06:25 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/14 16:06:23 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/07/11 02:23:30 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\51fe07d5205cd85d996af305a38b3770\Accessibility.ni.dll
MOD - [2013/07/11 02:08:30 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/22 20:50:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2006/11/27 12:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Panasonic\Panasonic-DMS\Port Controller\PDFMAKE.DLL
MOD - [2005/01/24 22:01:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Panasonic\Panasonic-DMS\Port Controller\MFPPROC.DLL
MOD - [2004/08/18 17:02:50 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\SKINS\Office2003.dll
MOD - [2003/12/07 16:30:40 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Panasonic\Panasonic-DMS\Port Controller\MFPSEQ.dll
MOD - [1997/11/05 02:06:00 | 000,517,120 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\mtl70mt.dll
MOD - [1997/11/05 02:05:58 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\mmnyd.dll
MOD - [1997/11/05 02:05:52 | 000,323,584 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\CB5DVL.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/06/28 16:37:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/02/21 13:50:28 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/17 17:51:38 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/02 16:20:28 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2013/12/02 14:27:20 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2013/12/02 14:27:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe -- (NIS)
SRV - [2009/09/19 16:39:06 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/17 16:09:02 | 000,061,592 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netfilter64.sys -- (Netfilter64)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/19 09:31:46 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/02/26 20:23:54 | 000,149,552 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/02/26 20:23:21 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/02/26 20:23:21 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/02/25 17:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/03 19:40:52 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/02/03 19:40:50 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2009/10/22 00:23:18 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2009/10/22 00:23:18 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2009/10/06 07:49:14 | 000,230,456 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/08/29 18:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2009/08/20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/28 16:37:00 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 14:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 04:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/03 08:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2010/04/29 11:44:04 | 000,678,448 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/10/28 16:37:21 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100513.002\IDSviA64.sys -- (IDSVia64)
DRV - [2009/10/22 00:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/22 00:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/29 03:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{37DA6865-C85B-42E9-B8E2-1F6B1F30BE84}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{8CFFB8DF-E170-47DC-810B-862F7A8E63F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {BB046E20-E48F-4915-AE50-D545283BE420}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: support%40tubedimmerapp.com:2.6.47
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130818030116
FF - prefs.js..extensions.enabledAddons: %7B78bb4af5-a701-c8c9-f2bc-14386ddd1c49%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://feed.snapdo.c...FMLRKeg_eHZ&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/26 12:34:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/05/26 12:33:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 17:31:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 17:31:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\

[2013/02/07 10:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Extensions
[2014/02/27 13:57:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\extensions
[2013/08/22 05:03:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/02/18 21:31:48 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\extensions\{78bb4af5-a701-c8c9-f2bc-14386ddd1c49}
[2014/02/27 13:57:27 | 000,000,000 | ---D | M] (SavingsBull) -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\extensions\[email protected]
[2013/11/25 16:20:53 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\extensions\[email protected]
[2014/02/19 08:27:45 | 000,000,975 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\searchplugins\conduit-search.xml
[2014/02/18 21:31:47 | 000,002,369 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\searchplugins\Web Search.xml
[2013/12/20 07:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/17 17:51:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/20 07:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013/12/20 07:20:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

========== Chrome ==========

CHR - homepage: http://feed.snapdo.c...ees0xkllD2iAL-J
CHR - plugin: Conduit Search (Disabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: Social Privacy = C:\Users\Chops Towing\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0\
CHR - Extension: SpeedDial = C:\Users\Chops Towing\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Tracker] C:\Program Files (x86)\MySoftware\MyInvoices\Tracker.exe (Avanquest USA LLC)
O4 - HKCU..\Run: [AdobeUpdater] "C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe" File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Chops Towing\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [Driver Tool] C:\Program Files (x86)\Driver Tool\Driver Tool\DriverTool.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW File not found
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Chops Towing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chops Towing\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22D4B7CB-5413-481B-A3FB-CDD966F9415B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35B22FFF-A9A8-4048-A887-21B6996DB237}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35B22FFF-A9A8-4048-A887-21B6996DB237}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{521E8D85-C6BE-45A4-823A-8E62015D15D2}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{521E8D85-C6BE-45A4-823A-8E62015D15D2}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D6F4CC0-1FC3-4004-B13F-D2DDE2F3646A}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7236146A-504C-4193-8EC2-EA04F7DCAA50}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7236146A-504C-4193-8EC2-EA04F7DCAA50}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{941DD8A9-65B9-4757-A6AB-1F794F02BBB5}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4EA2B12-1511-48CD-BE4F-214FBFFEA25C}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\intu-help-qb7 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb7 {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/02/16 08:28:56 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{058c6d2b-6739-11e0-8ef6-18a905bba72e}\Shell - "" = AutoRun
O33 - MountPoints2\{058c6d2b-6739-11e0-8ef6-18a905bba72e}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O33 - MountPoints2\{27e09285-6985-11df-bade-18a905bba72e}\Shell - "" = AutoRun
O33 - MountPoints2\{27e09285-6985-11df-bade-18a905bba72e}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{755a48ae-7e02-11e0-ba21-18a905bba72e}\Shell - "" = AutoRun
O33 - MountPoints2\{755a48ae-7e02-11e0-ba21-18a905bba72e}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/03 09:10:06 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\arco certs .500 plate
[2014/02/27 14:38:08 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\EDrawings
[2014/02/27 14:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks 2014
[2014/02/27 14:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eDrawings2014
[2014/02/26 16:15:19 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2014/02/26 14:56:09 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{476603EE-9FA1-40DA-A364-0215D0391AE9}
[2014/02/26 14:54:48 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\w-9
[2014/02/26 11:44:49 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Desktop\w-9 signed form
[2014/02/26 11:40:39 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\w-9 from
[2014/02/26 11:29:18 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{75A3E536-3262-44B3-B661-9AD2BA83225E}
[2014/02/25 07:56:05 | 000,000,000 | ---D | C] -- C:\temp
[2014/02/25 07:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2014/02/24 19:43:36 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\Signed Arco Pay request
[2014/02/24 18:28:01 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\Arco AIA-G703
[2014/02/24 18:26:36 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\Arco Pay Request
[2014/02/24 11:41:01 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{2D790828-B270-485E-8D36-A958965971A5}
[2014/02/24 11:39:59 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Desktop\scott mardi grax 2014
[2014/02/21 16:15:41 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Panasonic
[2014/02/20 12:08:06 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{3268E60C-14F2-47C7-912A-58BDDE767E2D}
[2014/02/19 15:08:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic
[2014/02/19 15:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
[2014/02/19 15:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic
[2014/02/19 15:07:39 | 000,000,000 | ---D | C] -- C:\Panasonic
[2014/02/19 15:06:49 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\InstallShield
[2014/02/19 11:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2014/02/19 11:46:12 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\PC_Drivers_Headquarters
[2014/02/19 11:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Tool
[2014/02/19 11:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Tool
[2014/02/19 11:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Tool
[2014/02/19 10:26:16 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Malwarebytes
[2014/02/19 10:26:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/19 10:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/19 10:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/19 10:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/19 10:25:56 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\Programs
[2014/02/19 08:30:28 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\SearchProtect
[2014/02/19 06:38:51 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\ParetoLogic
[2014/02/19 06:38:51 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\DriverCure
[2014/02/19 06:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2014/02/19 06:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetNowUpdater
[2014/02/19 06:20:20 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater
[2014/02/19 06:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/02/19 06:18:34 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\ PANASONIC DP-190 user guide
[2014/02/18 21:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
[2014/02/18 21:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverTuner
[2014/02/18 21:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
[2014/02/18 21:30:50 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\captcha_error
[2014/02/18 09:17:49 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{0B1E164C-2BCB-40FB-A0FD-432514312286}
[2014/02/18 09:17:17 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{485E981E-1B35-4E48-9D6A-7646ABDB6D15}
[2014/02/18 09:07:40 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\welding certs
[2014/02/17 12:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
[2014/02/17 12:49:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nuance
[2014/02/17 12:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2014/02/17 12:34:33 | 560,486,400 | ---- | C] (Intuit, Inc. ) -- C:\Users\Chops Towing\Desktop\QuickBooksProSub2014.exe
[2014/02/17 12:34:32 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Download Manager
[2014/02/17 12:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Akamai
[2014/02/16 08:07:41 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Autodesk
[2014/02/16 08:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2014/02/16 08:05:49 | 000,000,000 | ---D | C] -- C:\Autodesk
[2014/02/11 10:23:21 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\ARCO CONTRACT
[2014/02/05 12:25:37 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{3A107469-ABA5-497A-883A-35DB93592517}
[2014/02/05 08:54:42 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Desktop\New folder
[1 C:\Users\Chops Towing\Documents\*.tmp files -> C:\Users\Chops Towing\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/06 11:03:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/06 10:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/06 10:30:50 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChops Towing.job
[2014/03/06 10:27:07 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/06 10:27:07 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/06 10:19:23 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/06 10:18:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/06 10:18:51 | 1939,779,583 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/28 16:08:03 | 000,004,090 | ---- | M] () -- C:\Users\Chops Towing\Documents\MATERIAL LIST OILFIELD VALVE DWG 22-516 REVISED.ods
[2014/02/28 10:00:10 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/02/27 14:29:12 | 000,398,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/27 14:27:44 | 000,000,000 | ---- | M] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2014/02/27 14:27:41 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\eDrawings 2014.lnk
[2014/02/26 11:39:04 | 000,640,722 | ---- | M] () -- C:\Users\Chops Towing\Documents\2014.jpg
[2014/02/26 11:16:25 | 000,012,800 | ---- | M] () -- C:\Users\Chops Towing\Documents\letter to angel.wps
[2014/02/26 11:16:25 | 000,004,674 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\wklnhst.dat
[2014/02/24 17:57:19 | 000,778,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/24 17:57:19 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/24 17:57:19 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/24 11:46:43 | 000,002,275 | ---- | M] () -- C:\Users\Chops Towing\Documents\My Movie.wlmp
[2014/02/24 10:30:57 | 000,004,969 | ---- | M] () -- C:\Users\Chops Towing\Intuit_QBOB_Internal.pdf
[2014/02/19 15:10:37 | 000,001,293 | ---- | M] () -- C:\Users\Chops Towing\Desktop\Network Scan Data - Shortcut.lnk
[2014/02/19 15:08:53 | 000,000,031 | ---- | M] () -- C:\dev.ini
[2014/02/19 15:08:00 | 000,002,313 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Panasonic Communications Utility.lnk
[2014/02/19 11:44:51 | 000,002,246 | ---- | M] () -- C:\Users\Public\Desktop\Driver Tool.lnk
[2014/02/19 10:26:09 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/19 08:30:21 | 004,379,449 | ---- | M] () -- C:\Users\Chops Towing\Documents\PANASONIC DP-190 user guide.pdf
[2014/02/19 06:39:10 | 000,010,814 | ---- | M] () -- C:\Users\Chops Towing\Desktop\2014-02-04 13.36.15 - Shortcut.lnk
[2014/02/19 06:20:22 | 000,001,019 | ---- | M] () -- C:\Users\Chops Towing\Desktop\GetNowUpdater.lnk
[2014/02/18 21:45:26 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\DriverTuner.lnk
[2014/02/18 21:32:04 | 000,001,054 | ---- | M] () -- C:\Users\Chops Towing\Desktop\PC Speed Up.lnk
[2014/02/17 12:51:39 | 000,000,095 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2014/02/17 12:51:31 | 000,002,436 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2014/02/17 12:51:31 | 000,002,223 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2014/02/17 12:51:31 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\QuickBooks Pro Plus 2014.lnk
[2014/02/17 12:51:31 | 000,002,032 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2014/02/17 12:41:00 | 560,486,400 | ---- | M] (Intuit, Inc. ) -- C:\Users\Chops Towing\Desktop\QuickBooksProSub2014.exe
[2014/02/17 12:34:32 | 000,001,784 | ---- | M] () -- C:\Users\Chops Towing\Desktop\Setup_QuickBooksProSub2014[1].lnk
[2014/02/17 12:34:13 | 000,537,712 | ---- | M] () -- C:\Users\Chops Towing\Documents\Setup_QuickBooksProSub2014.exe
[2014/02/05 08:56:09 | 000,098,937 | ---- | M] () -- C:\Users\Chops Towing\Desktop\Grand Alumn Frame Snap shot.png
[2014/02/04 18:28:49 | 000,001,946 | ---- | M] () -- C:\Users\Chops Towing\Desktop\W-9 FORM 001 - Shortcut.lnk
[1 C:\Users\Chops Towing\Documents\*.tmp files -> C:\Users\Chops Towing\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/27 14:27:44 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2014/02/27 14:27:41 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\eDrawings 2014.lnk
[2014/02/26 11:39:04 | 000,640,722 | ---- | C] () -- C:\Users\Chops Towing\Documents\2014.jpg
[2014/02/24 11:45:49 | 000,002,275 | ---- | C] () -- C:\Users\Chops Towing\Documents\My Movie.wlmp
[2014/02/19 15:10:37 | 000,001,293 | ---- | C] () -- C:\Users\Chops Towing\Desktop\Network Scan Data - Shortcut.lnk
[2014/02/19 15:08:53 | 000,000,031 | ---- | C] () -- C:\dev.ini
[2014/02/19 15:08:00 | 000,002,313 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Panasonic Communications Utility.lnk
[2014/02/19 11:44:51 | 000,002,246 | ---- | C] () -- C:\Users\Public\Desktop\Driver Tool.lnk
[2014/02/19 10:26:09 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/19 08:30:34 | 004,379,449 | ---- | C] () -- C:\Users\Chops Towing\Documents\PANASONIC DP-190 user guide.pdf
[2014/02/19 06:20:22 | 000,001,019 | ---- | C] () -- C:\Users\Chops Towing\Desktop\GetNowUpdater.lnk
[2014/02/18 21:45:26 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\DriverTuner.lnk
[2014/02/18 21:32:04 | 000,001,054 | ---- | C] () -- C:\Users\Chops Towing\Desktop\PC Speed Up.lnk
[2014/02/17 12:51:31 | 000,002,436 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2014/02/17 12:51:31 | 000,002,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2014/02/17 12:51:31 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\QuickBooks Pro Plus 2014.lnk
[2014/02/17 12:51:31 | 000,002,032 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2014/02/17 12:34:32 | 000,001,784 | ---- | C] () -- C:\Users\Chops Towing\Desktop\Setup_QuickBooksProSub2014[1].lnk
[2014/02/17 12:34:13 | 000,537,712 | ---- | C] () -- C:\Users\Chops Towing\Documents\Setup_QuickBooksProSub2014.exe
[2014/02/05 12:18:41 | 000,010,814 | ---- | C] () -- C:\Users\Chops Towing\Desktop\2014-02-04 13.36.15 - Shortcut.lnk
[2014/02/05 08:56:09 | 000,098,937 | ---- | C] () -- C:\Users\Chops Towing\Desktop\Grand Alumn Frame Snap shot.png
[2014/02/04 18:28:49 | 000,001,946 | ---- | C] () -- C:\Users\Chops Towing\Desktop\W-9 FORM 001 - Shortcut.lnk
[2014/01/30 14:05:01 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2013/01/10 09:48:32 | 000,004,969 | ---- | C] () -- C:\Users\Chops Towing\Intuit_QBOB_Internal.pdf
[2012/10/08 14:04:44 | 002,034,452 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpIMG_3584.0
[2012/10/08 14:04:44 | 000,707,043 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpIMG_3584.JPG
[2012/07/05 17:18:27 | 000,384,844 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\funmoods-speeddial.crx
[2012/05/17 10:38:57 | 000,001,318 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/05/15 10:08:24 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/13 12:33:45 | 000,251,664 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpALLLISON INVOICE_CROP.JPG
[2012/04/13 12:30:33 | 000,264,688 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpALLLISON INVOICE.JPG
[2012/01/27 14:51:00 | 002,088,191 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpIMG_1988.JPG
[2011/07/21 08:45:38 | 000,001,854 | ---- | C] () -- C:\Users\Chops Towing\AppData\Roaming\GhostObjGAFix.xml
[2011/06/03 14:41:54 | 001,495,063 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpBLOSSOM.JPG
[2011/02/27 18:26:18 | 001,185,279 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpIMG_0844.JPG
[2011/02/22 16:17:08 | 000,743,282 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpI PHONE PICS BEFORE MARCH 16 2010 146.JPG
[2010/07/16 12:59:16 | 000,004,674 | ---- | C] () -- C:\Users\Chops Towing\AppData\Roaming\wklnhst.dat
[2010/05/26 13:15:14 | 000,005,055 | ---- | C] () -- C:\Users\Chops Towing\Chop payroll summary.pdf
[2010/05/07 14:19:38 | 000,108,920 | ---- | C] () -- C:\Users\Chops Towing\g2ax_customer_downloadhelper_win32_x86.exe

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013/11/15 09:58:13 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2013/11/15 09:58:13 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3949928028-1693004598-2059892003-1000\$487503e8d9425b9afb46a75ede856ef3\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/19 06:18:34 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\ PANASONIC DP-190 user guide
[2014/02/16 08:07:41 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Autodesk
[2012/06/18 12:23:20 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Babylon
[2014/02/18 21:30:50 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\captcha_error
[2014/02/19 06:38:51 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\DriverCure
[2014/03/06 10:21:30 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Dropbox
[2014/01/13 10:54:26 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\DropboxMaster
[2014/02/27 14:40:09 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\EDrawings
[2010/03/24 10:36:27 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\ElementalsTheMagicKey
[2014/02/18 06:53:22 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater
[2010/03/23 11:23:23 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\iWin
[2012/10/17 13:31:31 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Masque
[2014/02/21 16:15:41 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Panasonic
[2014/02/19 06:38:51 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\ParetoLogic
[2012/06/18 12:25:37 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\PDFlite
[2010/03/19 09:30:12 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\PictureMover
[2013/08/15 13:31:35 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\SketchUp
[2012/10/17 12:41:05 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Stardock
[2010/07/16 12:59:19 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Template
[2010/04/05 09:10:38 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\WinBatch
[2012/07/09 08:38:42 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 573 bytes -> C:\Users\Chops Towing\Desktop\2014-01-23 11.43.56.jpg:com.dropbox.attributes
@Alternate Data Stream - 572 bytes -> C:\Users\Chops Towing\Desktop\2014-01-23 11.45.48.jpg:com.dropbox.attributes

< End of report >
  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Welcome to GeeksToGo, melint

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

 

Please move OTL.exe to your desktop. It is currently located at your downloads folder (C:\Users\Chops Towing\Downloads)

OTL

  • Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Change the following options:

    • Extra Registry > All
  • Click Run Scan to start OTL.
  • When OTL finishes scanning, two logs, OTL.txt and Extras.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

  • 0

#3
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
thanks so much for your very quick response to my pc problems. below are the two reports you requested.

OTL logfile created on: 3/6/2014 12:07:53 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chops Towing\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.74 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 34.47% Memory free
15.48 Gb Paging File | 10.28 Gb Available in Paging File | 66.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.32 Gb Total Space | 529.28 Gb Free Space | 77.01% Space Free | Partition Type: NTFS
Drive D: | 11.07 Gb Total Space | 1.60 Gb Free Space | 14.47% Space Free | Partition Type: NTFS

Computer Name: TWI | User Name: Chops Towing | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/06 11:01:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chops Towing\Downloads\OTL(2).exe
PRC - [2014/02/25 02:55:33 | 003,775,800 | ---- | M] (Intuit Inc. All rights reserved.) -- C:\Users\Chops Towing\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
PRC - [2014/02/21 13:50:28 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
PRC - [2014/02/17 17:51:38 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/01/02 18:32:12 | 033,508,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Chops Towing\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/02 16:59:28 | 001,129,288 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2013/12/02 16:57:54 | 001,215,304 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
PRC - [2013/12/02 16:20:28 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2013/12/02 14:27:20 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2013/11/20 15:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/09/07 08:14:38 | 000,055,624 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe
PRC - [2009/10/22 20:50:40 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/09/19 16:40:54 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/09/19 16:40:48 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/09/19 16:39:06 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/09/19 16:38:48 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2009/08/24 20:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/10/21 17:02:08 | 000,176,128 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files (x86)\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
PRC - [2004/09/17 02:45:56 | 000,118,784 | ---- | M] (Avanquest USA LLC) -- C:\Program Files (x86)\MySoftware\MyInvoices\Tracker.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/06 10:20:12 | 000,041,984 | ---- | M] () -- c:\Users\Chops Towing\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppfkju2.dll
MOD - [2014/02/21 13:50:28 | 016,265,096 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
MOD - [2014/02/17 17:51:38 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/02/06 21:17:00 | 000,099,872 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\extensions\{78bb4af5-a701-c8c9-f2bc-14386ddd1c49}\components\SmartbarFireFoxRemotePlugin_27.dll
MOD - [2013/12/17 20:25:54 | 003,610,624 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/12/02 16:58:54 | 000,113,992 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\Webification.DLL
MOD - [2013/12/02 16:58:50 | 000,495,944 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\SyncManagerUtils.dll
MOD - [2013/12/02 16:58:46 | 000,127,304 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\ReportBridge.DLL
MOD - [2013/12/02 16:58:40 | 000,140,616 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBProActiveCore.DLL
MOD - [2013/12/02 16:58:38 | 000,148,296 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBMAPILibrary.dll
MOD - [2013/12/02 16:58:34 | 000,021,320 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBCompressor.DLL
MOD - [2013/12/02 16:58:32 | 000,113,480 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QB2WPFBridge.dll
MOD - [2013/12/02 16:58:24 | 000,043,848 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\mbpopup.dll
MOD - [2013/12/02 16:58:22 | 000,104,264 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\IPDWidgetInterop.dll
MOD - [2013/12/02 16:58:22 | 000,086,344 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\IPDWidgetBridge.DLL
MOD - [2013/12/02 16:58:20 | 000,060,232 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\htmlhelper.dll
MOD - [2013/12/02 16:58:16 | 000,760,648 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\FeaturesBridge.DLL
MOD - [2013/12/02 16:58:16 | 000,621,896 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\FtuEngine.dll
MOD - [2013/12/02 16:58:04 | 000,623,432 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
MOD - [2013/12/02 16:58:04 | 000,247,112 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll
MOD - [2013/12/02 16:58:00 | 000,578,888 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\BackupLib.dll
MOD - [2013/12/02 14:27:14 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\zlib1.dll
MOD - [2013/10/18 17:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/09/14 00:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 00:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/08/15 06:41:36 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\6a6925ae06bbe4b8e647e203597af47a\WindowsFormsIntegration.ni.dll
MOD - [2013/08/15 06:40:49 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6e0e5467e23a80c5c7d34f65dc7f87f2\System.IdentityModel.ni.dll
MOD - [2013/08/15 06:40:48 | 018,101,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\918ce68a67ddb5558994e20dc3a74c8a\System.ServiceModel.ni.dll
MOD - [2013/08/15 06:40:30 | 013,325,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\01288085cbefbc8439953dbf5d42b87e\System.Data.Entity.ni.dll
MOD - [2013/08/15 06:39:24 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\4b2e892995b8cdefb1e2cddb96f32736\UIAutomationProvider.ni.dll
MOD - [2013/08/15 06:39:23 | 001,189,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\191f91aab285c18de5d3c6c38f44a118\System.Data.OracleClient.ni.dll
MOD - [2013/08/15 06:39:20 | 012,100,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\c7a85f1270da03424f153ed84a2fae51\System.Web.ni.dll
MOD - [2013/08/15 06:39:12 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll
MOD - [2013/08/15 06:39:12 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.Wrapper.dll
MOD - [2013/08/15 06:39:11 | 001,021,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\b12cbfa020af0c619d8f58c6b665efc1\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/08/15 06:39:11 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/15 06:39:10 | 002,646,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\332407a3f224f388f70120d33cb872d5\System.Runtime.Serialization.ni.dll
MOD - [2013/08/15 06:39:10 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d083ee23a4c0d8cf76ae9e95e52d0388\SMDiagnostics.ni.dll
MOD - [2013/08/15 06:39:08 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\32800018747dbf43506ac49e697daea9\System.Xml.Linq.ni.dll
MOD - [2013/08/15 06:38:44 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/14 16:06:54 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e205d971e9ffa1771cff3d3dde1c3c2b\PresentationFramework.ni.dll
MOD - [2013/08/14 16:06:42 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\107b8a28ba272e93556f0e2bfa2c4e16\PresentationCore.ni.dll
MOD - [2013/08/14 16:06:35 | 006,813,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\a10f361c888b8b98f7ad1fa8d7a51516\System.Data.ni.dll
MOD - [2013/08/14 16:06:33 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6405f08f877802703cfd956c072a4ad0\WindowsBase.ni.dll
MOD - [2013/08/14 16:06:32 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1a3b614a84244ea5fa4147b5cf007333\System.Windows.Forms.ni.dll
MOD - [2013/08/14 16:06:31 | 007,053,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\608aa2db27d45e63a4863f1f1d06897a\System.Core.ni.dll
MOD - [2013/08/14 16:06:30 | 000,749,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\121e3bb63d1d2d2487c855819263ed7c\System.Security.ni.dll
MOD - [2013/08/14 16:06:29 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\df40dab689e9d8febfb943599ba79f8d\System.Configuration.ni.dll
MOD - [2013/08/14 16:06:28 | 000,755,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e2d3740c10f91e2676570dcc3be6680e\PresentationFramework.Luna.ni.dll
MOD - [2013/08/14 16:06:27 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/14 16:06:27 | 000,309,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9d160913e64d7732a8c725fc7f2d818b\PresentationFramework.Classic.ni.dll
MOD - [2013/08/14 16:06:25 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/14 16:06:25 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\228b114c79c5d9024bdb4cc580e32c09\PresentationFramework.Aero.ni.dll
MOD - [2013/08/14 16:06:23 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/07/11 02:24:08 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\cb5671235362c8e17b1a1f0b67bfc8d9\UIAutomationTypes.ni.dll
MOD - [2013/07/11 02:23:39 | 000,194,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\c9786062fbb311c543497e28c1e1a0c5\CustomMarshalers.ni.dll
MOD - [2013/07/11 02:23:30 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\51fe07d5205cd85d996af305a38b3770\Accessibility.ni.dll
MOD - [2013/07/11 02:08:31 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\cfbc74c91b44af85d10b272ae5c70d5a\System.Numerics.ni.dll
MOD - [2013/07/11 02:08:30 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/22 20:50:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2006/11/27 12:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Panasonic\Panasonic-DMS\Port Controller\PDFMAKE.DLL
MOD - [2005/01/24 22:01:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Panasonic\Panasonic-DMS\Port Controller\MFPPROC.DLL
MOD - [2004/08/18 17:02:50 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\SKINS\Office2003.dll
MOD - [2003/12/07 16:30:40 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Panasonic\Panasonic-DMS\Port Controller\MFPSEQ.dll
MOD - [1997/11/05 02:06:00 | 000,517,120 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\mtl70mt.dll
MOD - [1997/11/05 02:05:58 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\mmnyd.dll
MOD - [1997/11/05 02:05:52 | 000,323,584 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\CB5DVL.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/06/28 16:37:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/02/21 13:50:28 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/17 17:51:38 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/02 16:20:28 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2013/12/02 14:27:20 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2013/12/02 14:27:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe -- (NIS)
SRV - [2009/09/19 16:39:06 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/17 16:09:02 | 000,061,592 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netfilter64.sys -- (Netfilter64)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/19 09:31:46 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/02/26 20:23:54 | 000,149,552 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/02/26 20:23:21 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/02/26 20:23:21 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/02/25 17:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/03 19:40:52 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/02/03 19:40:50 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2009/10/22 00:23:18 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2009/10/22 00:23:18 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2009/10/06 07:49:14 | 000,230,456 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/08/29 18:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2009/08/20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/28 16:37:00 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 14:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 04:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/03 08:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2010/04/29 11:44:04 | 000,678,448 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/10/28 16:37:21 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100513.002\IDSviA64.sys -- (IDSVia64)
DRV - [2009/10/22 00:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/22 00:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/29 03:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{37DA6865-C85B-42E9-B8E2-1F6B1F30BE84}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{8CFFB8DF-E170-47DC-810B-862F7A8E63F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {BB046E20-E48F-4915-AE50-D545283BE420}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: support%40tubedimmerapp.com:2.6.47
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130818030116
FF - prefs.js..extensions.enabledAddons: %7B78bb4af5-a701-c8c9-f2bc-14386ddd1c49%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://feed.snapdo.c...FMLRKeg_eHZ&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/26 12:34:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/05/26 12:33:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 17:31:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 17:31:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\

[2013/02/07 10:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Extensions
[2014/02/27 13:57:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\extensions
[2013/08/22 05:03:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/02/18 21:31:48 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\extensions\{78bb4af5-a701-c8c9-f2bc-14386ddd1c49}
[2014/02/27 13:57:27 | 000,000,000 | ---D | M] (SavingsBull) -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\extensions\[email protected]
[2013/11/25 16:20:53 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\extensions\[email protected]
[2014/02/19 08:27:45 | 000,000,975 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\searchplugins\conduit-search.xml
[2014/02/18 21:31:47 | 000,002,369 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\searchplugins\Web Search.xml
[2013/12/20 07:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/17 17:51:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/20 07:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013/12/20 07:20:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

========== Chrome ==========

CHR - homepage: http://feed.snapdo.c...ees0xkllD2iAL-J
CHR - plugin: Conduit Search (Disabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: Social Privacy = C:\Users\Chops Towing\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0\
CHR - Extension: SpeedDial = C:\Users\Chops Towing\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Tracker] C:\Program Files (x86)\MySoftware\MyInvoices\Tracker.exe (Avanquest USA LLC)
O4 - HKCU..\Run: [AdobeUpdater] "C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe" File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Chops Towing\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [Driver Tool] C:\Program Files (x86)\Driver Tool\Driver Tool\DriverTool.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW File not found
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Chops Towing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chops Towing\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22D4B7CB-5413-481B-A3FB-CDD966F9415B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35B22FFF-A9A8-4048-A887-21B6996DB237}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35B22FFF-A9A8-4048-A887-21B6996DB237}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{521E8D85-C6BE-45A4-823A-8E62015D15D2}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{521E8D85-C6BE-45A4-823A-8E62015D15D2}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D6F4CC0-1FC3-4004-B13F-D2DDE2F3646A}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7236146A-504C-4193-8EC2-EA04F7DCAA50}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7236146A-504C-4193-8EC2-EA04F7DCAA50}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{941DD8A9-65B9-4757-A6AB-1F794F02BBB5}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4EA2B12-1511-48CD-BE4F-214FBFFEA25C}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\intu-help-qb7 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb7 {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/02/16 08:28:56 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{058c6d2b-6739-11e0-8ef6-18a905bba72e}\Shell - "" = AutoRun
O33 - MountPoints2\{058c6d2b-6739-11e0-8ef6-18a905bba72e}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O33 - MountPoints2\{27e09285-6985-11df-bade-18a905bba72e}\Shell - "" = AutoRun
O33 - MountPoints2\{27e09285-6985-11df-bade-18a905bba72e}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{755a48ae-7e02-11e0-ba21-18a905bba72e}\Shell - "" = AutoRun
O33 - MountPoints2\{755a48ae-7e02-11e0-ba21-18a905bba72e}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/03 09:10:06 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\arco certs .500 plate
[2014/02/27 14:38:08 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\EDrawings
[2014/02/27 14:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks 2014
[2014/02/27 14:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eDrawings2014
[2014/02/26 16:15:19 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2014/02/26 14:56:09 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{476603EE-9FA1-40DA-A364-0215D0391AE9}
[2014/02/26 14:54:48 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\w-9
[2014/02/26 11:44:49 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Desktop\w-9 signed form
[2014/02/26 11:40:39 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\w-9 from
[2014/02/26 11:29:18 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{75A3E536-3262-44B3-B661-9AD2BA83225E}
[2014/02/25 07:56:05 | 000,000,000 | ---D | C] -- C:\temp
[2014/02/25 07:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2014/02/24 19:43:36 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\Signed Arco Pay request
[2014/02/24 18:28:01 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\Arco AIA-G703
[2014/02/24 18:26:36 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\Arco Pay Request
[2014/02/24 11:41:01 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{2D790828-B270-485E-8D36-A958965971A5}
[2014/02/24 11:39:59 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Desktop\scott mardi grax 2014
[2014/02/21 16:15:41 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Panasonic
[2014/02/21 13:50:24 | 017,858,952 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/02/20 12:08:06 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{3268E60C-14F2-47C7-912A-58BDDE767E2D}
[2014/02/19 15:08:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic
[2014/02/19 15:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
[2014/02/19 15:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic
[2014/02/19 15:07:39 | 000,000,000 | ---D | C] -- C:\Panasonic
[2014/02/19 15:06:49 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\InstallShield
[2014/02/19 11:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2014/02/19 11:46:12 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\PC_Drivers_Headquarters
[2014/02/19 11:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Tool
[2014/02/19 11:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Tool
[2014/02/19 11:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Tool
[2014/02/19 10:26:16 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Malwarebytes
[2014/02/19 10:26:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/19 10:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/19 10:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/19 10:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/19 10:25:56 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\Programs
[2014/02/19 08:30:28 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\SearchProtect
[2014/02/19 06:38:51 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\ParetoLogic
[2014/02/19 06:38:51 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\DriverCure
[2014/02/19 06:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2014/02/19 06:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetNowUpdater
[2014/02/19 06:20:20 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater
[2014/02/19 06:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/02/19 06:18:34 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\ PANASONIC DP-190 user guide
[2014/02/18 21:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
[2014/02/18 21:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverTuner
[2014/02/18 21:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
[2014/02/18 21:30:50 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\captcha_error
[2014/02/18 09:17:49 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{0B1E164C-2BCB-40FB-A0FD-432514312286}
[2014/02/18 09:17:17 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{485E981E-1B35-4E48-9D6A-7646ABDB6D15}
[2014/02/18 09:07:40 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\welding certs
[2014/02/17 12:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
[2014/02/17 12:49:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nuance
[2014/02/17 12:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2014/02/17 12:34:33 | 560,486,400 | ---- | C] (Intuit, Inc. ) -- C:\Users\Chops Towing\Desktop\QuickBooksProSub2014.exe
[2014/02/17 12:34:32 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Download Manager
[2014/02/17 12:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Akamai
[2014/02/16 08:07:41 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Autodesk
[2014/02/16 08:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2014/02/16 08:05:49 | 000,000,000 | ---D | C] -- C:\Autodesk
[2014/02/11 10:23:21 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\ARCO CONTRACT
[2014/02/05 12:25:37 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{3A107469-ABA5-497A-883A-35DB93592517}
[2014/02/05 08:54:42 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Desktop\New folder
[1 C:\Users\Chops Towing\Documents\*.tmp files -> C:\Users\Chops Towing\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/06 12:06:14 | 000,001,227 | ---- | M] () -- C:\Users\Chops Towing\Desktop\OTL(2) - Shortcut.lnk
[2014/03/06 12:03:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/06 11:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/06 10:30:50 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChops Towing.job
[2014/03/06 10:27:07 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/06 10:27:07 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/06 10:19:23 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/06 10:18:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/06 10:18:51 | 1939,779,583 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/28 16:08:03 | 000,004,090 | ---- | M] () -- C:\Users\Chops Towing\Documents\MATERIAL LIST OILFIELD VALVE DWG 22-516 REVISED.ods
[2014/02/28 10:00:10 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/02/27 14:29:12 | 000,398,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/27 14:27:44 | 000,000,000 | ---- | M] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2014/02/27 14:27:41 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\eDrawings 2014.lnk
[2014/02/26 11:39:04 | 000,640,722 | ---- | M] () -- C:\Users\Chops Towing\Documents\2014.jpg
[2014/02/26 11:16:25 | 000,012,800 | ---- | M] () -- C:\Users\Chops Towing\Documents\letter to angel.wps
[2014/02/26 11:16:25 | 000,004,674 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\wklnhst.dat
[2014/02/24 17:57:19 | 000,778,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/24 17:57:19 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/24 17:57:19 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/24 11:46:43 | 000,002,275 | ---- | M] () -- C:\Users\Chops Towing\Documents\My Movie.wlmp
[2014/02/24 10:30:57 | 000,004,969 | ---- | M] () -- C:\Users\Chops Towing\Intuit_QBOB_Internal.pdf
[2014/02/21 13:50:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/21 13:50:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/21 13:50:24 | 017,858,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/02/19 15:10:37 | 000,001,293 | ---- | M] () -- C:\Users\Chops Towing\Desktop\Network Scan Data - Shortcut.lnk
[2014/02/19 15:08:53 | 000,000,031 | ---- | M] () -- C:\dev.ini
[2014/02/19 15:08:00 | 000,002,313 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Panasonic Communications Utility.lnk
[2014/02/19 11:44:51 | 000,002,246 | ---- | M] () -- C:\Users\Public\Desktop\Driver Tool.lnk
[2014/02/19 10:26:09 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/19 08:30:21 | 004,379,449 | ---- | M] () -- C:\Users\Chops Towing\Documents\PANASONIC DP-190 user guide.pdf
[2014/02/19 06:39:10 | 000,010,814 | ---- | M] () -- C:\Users\Chops Towing\Desktop\2014-02-04 13.36.15 - Shortcut.lnk
[2014/02/19 06:20:22 | 000,001,019 | ---- | M] () -- C:\Users\Chops Towing\Desktop\GetNowUpdater.lnk
[2014/02/18 21:45:26 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\DriverTuner.lnk
[2014/02/18 21:32:04 | 000,001,054 | ---- | M] () -- C:\Users\Chops Towing\Desktop\PC Speed Up.lnk
[2014/02/17 12:51:39 | 000,000,095 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2014/02/17 12:51:31 | 000,002,436 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2014/02/17 12:51:31 | 000,002,223 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2014/02/17 12:51:31 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\QuickBooks Pro Plus 2014.lnk
[2014/02/17 12:51:31 | 000,002,032 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2014/02/17 12:41:00 | 560,486,400 | ---- | M] (Intuit, Inc. ) -- C:\Users\Chops Towing\Desktop\QuickBooksProSub2014.exe
[2014/02/17 12:34:32 | 000,001,784 | ---- | M] () -- C:\Users\Chops Towing\Desktop\Setup_QuickBooksProSub2014[1].lnk
[2014/02/17 12:34:13 | 000,537,712 | ---- | M] () -- C:\Users\Chops Towing\Documents\Setup_QuickBooksProSub2014.exe
[2014/02/05 08:56:09 | 000,098,937 | ---- | M] () -- C:\Users\Chops Towing\Desktop\Grand Alumn Frame Snap shot.png
[2014/02/04 18:28:49 | 000,001,946 | ---- | M] () -- C:\Users\Chops Towing\Desktop\W-9 FORM 001 - Shortcut.lnk
[1 C:\Users\Chops Towing\Documents\*.tmp files -> C:\Users\Chops Towing\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/06 12:06:14 | 000,001,227 | ---- | C] () -- C:\Users\Chops Towing\Desktop\OTL(2) - Shortcut.lnk
[2014/02/27 14:27:44 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2014/02/27 14:27:41 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\eDrawings 2014.lnk
[2014/02/26 11:39:04 | 000,640,722 | ---- | C] () -- C:\Users\Chops Towing\Documents\2014.jpg
[2014/02/24 11:45:49 | 000,002,275 | ---- | C] () -- C:\Users\Chops Towing\Documents\My Movie.wlmp
[2014/02/19 15:10:37 | 000,001,293 | ---- | C] () -- C:\Users\Chops Towing\Desktop\Network Scan Data - Shortcut.lnk
[2014/02/19 15:08:53 | 000,000,031 | ---- | C] () -- C:\dev.ini
[2014/02/19 15:08:00 | 000,002,313 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Panasonic Communications Utility.lnk
[2014/02/19 11:44:51 | 000,002,246 | ---- | C] () -- C:\Users\Public\Desktop\Driver Tool.lnk
[2014/02/19 10:26:09 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/19 08:30:34 | 004,379,449 | ---- | C] () -- C:\Users\Chops Towing\Documents\PANASONIC DP-190 user guide.pdf
[2014/02/19 06:20:22 | 000,001,019 | ---- | C] () -- C:\Users\Chops Towing\Desktop\GetNowUpdater.lnk
[2014/02/18 21:45:26 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\DriverTuner.lnk
[2014/02/18 21:32:04 | 000,001,054 | ---- | C] () -- C:\Users\Chops Towing\Desktop\PC Speed Up.lnk
[2014/02/17 12:51:31 | 000,002,436 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2014/02/17 12:51:31 | 000,002,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2014/02/17 12:51:31 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\QuickBooks Pro Plus 2014.lnk
[2014/02/17 12:51:31 | 000,002,032 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2014/02/17 12:34:32 | 000,001,784 | ---- | C] () -- C:\Users\Chops Towing\Desktop\Setup_QuickBooksProSub2014[1].lnk
[2014/02/17 12:34:13 | 000,537,712 | ---- | C] () -- C:\Users\Chops Towing\Documents\Setup_QuickBooksProSub2014.exe
[2014/02/05 12:18:41 | 000,010,814 | ---- | C] () -- C:\Users\Chops Towing\Desktop\2014-02-04 13.36.15 - Shortcut.lnk
[2014/02/05 08:56:09 | 000,098,937 | ---- | C] () -- C:\Users\Chops Towing\Desktop\Grand Alumn Frame Snap shot.png
[2014/02/04 18:28:49 | 000,001,946 | ---- | C] () -- C:\Users\Chops Towing\Desktop\W-9 FORM 001 - Shortcut.lnk
[2014/01/30 14:05:01 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2013/01/10 09:48:32 | 000,004,969 | ---- | C] () -- C:\Users\Chops Towing\Intuit_QBOB_Internal.pdf
[2012/10/08 14:04:44 | 002,034,452 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpIMG_3584.0
[2012/10/08 14:04:44 | 000,707,043 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpIMG_3584.JPG
[2012/07/05 17:18:27 | 000,384,844 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\funmoods-speeddial.crx
[2012/05/17 10:38:57 | 000,001,318 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/05/15 10:08:24 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/13 12:33:45 | 000,251,664 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpALLLISON INVOICE_CROP.JPG
[2012/04/13 12:30:33 | 000,264,688 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpALLLISON INVOICE.JPG
[2012/01/27 14:51:00 | 002,088,191 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpIMG_1988.JPG
[2011/07/21 08:45:38 | 000,001,854 | ---- | C] () -- C:\Users\Chops Towing\AppData\Roaming\GhostObjGAFix.xml
[2011/06/03 14:41:54 | 001,495,063 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpBLOSSOM.JPG
[2011/02/27 18:26:18 | 001,185,279 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpIMG_0844.JPG
[2011/02/22 16:17:08 | 000,743,282 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpI PHONE PICS BEFORE MARCH 16 2010 146.JPG
[2010/07/16 12:59:16 | 000,004,674 | ---- | C] () -- C:\Users\Chops Towing\AppData\Roaming\wklnhst.dat
[2010/05/26 13:15:14 | 000,005,055 | ---- | C] () -- C:\Users\Chops Towing\Chop payroll summary.pdf
[2010/05/07 14:19:38 | 000,108,920 | ---- | C] () -- C:\Users\Chops Towing\g2ax_customer_downloadhelper_win32_x86.exe

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013/11/15 09:58:13 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2013/11/15 09:58:13 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3949928028-1693004598-2059892003-1000\$487503e8d9425b9afb46a75ede856ef3\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 573 bytes -> C:\Users\Chops Towing\Desktop\2014-01-23 11.43.56.jpg:com.dropbox.attributes
@Alternate Data Stream - 572 bytes -> C:\Users\Chops Towing\Desktop\2014-01-23 11.45.48.jpg:com.dropbox.attributes

< End of report >

OTL Extras logfile created on: 3/6/2014 12:07:53 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chops Towing\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.74 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 34.47% Memory free
15.48 Gb Paging File | 10.28 Gb Available in Paging File | 66.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.32 Gb Total Space | 529.28 Gb Free Space | 77.01% Space Free | Partition Type: NTFS
Drive D: | 11.07 Gb Total Space | 1.60 Gb Free Space | 14.47% Space Free | Partition Type: NTFS

Computer Name: TWI | User Name: Chops Towing | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0614865C-C453-4AB7-91BE-B1C3BB6781B7}" = lport=138 | protocol=17 | dir=in | app=system |
"{080644F1-2326-478F-9788-A79E02B5F0DC}" = lport=445 | protocol=6 | dir=in | app=system |
"{13F14625-2543-4E43-AEAE-E9EFBA4507F1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{147B31C2-5ABC-4C6D-9762-0D8BC9B84A47}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1FF537C0-D273-43DE-8920-64BF73C302E6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{21846DC7-DBF7-48B0-867B-9BDA0262927B}" = lport=445 | protocol=6 | dir=in | app=system |
"{2B27DAE1-88C9-4BB8-88BA-1C3223FF415F}" = lport=137 | protocol=17 | dir=in | app=system |
"{30A8ED2D-2379-455C-BB72-AFA3ADE5C4B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3696974E-70C0-4808-BF0F-A269261B56D6}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{590BC85D-8A2D-452F-98A4-B3D2F2059384}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{594D045D-29E5-4323-B40C-B18B54661C0A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59BCECD5-396D-4223-A0D3-1F1B8B96B21F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{6442A23D-B1AA-4188-A669-AF18AAD92289}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67BDF035-E1DD-4B76-88B7-6F485178E501}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EE4078B-62D0-4934-B08A-2FC6147F88E9}" = rport=137 | protocol=17 | dir=out | app=system |
"{8F5C7204-0319-4C3E-8E63-906980DBB2BC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9263AB3D-0530-4502-9DE2-A8199807207A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B009F23E-697E-4E0D-A0E9-C6CFBCFAA450}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B5C6C8E5-2038-4F5D-BE94-2C9B01E97701}" = lport=139 | protocol=6 | dir=in | app=system |
"{C7586068-7A5F-4640-9100-BDF5965433E0}" = rport=445 | protocol=6 | dir=out | app=system |
"{D42804C2-AE3C-4F2E-99C5-9D7B989DD8FD}" = rport=138 | protocol=17 | dir=out | app=system |
"{DC60252C-B0B0-42E6-B018-11DA838B18B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{E0461DA1-951D-4377-9820-DF3B46046F90}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA78989A-5BDB-4700-A712-00664926ECD3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EBA52FFF-91BE-4B1C-A791-2DE01C246CF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EDAA0DD7-77CB-471F-8B92-C90B0AD24CE3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F3A64D4D-0A87-4800-98D9-4E3A63CB0BD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6982E89-CF61-4918-B0A1-2ECF2487F136}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F98FEDEB-B1A9-4C30-883F-30D418508CC5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F99C9646-D1F8-4BB3-A00C-E36157AA4F50}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00835B67-7F21-4DE8-BB9A-22AF3F142C35}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{00B6BEBD-3559-4788-A0D2-40FFE8BA6C93}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0768698F-5C0D-4B6C-AC40-EF72E5AFEAFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{082A8A6D-D80E-4A24-8157-2303D6ECA185}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{0DA5C408-D6E4-4AAA-8368-ED9896CAEC1B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{227FDAFD-87AE-4AF5-9BFF-005052097037}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{232BA6CF-1453-45A0-AA52-A32A1EBA24E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2446B5C3-55C2-40AB-9F64-4A3462131C08}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{25700303-F912-4EC1-B697-D249993603FB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{278FC636-02FA-4DBB-BEC8-B7A61FA7E3B2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2A8DAFD0-2828-4249-A42B-90E496F24104}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{2C674F4E-98B3-443F-9D8F-4B6094AFD9FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F8A7F52-C7B4-4336-9A85-23B560F8756A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{325735D9-E44D-4E57-A0D8-6A56764DFB4B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{34B69482-A7EE-477B-A365-BCE750E35FE5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{2e1b4b42-069f-4f53-9966-9b9b938d7fe5}\setup\hpznui40.exe |
"{3D48C0E5-6745-48FB-A238-717E6CD3A4A6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3DC79041-401C-4AF9-BABA-E346BF3A1E64}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3DF1A5F2-84E5-4613-9054-C222DE6846F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{3FAFC391-5738-4C37-840E-731BEF704F9F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{4103BF18-04D3-4580-BD55-DF36247D3326}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{41302E42-ADD5-4A50-8F3E-4517AB224199}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{4F4013B5-A08A-4543-AE0B-9E0D661C6658}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{57B0AF37-63D6-4E93-B5CF-77EB7E0F9819}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BFB6434-D648-44F1-90F7-5CA67D955AF7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5CB3E15B-6CDF-4047-B40C-825ED24F3C90}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{5CFC1369-4ADC-4ADA-86D8-4CECEF39B0F2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6C6FCACE-D6B8-45AF-8800-F1DEC9C929BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{6D4D57D2-CA5F-41A4-81A4-6E1BEDBA2239}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6FC11C61-FF61-4354-A257-11A581EE867B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{769D9928-0665-419E-974A-9A8224E27B13}" = protocol=1 | dir=out | [email protected],-28544 |
"{7C2BA70B-34D6-49CF-8591-129007D25555}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7EB75937-6A32-45F5-997C-10A01AD9F55F}" = protocol=17 | dir=in | app=c:\program files (x86)\panasonic\panasonic-dms\port controller\mfpscdl.exe |
"{7F3DCE8F-25C1-433F-A850-6034D5F37EEB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{83CCF0BE-7318-4873-8173-3F28E22F28C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94AA3080-7BB0-4572-BFE7-7A5091966F3D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{9568C8EF-4047-4A38-803B-CE2AD606E650}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{9711788D-003B-48EB-9FFE-7B52368E99D9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{9712C9E3-E43F-4016-BAF9-5206C9CBF0D2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{9AA6FCA3-17F2-4328-905E-E73D6C63DA50}" = protocol=58 | dir=in | [email protected],-28545 |
"{9DE1208A-707A-4C8D-BA1A-6E04242D3F3B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{9DF91727-050F-4DBE-95CC-41D1B9F8481D}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{A0314E03-E3C3-4CA9-ACB2-8B86F0E96271}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A1F4EF32-0A9B-4558-93FF-99AC67B121EE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A2CBB825-F284-4FBB-AD22-E53DC7FF0C9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A315D734-9B62-4280-A269-2F71B7AD877A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{A6ED921C-289B-4124-811B-1770F2C482C5}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{A968EE62-3DC2-4E52-8CDE-07B81E0056E1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{AA4CF60C-3CA6-4C86-83A0-40A412A9C580}" = protocol=1 | dir=in | [email protected],-28543 |
"{AEF94327-974E-46BF-AE96-FC0F725C4E4E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF7AC916-56D7-4985-8008-6D13083B0AC5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B09E80FD-3991-495B-96A4-905D49E780A3}" = protocol=6 | dir=in | app=c:\program files (x86)\panasonic\panasonic-dms\port controller\mfpscdl.exe |
"{B65C0478-F11E-4D5F-BD65-66538F42C47C}" = protocol=6 | dir=in | app=c:\users\chops towing\appdata\roaming\dropbox\bin\dropbox.exe |
"{B90DFB17-1220-476B-963A-74EC0D49FADD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB6CD7C5-2949-43D7-9285-C982E6DC5CD8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{BFFDAF3E-63F0-4DCD-88CC-CD234AB71476}" = protocol=6 | dir=out | app=system |
"{C2C48913-581E-4D1A-A3B9-481D111D0C80}" = protocol=58 | dir=in | app=system |
"{C951147C-9117-4162-9C68-9AE945C8D041}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{CE62DE61-2FB3-46DA-980F-61F0176950E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF5B5934-CD60-4BE1-8DEA-26E4A419447F}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{D0988753-97CC-4397-A44E-70F054D4C4A8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D4BD2E07-661F-41F4-A298-E36561286104}" = protocol=17 | dir=in | app=c:\program files (x86)\att-hsi\mccibrowser.exe |
"{D9B1E491-C2AD-4DDF-B44B-C7FFD8134A9E}" = protocol=58 | dir=out | [email protected],-28546 |
"{DF051F3B-E9DB-4F00-B3E2-571B2444FDA5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E1EC80AC-BBCA-4D84-82FE-B696A96A3E79}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{E3915BF1-22DF-4E6B-8271-7C2ED385CBD1}" = protocol=6 | dir=in | app=c:\program files (x86)\att-hsi\mccibrowser.exe |
"{E8499907-8BC7-4A8A-A9F3-1E82E3FD6BD2}" = protocol=58 | dir=out | [email protected],-503 |
"{E948F197-C513-4082-B91F-C515D7CE46E5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{F519F50E-F1A3-4E09-8591-84694FD8BBD4}" = protocol=17 | dir=in | app=c:\users\chops towing\appdata\roaming\dropbox\bin\dropbox.exe |
"{F6B7A6EE-55CD-492E-BC8B-AC13B8BF2834}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{F8F95D50-8D2A-4BD9-B559-E5F2A2075F33}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{FD12C8D9-580B-4A20-BD90-B04C8218A3CE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{FD81D32E-52BF-4E91-A52E-F74F3FB9E112}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{FDB43226-618D-4D43-A063-F1886B2FB8ED}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{FF803A5B-0E00-4EBD-A84F-2BA3172EEE12}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"TCP Query User{AE840839-9B32-45AD-AB9D-A6A4C7BED12E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{AF5762D6-3EF9-4E6A-99A3-15272B6AE88C}C:\users\chops towing\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\chops towing\appdata\local\akamai\netsession_win.exe |
"TCP Query User{D4A07185-FF75-4620-9393-6DA3FE938A37}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F1A688AD-8840-4B14-A521-1C21787C4ED9}C:\users\chops towing\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\chops towing\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{12197CB9-4693-453B-9114-703DA7F93443}C:\users\chops towing\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\chops towing\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{A53D4DE9-17E0-4624-9F04-CE295E4F08BE}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{AFB23326-166E-4E41-9358-87C13E67B1AA}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{E1DB9A8C-81B9-4A52-B784-10AD2E2E2400}C:\users\chops towing\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\chops towing\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7371196E-FA5B-43AE-1AE2-875E98869B47}" = ccc-utility64
"{813BA625-B0FA-48D8-9B75-59759C88C219}" = SavingsbullFilter
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88882852-5C7D-A48B-15F3-8D13CABDA7A3}" = ATI Catalyst Install Manager
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}" = QuickBooks Runtime Redistributable
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"9C6975C1801E1FD9353B8A42B5C15E8EA5E0B66E" = Windows Driver Package - Scientific-Atlanta (USBCM) Net (06/10/2004 1.12.0.0000)
"ATT-SST" = AT&T Self Support Tool
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Level Quality Watcher" = SavingsBull
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PCSU-SL_is1" = PC Speed Up
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0284181F-355D-C4E1-B483-41992C48490E}" = CCC Help German
"{045D5A51-F07E-4350-8642-B85772A2876B}" = SketchUp Pro 8
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{07FF3AA8-0BC6-8861-F27F-2ED442F5C03E}" = CCC Help English
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{14A4957E-46DB-4821-528D-8381B4376FE2}" = CCC Help Korean
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2E4BEAC4-FB73-9657-A5B2-42F508AF98FE}" = CCC Help Finnish
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{31C5357F-DDD0-43E6-B77B-7D25BE041183}" = ezCheckPrinting
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{36B90A24-CE03-79C6-3DEE-1EFEE456377F}" = Catalyst Control Center Graphics Full Existing
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3B18BAAA-1734-8CA1-1A04-B68A06A1F9C9}" = Catalyst Control Center Graphics Full New
"{3E450CF1-F8C4-C8D6-29D1-87AD090E8F2A}" = Catalyst Control Center InstallProxy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{424104AD-BEC6-441D-ADE9-F6662FEEA4BA}" = QuickBooks
"{4377068C-A88F-53F7-EDAF-DBD7990AEB93}" = CCC Help Swedish
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4907BDCE-4DF2-350C-24B2-9C509F004F1D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}" = QuickBooks Pro 2014
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.1
"{530A8397-BC9D-496D-9B8C-BC06B3059360}" = eDrawings 2014
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5B0D4B33-FB4C-CB95-38D3-66F4B942661E}" = CCC Help Japanese
"{5B2BD022-4391-479E-8517-008844869179}" = MyInvoices & Estimates Deluxe
"{628690B9-A523-B37A-E001-D8E4581D573D}" = Catalyst Control Center Localization All
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{695603EE-5D13-4406-A034-B1346652CC4D}" = Windows Firewall Setting Tool
"{6AC35F19-C3DF-6455-C9E2-1E77BA42D3BC}" = Catalyst Control Center Graphics Previews Vista
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6D1A44ED-3D15-9BB3-43AE-91A077AE9212}" = CCC Help Chinese Standard
"{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}" = SavingsBull
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7FC8C210-A319-4835-A87D-B935EFB4C148}" = Microsoft Live Search Toolbar
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{83907548-56BB-D892-1CAC-2F5EC0939B37}" = CCC Help Czech
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9062CED6-AECC-E6C6-E6A0-A654CE167554}" = CCC Help Portuguese
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97E32194-C626-92E1-9AB9-64AA00CC7380}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AF142A83-507D-4F0F-92FC-40C7F76C1F87}" = Driver Tool
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B75BC01B-4586-43F8-9349-D250DB98F26F}" = SketchUp 2013
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CE924-DD9E-3A0D-EA16-9931D21FB3F5}" = CCC Help Turkish
"{C285CFAB-889A-47C9-2959-A9B71B5E0BFB}" = CCC Help Hungarian
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C88256B0-1182-C1B2-FE22-C1BAC6BB0E83}" = CCC Help Norwegian
"{CA1A637B-5BFD-A325-BC4B-15D3D10B861C}" = Catalyst Control Center Core Implementation
"{CACBE764-2E09-5D88-E496-78F7B1E9FFAE}" = CCC Help Greek
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEF9A199-8652-B2A0-8C82-5491CB57AC3A}" = CCC Help French
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" = Updater
"{D781BE32-516F-957C-C080-8365111CAC18}" = CCC Help Danish
"{DC2841DC-5ADC-8FDD-C3FD-5FD223426F38}" = CCC Help Polish
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DEA90EEC-CA16-4092-9604-25B2ACC5273B}" = Communications Utility
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB04773A-005D-3A2E-43C2-CEDE2645F1C3}" = ccc-core-static
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F1F24DF6-37BB-9905-9EB4-5C1E4D32B664}" = Catalyst Control Center Graphics Light
"{F20A4D6F-88ED-32BA-0C6D-BD6A692EFF29}" = CCC Help Italian
"{F5AC7E52-BDF6-9948-73CD-BCE3C23632F3}" = CCC Help Dutch
"{F6FA1416-ABCF-3559-1ACA-CEAADD6AF3E8}" = CCC Help Thai
"{F86145F7-BF40-33F0-F07B-D10BE04F98AA}" = CCC Help Spanish
"{FB385922-2E32-4462-A7DC-27159614A660}" = Snap.Do
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"CardWorks" = CardWorks Business Card Software
"GetnowUpdater" = GetnowUpdater
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{695603EE-5D13-4406-A034-B1346652CC4D}" = Panasonic Windows Firewall Setting Tool
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{DEA90EEC-CA16-4092-9604-25B2ACC5273B}" = Panasonic Communications Utility
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"PDFlite" = PDFlite 0.7
"vfd-adk" = VideoFileDownload
"VideoPad" = VideoPad Video Editor
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"HuluDesktop" = Hulu Desktop

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2014 2:19:43 PM | Computer Name = TWI | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro Plus 2014": DBConnPool::HandleConnectionError
errorCode:-6069, dbCode:-103 from file:'.\.\src\connpool.cpp' at line 1038 from
function:'DBMgr::DBConnPool::ini

Error - 3/5/2014 11:12:54 AM | Computer Name = TWI | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro Plus 2014": Connection
Error:Invalid user ID or passwo

Error - 3/5/2014 11:12:54 AM | Computer Name = TWI | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro Plus 2014": Connection
String:CON=QBConnectionPool-Probe-QB_data_engine_24; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company
Files\TRAHAN'S WELDING & IRONWORKS LLC.qbw;ENG=QB_data_engine_24;DBN=bdde90b929ea422f950ca3dbcd5119

Error - 3/5/2014 11:12:54 AM | Computer Name = TWI | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro Plus 2014": DBConnPool::HandleConnectionError
errorCode:-6069, dbCode:-103 from file:'.\.\src\connpool.cpp' at line 1038 from
function:'DBMgr::DBConnPool::ini

Error - 3/5/2014 1:11:12 PM | Computer Name = TWI | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro Plus 2014": Connection
Error:Invalid user ID or passwo

Error - 3/5/2014 1:11:12 PM | Computer Name = TWI | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro Plus 2014": Connection
String:CON=QBConnectionPool-Probe-QB_data_engine_24; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company
Files\TRAHAN'S WELDING & IRONWORKS LLC.qbw;ENG=QB_data_engine_24;DBN=aeb4db3bcc314ed7a4d262dd47cf1d

Error - 3/5/2014 1:11:12 PM | Computer Name = TWI | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro Plus 2014": DBConnPool::HandleConnectionError
errorCode:-6069, dbCode:-103 from file:'.\.\src\connpool.cpp' at line 1038 from
function:'DBMgr::DBConnPool::ini

Error - 3/6/2014 1:32:29 PM | Computer Name = TWI | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro Plus 2014": Connection
Error:Invalid user ID or passwo

Error - 3/6/2014 1:32:29 PM | Computer Name = TWI | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro Plus 2014": Connection
String:CON=QBConnectionPool-Probe-QB_data_engine_24; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company
Files\TRAHAN'S WELDING & IRONWORKS LLC.qbw;ENG=QB_data_engine_24;DBN=9ebe4b65de38406aa8ea13e5540271

Error - 3/6/2014 1:32:29 PM | Computer Name = TWI | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro Plus 2014": DBConnPool::HandleConnectionError
errorCode:-6069, dbCode:-103 from file:'.\.\src\connpool.cpp' at line 1038 from
function:'DBMgr::DBConnPool::ini

[ Hewlett-Packard Events ]
Error - 6/7/2012 11:20:30 AM | Computer Name = ChopsTowing-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 7927 Ram Utilization: 70 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/7/2012 11:20:30 AM | Computer Name = ChopsTowing-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 7927 Ram Utilization: 70 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/7/2012 11:20:30 AM | Computer Name = ChopsTowing-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 7927 Ram Utilization: 70 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/14/2012 11:37:48 AM | Computer Name = ChopsTowing-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 7927 Ram Utilization: 70 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/14/2012 11:37:48 AM | Computer Name = ChopsTowing-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 7927 Ram Utilization: 70 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/21/2012 11:22:13 AM | Computer Name = ChopsTowing-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 7927 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/21/2012 11:22:15 AM | Computer Name = ChopsTowing-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 7927 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/28/2012 11:22:43 AM | Computer Name = ChopsTowing-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 7927 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/28/2012 11:22:45 AM | Computer Name = ChopsTowing-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 7927 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 7/5/2012 11:14:03 AM | Computer Name = ChopsTowing-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 7927 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

[ Media Center Events ]
Error - 3/4/2014 10:53:07 PM | Computer Name = TWI | Source = MCUpdate | ID = 0
Description = 8:53:06 PM - Failed to retrieve ScheduleSupplement-2.cab (Error: BITS
0x80070424) 8:53:06 PM - Failed to retrieve SportsTemplate-2.cab (Error: BITS 0x80070424)
8:53:06
PM - Failed to retrieve SportsTemplateCore-2.cab (Error: BITS 0x80070424)

Error - 3/5/2014 10:14:29 AM | Computer Name = TWI | Source = MCUpdate | ID = 0
Description = 8:14:29 AM - Failed to retrieve dSM-2.cab (Error: BITS 0x80070424)
8:14:29
AM - Failed to retrieve Logos-2.cab (Error: BITS 0x80070424) 8:14:29 AM - Failed
to retrieve SMTiles.cab (Error: BITS 0x80070424) 8:14:29 AM - Failed to retrieve
UpdateableMarkup-2.cab (Error: BITS 0x80070424)

Error - 3/5/2014 10:14:30 AM | Computer Name = TWI | Source = MCUpdate | ID = 0
Description = 8:14:30 AM - Failed to retrieve SportsSchedule-2.enc (Error: BITS
0x80070424)

Error - 3/5/2014 10:14:30 AM | Computer Name = TWI | Source = MCUpdate | ID = 0
Description = 8:14:30 AM - Failed to retrieve ScheduleSupplement-2.cab (Error: BITS
0x80070424) 8:14:30 AM - Failed to retrieve SportsTemplate-2.cab (Error: BITS 0x80070424)
8:14:30
AM - Failed to retrieve SportsTemplateCore-2.cab (Error: BITS 0x80070424)

Error - 3/6/2014 12:05:04 AM | Computer Name = TWI | Source = MCUpdate | ID = 0
Description = 10:05:04 PM - Failed to retrieve dSM-2.cab (Error: BITS 0x80070424)
10:05:04
PM - Failed to retrieve Logos-2.cab (Error: BITS 0x80070424) 10:05:04 PM - Failed
to retrieve SMTiles.cab (Error: BITS 0x80070424) 10:05:04 PM - Failed to retrieve
UpdateableMarkup-2.cab (Error: BITS 0x80070424)

Error - 3/6/2014 12:05:04 AM | Computer Name = TWI | Source = MCUpdate | ID = 0
Description = 10:05:04 PM - Failed to retrieve SportsSchedule-2.enc (Error: BITS
0x80070424)

Error - 3/6/2014 12:05:05 AM | Computer Name = TWI | Source = MCUpdate | ID = 0
Description = 10:05:04 PM - Failed to retrieve ScheduleSupplement-2.cab (Error:
BITS 0x80070424) 10:05:04 PM - Failed to retrieve SportsTemplate-2.cab (Error: BITS
0x80070424) 10:05:04 PM - Failed to retrieve SportsTemplateCore-2.cab (Error: BITS
0x80070424)

Error - 3/6/2014 10:05:09 AM | Computer Name = TWI | Source = MCUpdate | ID = 0
Description = 8:05:09 AM - Failed to retrieve dSM-2.cab (Error: BITS 0x80070424)
8:05:09
AM - Failed to retrieve Logos-2.cab (Error: BITS 0x80070424) 8:05:09 AM - Failed
to retrieve SMTiles.cab (Error: BITS 0x80070424) 8:05:09 AM - Failed to retrieve
UpdateableMarkup-2.cab (Error: BITS 0x80070424)

Error - 3/6/2014 10:05:09 AM | Computer Name = TWI | Source = MCUpdate | ID = 0
Description = 8:05:09 AM - Failed to retrieve SportsSchedule-2.enc (Error: BITS
0x80070424)

Error - 3/6/2014 10:05:13 AM | Computer Name = TWI | Source = MCUpdate | ID = 0
Description = 8:05:10 AM - Failed to retrieve ScheduleSupplement-2.cab (Error: BITS
0x80070424) 8:05:10 AM - Failed to retrieve SportsTemplate-2.cab (Error: BITS 0x80070424)
8:05:10
AM - Failed to retrieve SportsTemplateCore-2.cab (Error: BITS 0x80070424)

[ OSession Events ]
Error - 6/17/2011 7:36:46 AM | Computer Name = ChopsTowing-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1614
seconds with 1320 seconds of active time. This session ended with a crash.

Error - 6/23/2011 8:00:11 PM | Computer Name = ChopsTowing-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/6/2011 12:10:34 PM | Computer Name = ChopsTowing-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3045
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 5/28/2013 3:09:44 PM | Computer Name = TWI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 7165
seconds with 3060 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/28/2014 9:43:12 AM | Computer Name = TWI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx64 SymIRON

Error - 2/28/2014 9:45:57 AM | Computer Name = TWI | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.

Error - 2/28/2014 10:51:52 PM | Computer Name = TWI | Source = DCOM | ID = 10010
Description =

Error - 3/1/2014 10:23:42 AM | Computer Name = TWI | Source = DCOM | ID = 10010
Description =

Error - 3/1/2014 10:24:15 AM | Computer Name = TWI | Source = DCOM | ID = 10010
Description =

Error - 3/1/2014 10:24:18 AM | Computer Name = TWI | Source = DCOM | ID = 10010
Description =

Error - 3/3/2014 6:04:34 PM | Computer Name = TWI | Source = Service Control Manager | ID = 7031
Description = The Windows Installer service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 3/3/2014 6:06:34 PM | Computer Name = TWI | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Installer service,
but this action failed with the following error: %%1056

Error - 3/6/2014 9:37:21 AM | Computer Name = TWI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx64 SymIRON

Error - 3/6/2014 12:19:10 PM | Computer Name = TWI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx64 SymIRON


< End of report >
  • 0

#4
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
===== > Step 1: Backdoor Warning < =====

In your logs I see a Backdoor. That means that your machine is infected with some nasty files which can steal some information. It is difficult to tell whether or not any data has been stolen and finding out which is true instead of doing countermeasures is unproductive. In this light, for your safety, assume that your log-in details and other information have been accessed by another source.
Below are the steps that you should administer:
  • Please disconnect from the Internet! Also don't use it while we are cleaning the infected machine. This is especially true when you are using the computer in question for online banking and other sites that require sensitive and personal information.
  • It is strongly advised that you change your passwords on a clean PC and notify the bank immediately to watch out for suspicious transactions.
I can try to clean the infection but I have to say your computer is very likely compromised and that there is no way to be sure your computer can ever again be trusted.Experts in the security community believe that a reformat and re-installation of the operating system is the best solution. Please peruse the following if you would like to know more:
Now - you decide if you want to reformat the PC or to cleaning the PC. Think of it and choose the best solution for you! Let me know of your decision. If you decide to go through the proceed, please proceed with the following steps.

===== > Step 2: Google Chrome's Homepage < =====

Please visit this site here and change the homepage to whatever you want. I recommend changing it to Google.com.

===== > Step 3: Google Chrome's Extensions < =====

Run Chrome and please enter this into the address bar: chrome:extensions
This will display a page of all installed extensions. Please remove the extensions in the list below by clicking the trash can icon beside each one.

Extensions to be removed:

  • Social Privacy
  • SpeedDial

===== > Step 4: Uninstalls < =====


  • Click on the Start Posted Image button and select Control Panel
  • Click on Programs then click on Uninstall a program
  • You will now see a list of your installed software, double click on the following one by one to uninstall them:

    • SavingsbullFilter
    • SavingsBull
    • PC Speed Up
    • Yahoo! Toolbar
  • Once you have done this, reboot your computer

===== > Step 5: OTL Fix < =====

  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{37DA6865-C85B-42E9-B8E2-1F6B1F30BE84}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
    IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {BB046E20-E48F-4915-AE50-D545283BE420}
    IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;<local>
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..keyword.URL: "http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9Xv3HdEpQnCTEXSkc0LntcHZK8f9j3AvjCy8er4TbrO-tJozSIV2HXHxVuqs_HaLk3nddtoMrlSYcUU_k8zQEVIv0c6D62dnRTzV1mAdPJQiLowa2fWXzwXPN75F3dtu0hiYFMLRKeg_eHZ&q="
    FF - prefs.js..extensions.enabledAddons: support%40tubedimmerapp.com:2.6.47
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    [2013/08/22 05:03:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2014/02/18 21:31:48 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\extensions\{78bb4af5-a701-c8c9-f2bc-14386ddd1c49}
    [2014/02/27 13:57:27 | 000,000,000 | ---D | M] (SavingsBull) -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\extensions\[email protected]
    [2013/11/25 16:20:53 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\extensions\[email protected]
    [2014/02/19 08:27:45 | 000,000,975 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\searchplugins\conduit-search.xml
    [2014/02/18 21:31:47 | 000,002,369 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\searchplugins\Web Search.xml
    [2013/12/20 07:20:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    CHR - plugin: Error reading preferences file
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKCU..\Run: [AdobeUpdater] "C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe" File not found
    O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Chops Towing\AppData\Local\Akamai\netsession_win.exe" File not found
    O4 - HKCU..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - AutoRun File - [2014/02/16 08:28:56 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O33 - MountPoints2\{058c6d2b-6739-11e0-8ef6-18a905bba72e}\Shell - "" = AutoRun
    O33 - MountPoints2\{058c6d2b-6739-11e0-8ef6-18a905bba72e}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
    O33 - MountPoints2\{27e09285-6985-11df-bade-18a905bba72e}\Shell - "" = AutoRun
    O33 - MountPoints2\{27e09285-6985-11df-bade-18a905bba72e}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
    O33 - MountPoints2\{755a48ae-7e02-11e0-ba21-18a905bba72e}\Shell - "" = AutoRun
    O33 - MountPoints2\{755a48ae-7e02-11e0-ba21-18a905bba72e}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
    [2014/02/26 14:56:09 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{476603EE-9FA1-40DA-A364-0215D0391AE9}
    [2014/02/26 11:29:18 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{75A3E536-3262-44B3-B661-9AD2BA83225E}
    [2014/02/25 07:56:05 | 000,000,000 | ---D | C] -- C:\temp
    [2014/02/25 07:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
    [2014/02/24 11:41:01 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{2D790828-B270-485E-8D36-A958965971A5}
    [2014/02/20 12:08:06 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{3268E60C-14F2-47C7-912A-58BDDE767E2D}
    [2014/02/19 08:30:28 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\SearchProtect
    [2014/02/19 06:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetNowUpdater
    [2014/02/19 06:20:20 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater
    [2014/02/19 06:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
    [2014/02/18 21:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
    [2014/02/18 09:17:49 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{0B1E164C-2BCB-40FB-A0FD-432514312286}
    [2014/02/18 09:17:17 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{485E981E-1B35-4E48-9D6A-7646ABDB6D15}
    [2014/02/05 12:25:37 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{3A107469-ABA5-497A-883A-35DB93592517}
    [2014/02/19 06:20:22 | 000,001,019 | ---- | M] () -- C:\Users\Chops Towing\Desktop\GetNowUpdater.lnk
    [2014/02/18 21:32:04 | 000,001,054 | ---- | M] () -- C:\Users\Chops Towing\Desktop\PC Speed Up.lnk
    [2013/11/15 09:58:13 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
    [2013/11/15 09:58:13 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
    
    
    :Files
    C:\Users\Chops Towing\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn
    C:\Users\Chops Towing\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    C:\$Recycle.Bin\S-1-5-21-3949928028-1693004598-2059892003-1000\$487503e8d9425b9afb46a75ede856ef3
    
    :reg
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
    ""=-
    "ThreadingModel"=-
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

===== > Step 6: Adwarecleaner < =====

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1


  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

===== > Step 7: Junkware Removal Tool < =====

Posted Image  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

===== > Step 8: OTL Quickscan < =====

  • Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

  • 0

#5
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Additonal to Step 5:

After your computer has rebooted, run OTL and click Quick Scan.
Copy and paste the contents of the log that it produces into your next post.

Please forget this. Instead of this post the Fixlog which opens after the reboot. :)
  • 0

#6
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
I have done steps 1 through 5, here is the log you requested. moving on to step 6 and will forward other logs ty

OTL logfile created on: 3/7/2014 10:27:33 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chops Towing\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.74 Gb Total Physical Memory | 6.10 Gb Available Physical Memory | 78.82% Memory free
15.48 Gb Paging File | 13.71 Gb Available in Paging File | 88.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.32 Gb Total Space | 543.34 Gb Free Space | 79.05% Space Free | Partition Type: NTFS
Drive D: | 11.07 Gb Total Space | 1.60 Gb Free Space | 14.47% Space Free | Partition Type: NTFS
Drive J: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 1.86 Gb Total Space | 0.55 Gb Free Space | 29.78% Space Free | Partition Type: FAT

Computer Name: TWI | User Name: Chops Towing | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/06 11:01:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chops Towing\Downloads\OTL(2).exe
PRC - [2014/02/25 02:55:33 | 003,775,800 | ---- | M] (Intuit Inc. All rights reserved.) -- C:\Users\Chops Towing\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
PRC - [2014/01/02 18:32:12 | 033,508,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Chops Towing\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/02 16:59:28 | 001,129,288 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2013/12/02 16:57:54 | 001,215,304 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
PRC - [2013/12/02 16:20:28 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2013/12/02 14:27:20 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2013/11/20 15:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe
PRC - [2009/10/22 20:50:40 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/09/19 16:39:06 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/09/19 16:38:48 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2009/08/24 20:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/10/21 17:02:08 | 000,176,128 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files (x86)\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
PRC - [2004/09/17 02:45:56 | 000,118,784 | ---- | M] (Avanquest USA LLC) -- C:\Program Files (x86)\MySoftware\MyInvoices\Tracker.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/07 10:26:32 | 000,041,984 | ---- | M] () -- c:\Users\Chops Towing\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvorghv.dll
MOD - [2013/12/17 20:25:54 | 003,610,624 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/12/02 16:58:40 | 000,140,616 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBProActiveCore.DLL
MOD - [2013/12/02 16:58:38 | 000,148,296 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBMAPILibrary.dll
MOD - [2013/12/02 16:58:34 | 000,021,320 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBCompressor.DLL
MOD - [2013/12/02 16:58:16 | 000,621,896 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\FtuEngine.dll
MOD - [2013/12/02 16:58:04 | 000,623,432 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
MOD - [2013/12/02 16:58:04 | 000,247,112 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll
MOD - [2013/12/02 16:58:00 | 000,578,888 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\BackupLib.dll
MOD - [2013/12/02 14:27:14 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\zlib1.dll
MOD - [2013/10/18 17:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/09/14 00:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 00:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/08/15 06:40:49 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6e0e5467e23a80c5c7d34f65dc7f87f2\System.IdentityModel.ni.dll
MOD - [2013/08/15 06:40:48 | 018,101,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\918ce68a67ddb5558994e20dc3a74c8a\System.ServiceModel.ni.dll
MOD - [2013/08/15 06:39:20 | 012,100,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\c7a85f1270da03424f153ed84a2fae51\System.Web.ni.dll
MOD - [2013/08/15 06:39:11 | 001,021,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\b12cbfa020af0c619d8f58c6b665efc1\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/08/15 06:39:10 | 002,646,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\332407a3f224f388f70120d33cb872d5\System.Runtime.Serialization.ni.dll
MOD - [2013/08/15 06:39:10 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d083ee23a4c0d8cf76ae9e95e52d0388\SMDiagnostics.ni.dll
MOD - [2013/08/14 16:06:32 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1a3b614a84244ea5fa4147b5cf007333\System.Windows.Forms.ni.dll
MOD - [2013/08/14 16:06:31 | 007,053,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\608aa2db27d45e63a4863f1f1d06897a\System.Core.ni.dll
MOD - [2013/08/14 16:06:29 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\df40dab689e9d8febfb943599ba79f8d\System.Configuration.ni.dll
MOD - [2013/08/14 16:06:27 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/14 16:06:25 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/14 16:06:23 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/07/11 02:23:30 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\51fe07d5205cd85d996af305a38b3770\Accessibility.ni.dll
MOD - [2013/07/11 02:08:30 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/22 20:50:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2006/11/27 12:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Panasonic\Panasonic-DMS\Port Controller\PDFMAKE.DLL
MOD - [2005/01/24 22:01:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Panasonic\Panasonic-DMS\Port Controller\MFPPROC.DLL
MOD - [2004/08/18 17:02:50 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\SKINS\Office2003.dll
MOD - [2003/12/07 16:30:40 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Panasonic\Panasonic-DMS\Port Controller\MFPSEQ.dll
MOD - [1997/11/05 02:06:00 | 000,517,120 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\mtl70mt.dll
MOD - [1997/11/05 02:05:58 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\mmnyd.dll
MOD - [1997/11/05 02:05:52 | 000,323,584 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\CB5DVL.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/06/28 16:37:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/02/21 13:50:28 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/17 17:51:38 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/02 16:20:28 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2013/12/02 14:27:20 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2013/12/02 14:27:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe -- (NIS)
SRV - [2009/09/19 16:39:06 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/17 16:09:02 | 000,061,592 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netfilter64.sys -- (Netfilter64)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/19 09:31:46 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/02/26 20:23:54 | 000,149,552 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/02/26 20:23:21 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/02/26 20:23:21 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/02/25 17:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/03 19:40:52 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/02/03 19:40:50 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2009/10/22 00:23:18 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2009/10/22 00:23:18 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2009/10/06 07:49:14 | 000,230,456 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/08/29 18:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2009/08/20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/28 16:37:00 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 14:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 04:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/03 08:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2010/04/29 11:44:04 | 000,678,448 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/10/28 16:37:21 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100513.002\IDSviA64.sys -- (IDSVia64)
DRV - [2009/10/22 00:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/22 00:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/29 03:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{8CFFB8DF-E170-47DC-810B-862F7A8E63F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {BB046E20-E48F-4915-AE50-D545283BE420}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130818030116
FF - prefs.js..extensions.enabledAddons: %7B78bb4af5-a701-c8c9-f2bc-14386ddd1c49%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/26 12:34:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/05/26 12:33:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 17:31:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 17:31:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\

[2013/02/07 10:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Extensions
[2014/03/07 10:23:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\extensions
[2013/12/20 07:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/17 17:51:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/07 10:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
File not found (No name found) -- C:\USERS\CHOPS TOWING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PP2HRYML.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
File not found (No name found) -- C:\USERS\CHOPS TOWING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PP2HRYML.DEFAULT\EXTENSIONS\{78BB4AF5-A701-C8C9-F2BC-14386DDD1C49}
File not found (No name found) -- C:\USERS\CHOPS TOWING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PP2HRYML.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Conduit Search ()
CHR - default_search_provider: search_url = http://search.condui...rchTerms}&SSPV=
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Wallet = C:\Users\Chops Towing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Tracker] C:\Program Files (x86)\MySoftware\MyInvoices\Tracker.exe (Avanquest USA LLC)
O4 - HKCU..\Run: [AdobeUpdater] "C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe" File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Chops Towing\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [Driver Tool] C:\Program Files (x86)\Driver Tool\Driver Tool\DriverTool.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW File not found
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Chops Towing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chops Towing\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22D4B7CB-5413-481B-A3FB-CDD966F9415B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35B22FFF-A9A8-4048-A887-21B6996DB237}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35B22FFF-A9A8-4048-A887-21B6996DB237}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{521E8D85-C6BE-45A4-823A-8E62015D15D2}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{521E8D85-C6BE-45A4-823A-8E62015D15D2}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D6F4CC0-1FC3-4004-B13F-D2DDE2F3646A}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7236146A-504C-4193-8EC2-EA04F7DCAA50}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7236146A-504C-4193-8EC2-EA04F7DCAA50}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{941DD8A9-65B9-4757-A6AB-1F794F02BBB5}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4EA2B12-1511-48CD-BE4F-214FBFFEA25C}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\intu-help-qb7 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb7 {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/02/16 08:28:56 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2007/10/23 01:22:58 | 000,000,285 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/08/22 14:25:28 | 000,000,090 | ---- | M] () - L:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{058c6d2b-6739-11e0-8ef6-18a905bba72e}\Shell - "" = AutoRun
O33 - MountPoints2\{058c6d2b-6739-11e0-8ef6-18a905bba72e}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O33 - MountPoints2\{755a48ae-7e02-11e0-ba21-18a905bba72e}\Shell - "" = AutoRun
O33 - MountPoints2\{755a48ae-7e02-11e0-ba21-18a905bba72e}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/07 10:23:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/03 09:10:06 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\arco certs .500 plate
[2014/02/27 14:38:08 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\EDrawings
[2014/02/27 14:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks 2014
[2014/02/27 14:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eDrawings2014
[2014/02/26 16:15:19 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2014/02/26 14:56:09 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{476603EE-9FA1-40DA-A364-0215D0391AE9}
[2014/02/26 14:54:48 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\w-9
[2014/02/26 11:44:49 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Desktop\w-9 signed form
[2014/02/26 11:40:39 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\w-9 from
[2014/02/26 11:29:18 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{75A3E536-3262-44B3-B661-9AD2BA83225E}
[2014/02/25 07:56:05 | 000,000,000 | ---D | C] -- C:\temp
[2014/02/25 07:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2014/02/24 19:43:36 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\Signed Arco Pay request
[2014/02/24 18:28:01 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\Arco AIA-G703
[2014/02/24 18:26:36 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\Arco Pay Request
[2014/02/24 11:41:01 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{2D790828-B270-485E-8D36-A958965971A5}
[2014/02/24 11:39:59 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Desktop\scott mardi grax 2014
[2014/02/21 16:15:41 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Panasonic
[2014/02/20 12:08:06 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{3268E60C-14F2-47C7-912A-58BDDE767E2D}
[2014/02/19 15:08:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic
[2014/02/19 15:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
[2014/02/19 15:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic
[2014/02/19 15:07:39 | 000,000,000 | ---D | C] -- C:\Panasonic
[2014/02/19 15:06:49 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\InstallShield
[2014/02/19 11:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2014/02/19 11:46:12 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\PC_Drivers_Headquarters
[2014/02/19 11:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Tool
[2014/02/19 11:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Tool
[2014/02/19 11:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Tool
[2014/02/19 10:26:16 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Malwarebytes
[2014/02/19 10:26:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/19 10:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/19 10:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/19 10:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/19 10:25:56 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\Programs
[2014/02/19 08:30:28 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\SearchProtect
[2014/02/19 06:38:51 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\ParetoLogic
[2014/02/19 06:38:51 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\DriverCure
[2014/02/19 06:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2014/02/19 06:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetNowUpdater
[2014/02/19 06:20:20 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater
[2014/02/19 06:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/02/19 06:18:34 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\ PANASONIC DP-190 user guide
[2014/02/18 21:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
[2014/02/18 21:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverTuner
[2014/02/18 21:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
[2014/02/18 21:30:50 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\captcha_error
[2014/02/18 09:17:49 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{0B1E164C-2BCB-40FB-A0FD-432514312286}
[2014/02/18 09:17:17 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{485E981E-1B35-4E48-9D6A-7646ABDB6D15}
[2014/02/18 09:07:40 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\welding certs
[2014/02/17 12:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
[2014/02/17 12:49:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nuance
[2014/02/17 12:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2014/02/17 12:34:33 | 560,486,400 | ---- | C] (Intuit, Inc. ) -- C:\Users\Chops Towing\Desktop\QuickBooksProSub2014.exe
[2014/02/17 12:34:32 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Download Manager
[2014/02/17 12:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Akamai
[2014/02/16 08:07:41 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Autodesk
[2014/02/16 08:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2014/02/16 08:05:49 | 000,000,000 | ---D | C] -- C:\Autodesk
[2014/02/11 10:23:21 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\ARCO CONTRACT
[2014/02/05 12:25:37 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\{3A107469-ABA5-497A-883A-35DB93592517}
[1 C:\Users\Chops Towing\Documents\*.tmp files -> C:\Users\Chops Towing\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/07 10:26:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/07 10:25:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/07 10:25:33 | 1939,779,583 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/07 10:24:51 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/07 10:24:51 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/07 10:18:49 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChops Towing.job
[2014/03/07 10:03:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/07 09:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/07 09:15:13 | 000,007,938 | ---- | M] () -- C:\Users\Chops Towing\Documents\AutoSave_Untitled_3.skp
[2014/03/07 06:47:37 | 000,778,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/07 06:47:37 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/07 06:47:37 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/06 12:06:14 | 000,001,227 | ---- | M] () -- C:\Users\Chops Towing\Desktop\OTL(2) - Shortcut.lnk
[2014/02/28 16:08:03 | 000,004,090 | ---- | M] () -- C:\Users\Chops Towing\Documents\MATERIAL LIST OILFIELD VALVE DWG 22-516 REVISED.ods
[2014/02/28 10:00:10 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/02/27 14:29:12 | 000,398,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/27 14:27:44 | 000,000,000 | ---- | M] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2014/02/27 14:27:41 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\eDrawings 2014.lnk
[2014/02/26 11:39:04 | 000,640,722 | ---- | M] () -- C:\Users\Chops Towing\Documents\2014.jpg
[2014/02/26 11:16:25 | 000,012,800 | ---- | M] () -- C:\Users\Chops Towing\Documents\letter to angel.wps
[2014/02/26 11:16:25 | 000,004,674 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\wklnhst.dat
[2014/02/24 11:46:43 | 000,002,275 | ---- | M] () -- C:\Users\Chops Towing\Documents\My Movie.wlmp
[2014/02/24 10:30:57 | 000,004,969 | ---- | M] () -- C:\Users\Chops Towing\Intuit_QBOB_Internal.pdf
[2014/02/19 15:10:37 | 000,001,293 | ---- | M] () -- C:\Users\Chops Towing\Desktop\Network Scan Data - Shortcut.lnk
[2014/02/19 15:08:53 | 000,000,031 | ---- | M] () -- C:\dev.ini
[2014/02/19 15:08:00 | 000,002,313 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Panasonic Communications Utility.lnk
[2014/02/19 11:44:51 | 000,002,246 | ---- | M] () -- C:\Users\Public\Desktop\Driver Tool.lnk
[2014/02/19 10:26:09 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/19 08:30:21 | 004,379,449 | ---- | M] () -- C:\Users\Chops Towing\Documents\PANASONIC DP-190 user guide.pdf
[2014/02/19 06:39:10 | 000,010,814 | ---- | M] () -- C:\Users\Chops Towing\Desktop\2014-02-04 13.36.15 - Shortcut.lnk
[2014/02/19 06:20:22 | 000,001,019 | ---- | M] () -- C:\Users\Chops Towing\Desktop\GetNowUpdater.lnk
[2014/02/18 21:45:26 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\DriverTuner.lnk
[2014/02/18 21:32:04 | 000,001,054 | ---- | M] () -- C:\Users\Chops Towing\Desktop\PC Speed Up.lnk
[2014/02/17 12:51:39 | 000,000,095 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2014/02/17 12:51:31 | 000,002,436 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2014/02/17 12:51:31 | 000,002,223 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2014/02/17 12:51:31 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\QuickBooks Pro Plus 2014.lnk
[2014/02/17 12:51:31 | 000,002,032 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2014/02/17 12:41:00 | 560,486,400 | ---- | M] (Intuit, Inc. ) -- C:\Users\Chops Towing\Desktop\QuickBooksProSub2014.exe
[2014/02/17 12:34:32 | 000,001,784 | ---- | M] () -- C:\Users\Chops Towing\Desktop\Setup_QuickBooksProSub2014[1].lnk
[2014/02/17 12:34:13 | 000,537,712 | ---- | M] () -- C:\Users\Chops Towing\Documents\Setup_QuickBooksProSub2014.exe
[1 C:\Users\Chops Towing\Documents\*.tmp files -> C:\Users\Chops Towing\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/07 08:53:06 | 000,007,938 | ---- | C] () -- C:\Users\Chops Towing\Documents\AutoSave_Untitled_3.skp
[2014/03/06 12:06:14 | 000,001,227 | ---- | C] () -- C:\Users\Chops Towing\Desktop\OTL(2) - Shortcut.lnk
[2014/02/27 14:27:44 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2014/02/27 14:27:41 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\eDrawings 2014.lnk
[2014/02/26 11:39:04 | 000,640,722 | ---- | C] () -- C:\Users\Chops Towing\Documents\2014.jpg
[2014/02/24 11:45:49 | 000,002,275 | ---- | C] () -- C:\Users\Chops Towing\Documents\My Movie.wlmp
[2014/02/19 15:10:37 | 000,001,293 | ---- | C] () -- C:\Users\Chops Towing\Desktop\Network Scan Data - Shortcut.lnk
[2014/02/19 15:08:53 | 000,000,031 | ---- | C] () -- C:\dev.ini
[2014/02/19 15:08:00 | 000,002,313 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Panasonic Communications Utility.lnk
[2014/02/19 11:44:51 | 000,002,246 | ---- | C] () -- C:\Users\Public\Desktop\Driver Tool.lnk
[2014/02/19 10:26:09 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/19 08:30:34 | 004,379,449 | ---- | C] () -- C:\Users\Chops Towing\Documents\PANASONIC DP-190 user guide.pdf
[2014/02/19 06:20:22 | 000,001,019 | ---- | C] () -- C:\Users\Chops Towing\Desktop\GetNowUpdater.lnk
[2014/02/18 21:45:26 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\DriverTuner.lnk
[2014/02/18 21:32:04 | 000,001,054 | ---- | C] () -- C:\Users\Chops Towing\Desktop\PC Speed Up.lnk
[2014/02/17 12:51:31 | 000,002,436 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2014/02/17 12:51:31 | 000,002,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2014/02/17 12:51:31 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\QuickBooks Pro Plus 2014.lnk
[2014/02/17 12:51:31 | 000,002,032 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2014/02/17 12:34:32 | 000,001,784 | ---- | C] () -- C:\Users\Chops Towing\Desktop\Setup_QuickBooksProSub2014[1].lnk
[2014/02/17 12:34:13 | 000,537,712 | ---- | C] () -- C:\Users\Chops Towing\Documents\Setup_QuickBooksProSub2014.exe
[2014/02/05 12:18:41 | 000,010,814 | ---- | C] () -- C:\Users\Chops Towing\Desktop\2014-02-04 13.36.15 - Shortcut.lnk
[2014/01/30 14:05:01 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2013/01/10 09:48:32 | 000,004,969 | ---- | C] () -- C:\Users\Chops Towing\Intuit_QBOB_Internal.pdf
[2012/10/08 14:04:44 | 002,034,452 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpIMG_3584.0
[2012/10/08 14:04:44 | 000,707,043 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpIMG_3584.JPG
[2012/07/05 17:18:27 | 000,384,844 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\funmoods-speeddial.crx
[2012/05/17 10:38:57 | 000,001,318 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/05/15 10:08:24 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/13 12:33:45 | 000,251,664 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpALLLISON INVOICE_CROP.JPG
[2012/04/13 12:30:33 | 000,264,688 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpALLLISON INVOICE.JPG
[2012/01/27 14:51:00 | 002,088,191 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpIMG_1988.JPG
[2011/07/21 08:45:38 | 000,001,854 | ---- | C] () -- C:\Users\Chops Towing\AppData\Roaming\GhostObjGAFix.xml
[2011/06/03 14:41:54 | 001,495,063 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpBLOSSOM.JPG
[2011/02/27 18:26:18 | 001,185,279 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpIMG_0844.JPG
[2011/02/22 16:17:08 | 000,743,282 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpI PHONE PICS BEFORE MARCH 16 2010 146.JPG
[2010/07/16 12:59:16 | 000,004,674 | ---- | C] () -- C:\Users\Chops Towing\AppData\Roaming\wklnhst.dat
[2010/05/26 13:15:14 | 000,005,055 | ---- | C] () -- C:\Users\Chops Towing\Chop payroll summary.pdf
[2010/05/07 14:19:38 | 000,108,920 | ---- | C] () -- C:\Users\Chops Towing\g2ax_customer_downloadhelper_win32_x86.exe

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013/11/15 09:58:13 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2013/11/15 09:58:13 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3949928028-1693004598-2059892003-1000\$487503e8d9425b9afb46a75ede856ef3\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/19 06:18:34 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\ PANASONIC DP-190 user guide
[2014/02/16 08:07:41 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Autodesk
[2012/06/18 12:23:20 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Babylon
[2014/02/18 21:30:50 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\captcha_error
[2014/02/19 06:38:51 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\DriverCure
[2014/03/07 10:27:48 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Dropbox
[2014/01/13 10:54:26 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\DropboxMaster
[2014/02/27 14:40:09 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\EDrawings
[2010/03/24 10:36:27 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\ElementalsTheMagicKey
[2014/02/18 06:53:22 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater
[2010/03/23 11:23:23 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\iWin
[2012/10/17 13:31:31 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Masque
[2014/02/21 16:15:41 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Panasonic
[2014/02/19 06:38:51 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\ParetoLogic
[2012/06/18 12:25:37 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\PDFlite
[2010/03/19 09:30:12 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\PictureMover
[2013/08/15 13:31:35 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\SketchUp
[2012/10/17 12:41:05 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Stardock
[2010/07/16 12:59:19 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Template
[2010/04/05 09:10:38 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\WinBatch
[2012/07/09 08:38:42 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 573 bytes -> C:\Users\Chops Towing\Desktop\2014-01-23 11.43.56.jpg:com.dropbox.attributes
@Alternate Data Stream - 572 bytes -> C:\Users\Chops Towing\Desktop\2014-01-23 11.45.48.jpg:com.dropbox.attributes

< End of report >
  • 0

#7
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
completed adwcleaner scan and this is the report

# AdwCleaner v3.020 - Report created 07/03/2014 at 10:54:30
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chops Towing - TWI
# Running from : C:\Users\Chops Towing\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\TubeDimmer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Chops Towing\AppData\Local\apn
Folder Deleted : C:\Users\Chops Towing\AppData\Local\BrowserSafeguard
Folder Deleted : C:\Users\Chops Towing\AppData\Local\PackageAware
Folder Deleted : C:\Users\Chops Towing\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Chops Towing\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\CHOPST~1\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\CHOPST~1\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\CHOPST~1\AppData\Local\Temp\TempDir
Folder Deleted : C:\Users\Chops Towing\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Chops Towing\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Chops Towing\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Chops Towing\AppData\Roaming\iWin
Folder Deleted : C:\Users\Chops Towing\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Chops Towing\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\LISA\AppData\Roaming\Mozilla\Firefox\Profiles\xshg7r72.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Chops Towing\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\Chops Towing\Desktop\PC Speed Up.lnk
File Deleted : C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\invalidprefs.js
File Deleted : C:\Users\LISA\AppData\Roaming\Mozilla\Firefox\Profiles\xshg7r72.default\searchplugins\Web Search.xml
File Deleted : C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\user.js
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AdobeUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Speedchecker Limited
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Speedchecker Limited
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\prefs.js ]

Line Deleted : user_pref("extensions.dynconff.cache.udmserve.net.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1164_1524_1146_1169_1348_1482_1493_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDAT[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.eftps.gov.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1164_1524_1146_1169_1348_1482_1493_1521_1675\"><content id=\"MB_P1\">\r\n <newjs>\r\n <[...]

[ File : C:\Users\LISA\AppData\Roaming\Mozilla\Firefox\Profiles\xshg7r72.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9Xv3HdEpQnCTEXSkc0LntcHZK8f9j3AvjCy8er4TbrO-tJozSIV2HXHxVuqs_HaLk3nddtoMrlSYcUU_kO1sSMX4TfbGuqVgl1[...]
Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Line Deleted : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9Xv3HdEpQnCTEXSkc0LntcHZK8f9j3AvjCy8er4TbrO-tJozSIV2HXHxVuqs_HaLk3nddtoMrlSYcUU_k8zQEVIv0c6D62dnRTzV1mAdPJQiLow[...]
Line Deleted : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9Xv3HdEpQnCTEXSkc0LntcHZK8f9j3AvjCy8er4TbrO-tJozSIV2HXHxVuqs_HaLk3nddtoMrlSYcUU_kXMjPEYmApuxor6URc0r29TX[...]

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Chops Towing\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [14636 octets] - [07/03/2014 10:48:58]
AdwCleaner[S0].txt - [13774 octets] - [07/03/2014 10:54:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13835 octets] ##########
  • 0

#8
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Chops Towing on Fri 03/07/2014 at 11:01:07.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{0143B85C-8EEB-4B12-B499-10EEE3E93A1C}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{08351CBB-0340-43AF-9680-832BB7ABDEDC}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{08F9E6E9-D0C9-4C83-80A9-3D945C4C3B6A}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{0B1E164C-2BCB-40FB-A0FD-432514312286}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{0B9A9B88-B522-4074-8BBA-A46DFEA4F717}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{0F64C4FA-0C11-4FBB-A107-1CEDF3CEF132}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{131347DB-6184-431D-A143-37404F331802}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{1320E9B7-F632-4A33-81C4-F0435C55812E}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{1CB04A47-6FA8-4064-B139-3FD09C3740E8}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{1D45A587-B13F-49EC-934C-9A6730170923}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{1DC0FDDF-1D16-4996-BD64-17766C7E2D7C}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{1DD4F26C-9997-4717-9365-68F31E4FC123}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{21DC900B-0FDB-4B09-A750-35EB8D5ECC15}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{255E4AF8-728A-4D20-A5AB-32A4BC8CBA70}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{2AAD5287-6F11-4E06-B79D-F9D2B63EA6C6}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{2C278DC1-6183-40E5-A046-917E26341A76}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{2D790828-B270-485E-8D36-A958965971A5}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{2EA20B7B-9268-43D4-B868-0C473E96BFFF}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{2F2C0552-584D-4893-A477-07605FFE2035}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{3268E60C-14F2-47C7-912A-58BDDE767E2D}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{3A107469-ABA5-497A-883A-35DB93592517}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{3C35B2C1-E416-4980-9FEF-806AF6FA7583}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{3F9358BF-D38C-4E34-8E37-FBAE4304561B}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{4171A993-4CCD-48FB-A3C2-DFAC1EC9674B}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{4367141D-2923-499E-A8B9-A45BB9BFF1B6}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{46B36196-DC60-4EB3-9003-ADA39B66D8C5}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{46D38729-3A06-4D9B-A593-66C605CDD3A6}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{476603EE-9FA1-40DA-A364-0215D0391AE9}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{485E981E-1B35-4E48-9D6A-7646ABDB6D15}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{49601110-0E13-4794-88E6-19A61690C425}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{59B59440-0A6E-4407-AFB2-390A30867287}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{5A67BEF1-36F1-4322-9BE6-232FB563C581}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{5BA66130-CF19-49AF-BFB8-B2BC62EB267A}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{5CCA4680-9285-4B47-A877-8BB3BBE6C9B8}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{5E172B70-9C9B-484E-8BE5-7591A877B11D}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{5E72ED41-C8EF-4946-A0DB-5B048A7816C2}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{60590CB8-05D7-4196-9CD6-DC0FE7D3ACF8}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{637BEBFA-E8AD-4AB9-84B2-535A09372987}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{63CF7FF2-D918-4464-8CBA-C7B15E2782CF}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{64372FC5-BD89-4A97-AB05-7E1B56261460}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{6931626E-4143-494A-8E0E-498578A1A05B}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{6A2E98AB-489D-4C3D-AED9-B9F0FB04E4A8}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{6E2A3156-5B7F-40A2-81D7-7C1B162040EC}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{6F526C9E-8FA5-48B0-B807-5917B12E22BF}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{71D0CBB6-2B89-443F-8953-84265C83610A}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{75A3E536-3262-44B3-B661-9AD2BA83225E}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{77632605-F7AD-4997-9581-91866A07A16F}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{79FFFCF0-8F7D-4D55-8E89-88489D7A756E}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{7A5B2D46-D746-4585-9BB7-D43B96EF8624}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{7ACD5316-E0CF-4EB2-BDC0-781B1448D6EA}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{7AFA4EC9-40C9-4DE2-B704-A473AEBB840E}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{7C474FD4-88C9-485B-96AA-B856D5051D2B}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{7D1D16EE-2626-458B-85F3-FAB053081147}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{7E15549F-6FF3-4599-B58B-A5B4137CAF3E}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{814142D9-6731-4368-9AC4-893B3F980B7E}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{830B29EB-F340-4148-9E8C-54B5CEFE49D0}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{8B521A5E-F40F-4A06-9E03-032555227BF1}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{8B53F59E-F884-4BF5-95F2-1C2122F372AB}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{8C1542F3-0745-4E13-BF30-3F2199657E41}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{94EF068C-92E7-4765-ADC6-92B111DCDCC7}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{974C09BA-0831-492F-B3AF-1A0E1F7FB96E}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{9B34A2F6-8D7B-4D46-A222-51CBF4385D36}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{AA445CF2-7089-46AD-8CF7-0D38D0654BA3}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{ADDED522-B0FA-4ECD-B900-C68105DD552F}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{AE8B2615-C7B7-444A-AC01-9E612B5FAD76}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{AFFB884D-09A2-4E73-AAD7-381C4853089B}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{B2C4F06D-29C8-4D49-AD08-2C3180C3E1ED}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{B4DF35BB-475E-4ED4-A191-150291AD5DED}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{BA22782D-913E-4499-9A4A-93A558D410A7}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{BA52A708-FDE9-4AD0-A663-06D461D994AE}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{C0B37918-4121-4DB6-A290-3101DEB035CA}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{C0F67754-B536-467E-A917-49932524130A}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{C49DEE60-199E-46D4-A516-5688E9557324}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{C8B7F09E-45B7-4525-8589-F8ACE432CF5B}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{C8E5B997-6555-4789-B64E-5EC3B3A0BACF}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{C9D68E02-B4A5-4A91-A4AF-A2DC06542DCB}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{CA99472E-4DA7-4B18-A2D1-403F6F3D2DA3}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{CAB1A5E5-E602-416E-A1A0-D0F8469FF6F1}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{CD999C15-1670-482A-A750-54BEBA7532C1}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{CF26D6B8-25E8-44C1-907C-B805CFF65485}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{D00EE1FE-328C-4A2C-9E18-5CA3A81BA31A}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{D14A4F3C-0BBD-4165-9863-53FCDDD99130}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{D2D70FD5-823F-496F-9399-BD380BC9973F}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{D6F6EE1E-E783-409E-942F-94BDF82F31B1}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{DC163833-E9E7-4AA7-91FE-FFBBFF0E265A}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{DCECE6E1-5482-44B4-B942-112F3F6B0FBF}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{E173DBE4-0B6F-4035-836A-A6B427C92E75}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{EB576082-5114-4BD8-9F99-4496298C945C}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{F1219995-9BA4-4662-B8EB-FA0A8E219EF3}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{F1463CE3-AFA3-48B5-BEF6-A433D76785B0}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{F1EF0716-D934-48F8-A645-EC365B1F965A}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{F2CDA7A8-EC49-4DC2-BF6A-F36A045A56AA}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{F41259F9-9A32-4C34-8064-38963B0540FF}
Successfully deleted: [Empty Folder] C:\Users\Chops Towing\appdata\local\{FF620416-0451-4519-BCD3-B9AA599E4269}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Chops Towing\AppData\Roaming\mozilla\firefox\profiles\pp2hryml.default\minidumps [91 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/07/2014 at 11:07:08.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OTL logfile created on: 3/7/2014 11:08:29 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chops Towing\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.74 Gb Total Physical Memory | 3.59 Gb Available Physical Memory | 46.41% Memory free
15.48 Gb Paging File | 10.92 Gb Available in Paging File | 70.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.32 Gb Total Space | 543.29 Gb Free Space | 79.05% Space Free | Partition Type: NTFS
Drive D: | 11.07 Gb Total Space | 1.60 Gb Free Space | 14.47% Space Free | Partition Type: NTFS
Drive J: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 1.86 Gb Total Space | 0.55 Gb Free Space | 29.78% Space Free | Partition Type: FAT

Computer Name: TWI | User Name: Chops Towing | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/06 11:01:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chops Towing\Downloads\OTL(2).exe
PRC - [2014/02/25 02:55:33 | 003,775,800 | ---- | M] (Intuit Inc. All rights reserved.) -- C:\Users\Chops Towing\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
PRC - [2014/02/17 17:51:38 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/01/02 18:32:12 | 033,508,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Chops Towing\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/02 16:59:28 | 001,129,288 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2013/12/02 16:57:54 | 001,215,304 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
PRC - [2013/12/02 16:20:28 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2013/12/02 14:27:20 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2013/11/20 15:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe
PRC - [2009/10/22 20:50:40 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/09/19 16:40:54 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/09/19 16:40:48 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/09/19 16:39:06 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/09/19 16:38:48 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2009/08/24 20:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/10/21 17:02:08 | 000,176,128 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files (x86)\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
PRC - [2004/09/17 02:45:56 | 000,118,784 | ---- | M] (Avanquest USA LLC) -- C:\Program Files (x86)\MySoftware\MyInvoices\Tracker.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/07 10:58:03 | 000,041,984 | ---- | M] () -- c:\Users\Chops Towing\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz3ioov.dll
MOD - [2014/02/17 17:51:38 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/12/17 20:25:54 | 003,610,624 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/12/02 16:58:40 | 000,140,616 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBProActiveCore.DLL
MOD - [2013/12/02 16:58:38 | 000,148,296 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBMAPILibrary.dll
MOD - [2013/12/02 16:58:34 | 000,021,320 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBCompressor.DLL
MOD - [2013/12/02 16:58:24 | 000,043,848 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\mbpopup.dll
MOD - [2013/12/02 16:58:16 | 000,760,648 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\FeaturesBridge.DLL
MOD - [2013/12/02 16:58:16 | 000,621,896 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\FtuEngine.dll
MOD - [2013/12/02 16:58:04 | 000,623,432 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
MOD - [2013/12/02 16:58:04 | 000,247,112 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll
MOD - [2013/12/02 16:58:00 | 000,578,888 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\BackupLib.dll
MOD - [2013/12/02 14:27:14 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\zlib1.dll
MOD - [2013/10/18 17:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/09/14 00:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 00:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/08/15 06:40:49 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6e0e5467e23a80c5c7d34f65dc7f87f2\System.IdentityModel.ni.dll
MOD - [2013/08/15 06:40:48 | 018,101,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\918ce68a67ddb5558994e20dc3a74c8a\System.ServiceModel.ni.dll
MOD - [2013/08/15 06:39:20 | 012,100,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\c7a85f1270da03424f153ed84a2fae51\System.Web.ni.dll
MOD - [2013/08/15 06:39:11 | 001,021,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\b12cbfa020af0c619d8f58c6b665efc1\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/08/15 06:39:11 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/15 06:39:10 | 002,646,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\332407a3f224f388f70120d33cb872d5\System.Runtime.Serialization.ni.dll
MOD - [2013/08/15 06:39:10 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d083ee23a4c0d8cf76ae9e95e52d0388\SMDiagnostics.ni.dll
MOD - [2013/08/15 06:38:44 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/14 16:06:54 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e205d971e9ffa1771cff3d3dde1c3c2b\PresentationFramework.ni.dll
MOD - [2013/08/14 16:06:42 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\107b8a28ba272e93556f0e2bfa2c4e16\PresentationCore.ni.dll
MOD - [2013/08/14 16:06:33 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6405f08f877802703cfd956c072a4ad0\WindowsBase.ni.dll
MOD - [2013/08/14 16:06:32 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1a3b614a84244ea5fa4147b5cf007333\System.Windows.Forms.ni.dll
MOD - [2013/08/14 16:06:31 | 007,053,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\608aa2db27d45e63a4863f1f1d06897a\System.Core.ni.dll
MOD - [2013/08/14 16:06:29 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\df40dab689e9d8febfb943599ba79f8d\System.Configuration.ni.dll
MOD - [2013/08/14 16:06:27 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/14 16:06:25 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/14 16:06:23 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/07/11 02:23:30 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\51fe07d5205cd85d996af305a38b3770\Accessibility.ni.dll
MOD - [2013/07/11 02:08:30 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/22 20:50:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2006/11/27 12:19:38 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Panasonic\Panasonic-DMS\Port Controller\PDFMAKE.DLL
MOD - [2005/01/24 22:01:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Panasonic\Panasonic-DMS\Port Controller\MFPPROC.DLL
MOD - [2004/08/18 17:02:50 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\SKINS\Office2003.dll
MOD - [2003/12/07 16:30:40 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Panasonic\Panasonic-DMS\Port Controller\MFPSEQ.dll
MOD - [1997/11/05 02:06:00 | 000,517,120 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\mtl70mt.dll
MOD - [1997/11/05 02:05:58 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\mmnyd.dll
MOD - [1997/11/05 02:05:52 | 000,323,584 | ---- | M] () -- C:\Program Files (x86)\MySoftware\MyInvoices\CB5DVL.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/06/28 16:37:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/02/21 13:50:28 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/17 17:51:38 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/02 16:20:28 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2013/12/02 14:27:20 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2013/12/02 14:27:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe -- (NIS)
SRV - [2009/09/19 16:39:06 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/17 16:09:02 | 000,061,592 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netfilter64.sys -- (Netfilter64)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/19 09:31:46 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/02/26 20:23:54 | 000,149,552 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/02/26 20:23:21 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/02/26 20:23:21 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/02/25 17:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/03 19:40:52 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/02/03 19:40:50 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2009/10/22 00:23:18 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2009/10/22 00:23:18 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2009/10/06 07:49:14 | 000,230,456 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/08/29 18:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2009/08/20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/28 16:37:00 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 14:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 04:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/03 08:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2010/04/29 11:44:04 | 000,678,448 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/10/28 16:37:21 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100513.002\IDSviA64.sys -- (IDSVia64)
DRV - [2009/10/22 00:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/22 00:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/29 03:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{8CFFB8DF-E170-47DC-810B-862F7A8E63F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {BB046E20-E48F-4915-AE50-D545283BE420}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/26 12:34:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/05/26 12:33:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 17:31:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 17:31:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\

[2013/02/07 10:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Extensions
[2014/03/07 10:23:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chops Towing\AppData\Roaming\Mozilla\Firefox\Profiles\pp2hryml.default\extensions
[2013/12/20 07:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/17 17:51:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/07 10:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions

========== Chrome ==========

CHR - default_search_provider: Conduit Search ()
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Wallet = C:\Users\Chops Towing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Tracker] C:\Program Files (x86)\MySoftware\MyInvoices\Tracker.exe (Avanquest USA LLC)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Chops Towing\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [Driver Tool] C:\Program Files (x86)\Driver Tool\Driver Tool\DriverTool.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW File not found
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Chops Towing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chops Towing\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22D4B7CB-5413-481B-A3FB-CDD966F9415B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35B22FFF-A9A8-4048-A887-21B6996DB237}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35B22FFF-A9A8-4048-A887-21B6996DB237}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{521E8D85-C6BE-45A4-823A-8E62015D15D2}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{521E8D85-C6BE-45A4-823A-8E62015D15D2}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D6F4CC0-1FC3-4004-B13F-D2DDE2F3646A}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7236146A-504C-4193-8EC2-EA04F7DCAA50}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7236146A-504C-4193-8EC2-EA04F7DCAA50}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{941DD8A9-65B9-4757-A6AB-1F794F02BBB5}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4EA2B12-1511-48CD-BE4F-214FBFFEA25C}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\intu-help-qb7 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb7 {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/02/16 08:28:56 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2007/10/23 01:22:58 | 000,000,285 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/08/22 14:25:28 | 000,000,090 | ---- | M] () - L:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{058c6d2b-6739-11e0-8ef6-18a905bba72e}\Shell - "" = AutoRun
O33 - MountPoints2\{058c6d2b-6739-11e0-8ef6-18a905bba72e}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O33 - MountPoints2\{755a48ae-7e02-11e0-ba21-18a905bba72e}\Shell - "" = AutoRun
O33 - MountPoints2\{755a48ae-7e02-11e0-ba21-18a905bba72e}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/07 11:01:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/07 10:48:53 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/07 10:23:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/03 09:10:06 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\arco certs .500 plate
[2014/02/27 14:38:08 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\EDrawings
[2014/02/27 14:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks 2014
[2014/02/27 14:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eDrawings2014
[2014/02/26 16:15:19 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2014/02/26 14:54:48 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\w-9
[2014/02/26 11:44:49 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Desktop\w-9 signed form
[2014/02/26 11:40:39 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\w-9 from
[2014/02/25 07:56:05 | 000,000,000 | ---D | C] -- C:\temp
[2014/02/24 19:43:36 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\Signed Arco Pay request
[2014/02/24 18:28:01 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\Arco AIA-G703
[2014/02/24 18:26:36 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\Arco Pay Request
[2014/02/24 11:39:59 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Desktop\scott mardi grax 2014
[2014/02/21 16:15:41 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Panasonic
[2014/02/19 15:08:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic
[2014/02/19 15:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
[2014/02/19 15:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic
[2014/02/19 15:07:39 | 000,000,000 | ---D | C] -- C:\Panasonic
[2014/02/19 15:06:49 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\InstallShield
[2014/02/19 11:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2014/02/19 11:46:12 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\PC_Drivers_Headquarters
[2014/02/19 11:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Tool
[2014/02/19 11:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Tool
[2014/02/19 11:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Tool
[2014/02/19 10:26:16 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Malwarebytes
[2014/02/19 10:26:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/19 10:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/19 10:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/19 10:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/19 10:25:56 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Local\Programs
[2014/02/19 06:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetNowUpdater
[2014/02/19 06:20:20 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater
[2014/02/19 06:18:34 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\ PANASONIC DP-190 user guide
[2014/02/18 21:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
[2014/02/18 21:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverTuner
[2014/02/18 21:30:50 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\captcha_error
[2014/02/18 09:07:40 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\welding certs
[2014/02/17 12:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
[2014/02/17 12:49:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nuance
[2014/02/17 12:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2014/02/17 12:34:33 | 560,486,400 | ---- | C] (Intuit, Inc. ) -- C:\Users\Chops Towing\Desktop\QuickBooksProSub2014.exe
[2014/02/17 12:34:32 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Download Manager
[2014/02/17 12:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Akamai
[2014/02/16 08:07:41 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\Autodesk
[2014/02/16 08:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2014/02/16 08:05:49 | 000,000,000 | ---D | C] -- C:\Autodesk
[2014/02/11 10:23:21 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\Documents\ARCO CONTRACT
[1 C:\Users\Chops Towing\Documents\*.tmp files -> C:\Users\Chops Towing\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/07 11:04:13 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/07 11:04:13 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/07 11:03:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/07 11:00:35 | 000,001,192 | ---- | M] () -- C:\Users\Chops Towing\Desktop\JRT - Shortcut.lnk
[2014/03/07 10:56:44 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/07 10:56:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/07 10:56:20 | 1939,779,583 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/07 10:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/07 10:48:09 | 000,001,265 | ---- | M] () -- C:\Users\Chops Towing\Desktop\adwcleaner - Shortcut.lnk
[2014/03/07 10:18:49 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChops Towing.job
[2014/03/07 09:15:13 | 000,007,938 | ---- | M] () -- C:\Users\Chops Towing\Documents\AutoSave_Untitled_3.skp
[2014/03/07 06:47:37 | 000,778,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/07 06:47:37 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/07 06:47:37 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/06 12:06:14 | 000,001,227 | ---- | M] () -- C:\Users\Chops Towing\Desktop\OTL(2) - Shortcut.lnk
[2014/02/28 16:08:03 | 000,004,090 | ---- | M] () -- C:\Users\Chops Towing\Documents\MATERIAL LIST OILFIELD VALVE DWG 22-516 REVISED.ods
[2014/02/28 10:00:10 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/02/27 14:29:12 | 000,398,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/27 14:27:44 | 000,000,000 | ---- | M] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2014/02/27 14:27:41 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\eDrawings 2014.lnk
[2014/02/26 11:39:04 | 000,640,722 | ---- | M] () -- C:\Users\Chops Towing\Documents\2014.jpg
[2014/02/26 11:16:25 | 000,012,800 | ---- | M] () -- C:\Users\Chops Towing\Documents\letter to angel.wps
[2014/02/26 11:16:25 | 000,004,674 | ---- | M] () -- C:\Users\Chops Towing\AppData\Roaming\wklnhst.dat
[2014/02/24 11:46:43 | 000,002,275 | ---- | M] () -- C:\Users\Chops Towing\Documents\My Movie.wlmp
[2014/02/24 10:30:57 | 000,004,969 | ---- | M] () -- C:\Users\Chops Towing\Intuit_QBOB_Internal.pdf
[2014/02/19 15:10:37 | 000,001,293 | ---- | M] () -- C:\Users\Chops Towing\Desktop\Network Scan Data - Shortcut.lnk
[2014/02/19 15:08:53 | 000,000,031 | ---- | M] () -- C:\dev.ini
[2014/02/19 15:08:00 | 000,002,313 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Panasonic Communications Utility.lnk
[2014/02/19 11:44:51 | 000,002,246 | ---- | M] () -- C:\Users\Public\Desktop\Driver Tool.lnk
[2014/02/19 10:26:09 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/19 08:30:21 | 004,379,449 | ---- | M] () -- C:\Users\Chops Towing\Documents\PANASONIC DP-190 user guide.pdf
[2014/02/19 06:39:10 | 000,010,814 | ---- | M] () -- C:\Users\Chops Towing\Desktop\2014-02-04 13.36.15 - Shortcut.lnk
[2014/02/19 06:20:22 | 000,001,019 | ---- | M] () -- C:\Users\Chops Towing\Desktop\GetNowUpdater.lnk
[2014/02/18 21:45:26 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\DriverTuner.lnk
[2014/02/17 12:51:39 | 000,000,095 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2014/02/17 12:51:31 | 000,002,436 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2014/02/17 12:51:31 | 000,002,223 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2014/02/17 12:51:31 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\QuickBooks Pro Plus 2014.lnk
[2014/02/17 12:51:31 | 000,002,032 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2014/02/17 12:41:00 | 560,486,400 | ---- | M] (Intuit, Inc. ) -- C:\Users\Chops Towing\Desktop\QuickBooksProSub2014.exe
[2014/02/17 12:34:32 | 000,001,784 | ---- | M] () -- C:\Users\Chops Towing\Desktop\Setup_QuickBooksProSub2014[1].lnk
[2014/02/17 12:34:13 | 000,537,712 | ---- | M] () -- C:\Users\Chops Towing\Documents\Setup_QuickBooksProSub2014.exe
[1 C:\Users\Chops Towing\Documents\*.tmp files -> C:\Users\Chops Towing\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/07 11:00:35 | 000,001,192 | ---- | C] () -- C:\Users\Chops Towing\Desktop\JRT - Shortcut.lnk
[2014/03/07 10:48:09 | 000,001,265 | ---- | C] () -- C:\Users\Chops Towing\Desktop\adwcleaner - Shortcut.lnk
[2014/03/07 08:53:06 | 000,007,938 | ---- | C] () -- C:\Users\Chops Towing\Documents\AutoSave_Untitled_3.skp
[2014/03/06 12:06:14 | 000,001,227 | ---- | C] () -- C:\Users\Chops Towing\Desktop\OTL(2) - Shortcut.lnk
[2014/02/27 14:27:44 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2014/02/27 14:27:41 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\eDrawings 2014.lnk
[2014/02/26 11:39:04 | 000,640,722 | ---- | C] () -- C:\Users\Chops Towing\Documents\2014.jpg
[2014/02/24 11:45:49 | 000,002,275 | ---- | C] () -- C:\Users\Chops Towing\Documents\My Movie.wlmp
[2014/02/19 15:10:37 | 000,001,293 | ---- | C] () -- C:\Users\Chops Towing\Desktop\Network Scan Data - Shortcut.lnk
[2014/02/19 15:08:53 | 000,000,031 | ---- | C] () -- C:\dev.ini
[2014/02/19 15:08:00 | 000,002,313 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Panasonic Communications Utility.lnk
[2014/02/19 11:44:51 | 000,002,246 | ---- | C] () -- C:\Users\Public\Desktop\Driver Tool.lnk
[2014/02/19 10:26:09 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/19 08:30:34 | 004,379,449 | ---- | C] () -- C:\Users\Chops Towing\Documents\PANASONIC DP-190 user guide.pdf
[2014/02/19 06:20:22 | 000,001,019 | ---- | C] () -- C:\Users\Chops Towing\Desktop\GetNowUpdater.lnk
[2014/02/18 21:45:26 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\DriverTuner.lnk
[2014/02/17 12:51:31 | 000,002,436 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2014/02/17 12:51:31 | 000,002,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2014/02/17 12:51:31 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\QuickBooks Pro Plus 2014.lnk
[2014/02/17 12:51:31 | 000,002,032 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2014/02/17 12:34:32 | 000,001,784 | ---- | C] () -- C:\Users\Chops Towing\Desktop\Setup_QuickBooksProSub2014[1].lnk
[2014/02/17 12:34:13 | 000,537,712 | ---- | C] () -- C:\Users\Chops Towing\Documents\Setup_QuickBooksProSub2014.exe
[2014/02/05 12:18:41 | 000,010,814 | ---- | C] () -- C:\Users\Chops Towing\Desktop\2014-02-04 13.36.15 - Shortcut.lnk
[2014/01/30 14:05:01 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2013/01/10 09:48:32 | 000,004,969 | ---- | C] () -- C:\Users\Chops Towing\Intuit_QBOB_Internal.pdf
[2012/10/08 14:04:44 | 002,034,452 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpIMG_3584.0
[2012/10/08 14:04:44 | 000,707,043 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpIMG_3584.JPG
[2012/05/17 10:38:57 | 000,001,318 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/05/15 10:08:24 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/13 12:33:45 | 000,251,664 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpALLLISON INVOICE_CROP.JPG
[2012/04/13 12:30:33 | 000,264,688 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpALLLISON INVOICE.JPG
[2012/01/27 14:51:00 | 002,088,191 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpIMG_1988.JPG
[2011/07/21 08:45:38 | 000,001,854 | ---- | C] () -- C:\Users\Chops Towing\AppData\Roaming\GhostObjGAFix.xml
[2011/06/03 14:41:54 | 001,495,063 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpBLOSSOM.JPG
[2011/02/27 18:26:18 | 001,185,279 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpIMG_0844.JPG
[2011/02/22 16:17:08 | 000,743,282 | ---- | C] () -- C:\Users\Chops Towing\AppData\Local\tmpI PHONE PICS BEFORE MARCH 16 2010 146.JPG
[2010/07/16 12:59:16 | 000,004,674 | ---- | C] () -- C:\Users\Chops Towing\AppData\Roaming\wklnhst.dat
[2010/05/26 13:15:14 | 000,005,055 | ---- | C] () -- C:\Users\Chops Towing\Chop payroll summary.pdf
[2010/05/07 14:19:38 | 000,108,920 | ---- | C] () -- C:\Users\Chops Towing\g2ax_customer_downloadhelper_win32_x86.exe

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013/11/15 09:58:13 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2013/11/15 09:58:13 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3949928028-1693004598-2059892003-1000\$487503e8d9425b9afb46a75ede856ef3\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/19 06:18:34 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\ PANASONIC DP-190 user guide
[2014/02/16 08:07:41 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Autodesk
[2014/02/18 21:30:50 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\captcha_error
[2014/03/07 10:58:44 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Dropbox
[2014/01/13 10:54:26 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\DropboxMaster
[2014/02/27 14:40:09 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\EDrawings
[2010/03/24 10:36:27 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\ElementalsTheMagicKey
[2014/02/18 06:53:22 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater
[2012/10/17 13:31:31 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Masque
[2014/02/21 16:15:41 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Panasonic
[2012/06/18 12:25:37 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\PDFlite
[2010/03/19 09:30:12 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\PictureMover
[2013/08/15 13:31:35 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\SketchUp
[2012/10/17 12:41:05 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Stardock
[2010/07/16 12:59:19 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Template
[2010/04/05 09:10:38 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\WinBatch
[2012/07/09 08:38:42 | 000,000,000 | ---D | M] -- C:\Users\Chops Towing\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 573 bytes -> C:\Users\Chops Towing\Desktop\2014-01-23 11.43.56.jpg:com.dropbox.attributes
@Alternate Data Stream - 572 bytes -> C:\Users\Chops Towing\Desktop\2014-01-23 11.45.48.jpg:com.dropbox.attributes

< End of report >
  • 0

#9
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
regarding the addition to step 5, i ran otl quick scan again and rebooted the pc but no fix log popped up. i also searched for a file named fixlog, but found nothing. once again thanks so much for your help it is much appreciated :)
  • 0

#10
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Acknowledged,you are most welcome. :) Further instructions are coming soon.
  • 0

Advertisements


#11
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hey melint. :)
You forgot this to do:

Please move OTL.exe to your desktop. It is currently located at your downloads folder (C:\Users\Chops Towing\Downloads)


Please do this. Anyway, the rest you did fine. :)

===== > Step 1: Chrome Default Search Provider < =====

  • Start Chrome
  • Click on the Chrome Menu , then select Settings
  • Go to the Search Section, then click on Manage Search Engines
  • A Window will open. Next to Conduit Search click the cross
  • This will remove the bad Search Engine. If you like you can make Google as Default Search Engine

===== > Step 2: OTL Fix < =====

  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\
    O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Chops Towing\AppData\Local\Akamai\netsession_win.exe" File not found
    O4 - HKCU..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O33 - MountPoints2\{058c6d2b-6739-11e0-8ef6-18a905bba72e}\Shell - "" = AutoRun
    O33 - MountPoints2\{058c6d2b-6739-11e0-8ef6-18a905bba72e}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
    O33 - MountPoints2\{755a48ae-7e02-11e0-ba21-18a905bba72e}\Shell - "" = AutoRun
    O33 - MountPoints2\{755a48ae-7e02-11e0-ba21-18a905bba72e}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
    [2014/02/25 07:56:05 | 000,000,000 | ---D | C] -- C:\temp
    [2014/02/19 06:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetNowUpdater
    [2014/02/19 06:20:20 | 000,000,000 | ---D | C] -- C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater
    [2014/02/19 06:20:22 | 000,001,019 | ---- | C] () -- C:\Users\Chops Towing\Desktop\GetNowUpdater.lnk
    [2013/11/15 09:58:13 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
    [2013/11/15 09:58:13 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
    
    :Reg
    [-HKCU\SOFTWARE\Wow6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}] 
    
    :Files
    C:\$Recycle.Bin\S-1-5-21-3949928028-1693004598-2059892003-1000\$487503e8d9425b9afb46a75ede856ef3
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into your next reply.

===== > Step 3: Farbar Service Scanner < =====

Please download Farbar Service Scanner and run it on the computer with the issue. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FSS icon and select Run as Administrator)
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===== > Step 4: OTL Custom Scan < =====

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    mpsvc.dll
    winsock.*
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Open Posted Image on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      Posted Image

    • Click the box beside Scan All Users at the top of the console
    • If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
    • Make sure the Output box at the top is set to Standard Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Place the mouse pointer inside the Posted Image box, right click and click Paste. This will put the above script inside OTL
    • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
    • Let the scan run uninterrupted.
    • When the scan completes, it will open OTL.Txt on the desktop.
    • Please copy the contents of these files and paste it into your reply. To do that:
    • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
  • Please do the same for the Extras.txt
[/list]
  • 0

#12
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hi,
are you still with me?
  • 0

#13
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
i'm so sorry, i have been away from the office since friday. i will be there again in the am. will do what you requested and post logs asap. thanks for your patience :)
  • 0

#14
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Acknowledged & no problem, melint. :)
  • 0

#15
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
moved otl to desktop
opened chrome and did what you said, but there was no search engine listed
ran otl with fix and got the following:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files (x86)\Social Privacy\FF not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\HPADVISOR deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{058c6d2b-6739-11e0-8ef6-18a905bba72e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{058c6d2b-6739-11e0-8ef6-18a905bba72e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{058c6d2b-6739-11e0-8ef6-18a905bba72e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{058c6d2b-6739-11e0-8ef6-18a905bba72e}\ not found.
File J:\TL_Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{755a48ae-7e02-11e0-ba21-18a905bba72e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{755a48ae-7e02-11e0-ba21-18a905bba72e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{755a48ae-7e02-11e0-ba21-18a905bba72e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{755a48ae-7e02-11e0-ba21-18a905bba72e}\ not found.
File J:\TL_Bootstrap.exe not found.
C:\temp folder moved successfully.
C:\Program Files (x86)\GetNowUpdater\inst\Bootstrapper folder moved successfully.
C:\Program Files (x86)\GetNowUpdater\inst folder moved successfully.
C:\Program Files (x86)\GetNowUpdater folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\plugins\sqldrivers folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\plugins\sensors folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\plugins\sensorgestures folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\plugins\qmltooling folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\plugins\qml1tooling folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\plugins\printsupport folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\plugins\playlistformats folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\plugins\platforms folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\plugins\mediaservice folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\plugins\imageformats folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\plugins\iconengines folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\plugins\designer folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\plugins\bearer folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\plugins\accessible folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\plugins folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\inst\Bootstrapper folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\inst folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\html_res\img folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\html_res folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater\bin folder moved successfully.
C:\Users\Chops Towing\AppData\Roaming\GetNowUpdater folder moved successfully.
C:\Users\Chops Towing\Desktop\GetNowUpdater.lnk moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ not found.
========== FILES ==========
C:\$Recycle.Bin\S-1-5-21-3949928028-1693004598-2059892003-1000\$487503e8d9425b9afb46a75ede856ef3 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chops Towing
->Temp folder emptied: 3446540365 bytes
->Temporary Internet Files folder emptied: 557467246 bytes
->Java cache emptied: 218990 bytes
->FireFox cache emptied: 389485143 bytes
->Google Chrome cache emptied: 6962356 bytes
->Flash cache emptied: 19844 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 255867 bytes
->Temporary Internet Files folder emptied: 424674 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18266103 bytes

User: LISA
->Temp folder emptied: 211843 bytes
->Temporary Internet Files folder emptied: 788690 bytes
->FireFox cache emptied: 16476835 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 674567246 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42310724 bytes
RecycleBin emptied: 2818296429 bytes

Total Files Cleaned = 7,603.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03112014_100251

Files\Folders moved on Reboot...
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZMAJ7DY6\0,300x600;;u=cat-careerswork_scat-careers_sscat-manufacturingjobs_expert-_chan-_schan-_blog-0_tyn-1_dmd-06F65BC6-2F09-4F2C-B2C2-E86910DB4CC6;tile=4;ord=5269472623144[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZMAJ7DY6\50;;u=cat-careerswork_scat-careers_sscat-manufacturingjobs_expert-_chan-_schan-_blog-0_tyn-1_dmd-06F65BC6-2F09-4F2C-B2C2-E86910DB4CC6_dcs-y0;tile=5;ord=5269472623144[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZMAJ7DY6\901_ID-08131AB3FC26243C4BB88C.27D80094;ae=1;sc=100;bkv30=0;bkv39=0;bkv1=663;bkv62=0;bkv211=0;bkv158=0;bkv1030=0;bkv8700=0;bkv32=0;grid=-1;olid=-1;ord=474569041008956[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZMAJ7DY6\;pos=1;site=popularmechanics;sect=home;sub=how-to-plans;subsub=woodworking;page=4224738;cat=home_improve_pm;subcat=;tool=open;artid=645234;kw=;a=;b=;refer=www.google[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZMAJ7DY6\et=vrm;u=,vrm-21419641909_1340612497,120e5bbb6f0c1ce,fam,vrm.fam_l;tile=1;dcopt=;dcopt=ist;!c=f;sz=728x90;ord1=124358;cmw=owl;contx=fam;cmd=www.babynames.com;btg=vrm[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZMAJ7DY6\iZUucgTNFgplm4,AwGB4wPPQQfvI4rEAPUJh1CxgYKYbV-nKVuk1KG7r0u-q0PislDMns0vixXOUv2QjEOMnBi4NEkcVwrLRuUMoCbmiKp16x_vlKDlulIBd-S26S5q14Zox9HGOSb4yKkL2_I&callback=google.LU[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZMAJ7DY6\iZUucgTNFgplm4,AwGB4wPPQQfvI4rEAPUJh1CxgYKYbV-nKVuk1KG7r0u-q0PislDMns0vixXOUv2QjEOMnBi4NEkcVwrLRuUMoCbmiKp16x_vlKDlulIBd-S26S5q14Zox9HGOSb4yKkL2_I&callback=google.LU[2].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZMAJ7DY6\JgIGFJSurtzGTi2-Kx4DProciy5V0vRsiYhMeSFSvftyYLeDhLWv35r77FGomHgEv14jkVxD6iigKzwhYyvH3qv80P9bizR-arkJHhGll2p0soDmn2usjn-zXhlwxOoppm0Vr04ueTnNCBb9IUpTwwO4anGuqYNHA74w[1].gif not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZMAJ7DY6\popularmechanics;sect=home;sub=how-to-plans;subsub=woodworking;page=4224738;cat=home_improve_pm;subcat=;tool=open;artid=645234;kw=;a=;b=;tile=10;ord=2237827943410160[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZMAJ7DY6\ub=how-to-plans;subsub=woodworking;page=4224738;cat=home_improve_pm;subcat=;tool=open;artid=645234;kw=;a=;b=;refer=www.popularmechanics.com;game=;ord=474569041008956[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZMAJ7DY6\Ykg0TnJfcG5uVjBSVWRQMmE5NVFIbnQ5T1pqUjh5bEZreFZMejU3WFBscDV1enEuQTF4Y0RtTmJkMGFLdldEYTcwUTA1Z2lOcWdUYzJkX3Rhd21Ha1p1cW9wc2RpNlExamU2aThrU1BwQ1RQQ1VfYlcxd0E1bi5td01zYQ--[1] not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\NVDKX3P8\7cL6xm4ax1nKuXKjcbbPtjH_7DhwLho1J7DhaUdaI3kxoWuUXZW8Wcr0A7_w3ALyMe3fYAwRPtRmFHafIeVzk8PswtG64fMKcNFTGCFC3NkbC__mKbMXPlruQBOTp-5WVFnKMTFBP1GplU9MSU&callback=google.LU[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\NVDKX3P8\;ic2=1;c8420=61;c8395=61;c8394=61;c8393=61;c12718=61;c8408=61;clen=1;c8399=61;c8396=61;c8413=61;c8412=61;c8415=61;c12720=61;c8369=90;pvs=2;direct=false;u=ip_70.182.6[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\NVDKX3P8\=popularmechanics;sect=home;sub=how-to-plans;subsub=woodworking;page=4224738;cat=home_improve_pm;subcat=;tool=open;artid=645234;kw=;a=;b=;tile=10;ord=474569041008956[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\NVDKX3P8\eob_WIPLDYoIWcfVXxvZu9XwJ55OX7Ag,AwGB4wPPQQfvI4rEAPUJh1CxgYKYbV-nKVuk1KG7r0u-q0PislDMns0vixXOUv2QjEOMnBi4NEkcVwrLRuUMoCbmiKp16x_vlKDlulIBd-S26S5q14Zox9HGOSb4yKkL2_I[1].gif not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\NVDKX3P8\et=vrm;u=,vrm-21386711646_1340612489,120e5bbb6f0c1ce,fam,vrm.fam_l;tile=1;dcopt=;dcopt=ist;!c=f;sz=728x90;ord1=348709;cmw=owl;contx=fam;cmd=www.babynames.com;btg=vrm[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\NVDKX3P8\VFJ0OXFSd195UzRDTkVuemJBeWsucnlNdnN6ZUNoMzdwZ1ZKeWt5TW9TalJVQmd4RjhCa2NtV2JFRnIyRlFPamZNQ093bzRrd0I1dzVIX1RkR3h4b1pYOTB5YjEzQ3Y4cV9sek8zMGRFNFRkSHZRTlRnVFQ4TUlDUFZKNA--[1] not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\NVDKX3P8\z=160x600;;u=cat-careerswork_scat-careers_sscat-manufacturingjobs_expert-_chan-_schan-_blog-0_tyn-1_dmd-06F65BC6-2F09-4F2C-B2C2-E86910DB4CC6;tile=3;ord=5269472623144[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\KMLBAFFV\.64c9hckojgeb5.ver.7.app.64p33climcphh.ver.18.app.66c1j6ph68ohn.ver.29.app.66c9i6pj32d33.ver.17.app.68ohh6com6c1h.ver.8.app.6ae32cgp68pb6.ver.19.app.6cdj26sq3cdb6.ver[1].8 not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\KMLBAFFV\90,728x90;;u=cat-careerswork_scat-careers_sscat-manufacturingjobs_expert-_chan-_schan-_blog-0_tyn-1_dmd-06F65BC6-2F09-4F2C-B2C2-E86910DB4CC6;tile=2;ord=5269472623144[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\KMLBAFFV\bjBFVEpxZjIzd2x4TUZhT1gwcGo3cVB1SjZLVjBNTjNhNE9ZUnB5U1Y1RlNRMzhoNzdtVkxreDdZVUpsWnl1MjJmRjZfbHRacXpEXzdSMjJBR2RIeHNITzh1YXRUWk9QMHRxbnJGLk1PMzFWTlREU0FyN0Y2bzVLZWgudQ--[1] not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\KMLBAFFV\net=vrm;u=,vrm-21231156706_1340612483,120e5bbb6f0c1ce,fam,vrm.fam_l;tile=1;dcopt=;dcopt=ist;!c=f;sz=728x90;ord1=50348;cmw=owl;contx=fam;cmd=www.babynames.com;btg=vrm[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\KMLBAFFV\sz=24x24;refresh=page;secure=false;canopy_allowed=false;skin=main;position=1;ac15=1;ac19=1;ac3=1;ac2=1;ac1=1;ac7=1;ic16=1;ic14=1;pvs=1;direct=false;ord=1359116433281[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\KMLBAFFV\tion=1;c8420=61;c8412=61;c8413=61;c12720=61;c12718=61;c8408=61;clen=1;c8399=61;c8396=61;c8394=61;c8395=61;c8415=61;c8393=61;c8369=90;pvs=1;direct=false;u=ip_70.182.6[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\KMLBAFFV\Tqwm2qlpdedqR73QA57cL6xm4ax1nKuXKjcbbPtjH_7DhwLho1J7DhaUdaI3kxoWuUXZW8Wcr0A7_w3ALyMe3fYAwRPtRmFHafIeVzk8PswtG64fMKcNFTGCFC3NkbC__mKbMXPlruQBOTp-5WVFnKMTFBP1GplU9MSU[1].gif not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EK2C14DE\.3ie33cpgj6dhi.ver.46.app.3ie3464o3ed33.ver.8.app.62dhh6thj8cb3.ver.31.app.64c1n65hm8o9m.ver.15.app.64c9hckojgeb5.ver.7.app.66c1j6ph68ohn.ver.31.app.6cdj26sq3cdb6.ver[1].8 not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EK2C14DE\4DProciy5V0vRsiYhMeSFSvftyYLeDhLWv35r77FGomHgEv14jkVxD6iigKzwhYyvH3qv80P9bizR-arkJHhGll2p0soDmn2usjn-zXhlwxOoppm0Vr04ueTnNCBb9IUpTwwO4anGuqYNHA74w&callback=google.LU[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EK2C14DE\901_ID-08131AB1FC26243C4BBAB8.27D8D039;ae=1;sc=100;bkv30=0;bkv39=0;bkv1=663;bkv62=0;bkv211=0;bkv158=0;bkv1030=0;bkv8700=0;bkv32=0;grid=-1;olid=-1;ord=474569041008956[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EK2C14DE\901_ID-08131AB4FC26243C4DC989.27DD7884;ae=1;sc=100;bkv30=0;bkv39=0;bkv1=663;bkv62=0;bkv211=0;bkv158=0;bkv1030=0;bkv8700=0;bkv32=0;grid=-1;olid=-1;ord=474569041008956[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EK2C14DE\dcopt=ist;;u=cat-careerswork_scat-careers_sscat-manufacturingjobs_expert-_chan-_schan-_blog-0_tyn-1_dmd-06F65BC6-2F09-4F2C-B2C2-E86910DB4CC6;tile=1;ord=5269472623144[1].js not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EK2C14DE\DW6Pr-YXOpJMQK7uRq6B8iYx2CX1qPfgYFj-1UlJfzVZXOiYWMhXRx8k2m6y67pjMCUTCghDWEaeClBw3SOTPDYKwyZKQH5uG_k1bhdklTK983o160q_zUG6TI-1Mq3th9O-HNcViEiTIlinetX8jhka3JV6NCwh2Fpy[1].gif not found!
File\Folder C:\Users\Chops Towing\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EK2C14DE\iZUucgTNFgplm4,AwGB4wPPQQfvI4rEAPUJh1CxgYKYbV-nKVuk1KG7r0u-q0PislDMns0vixXOUv2QjEOMnBi4NEkcVwrLRuUMoCbmiKp16x_vlKDlulIBd-S26S5q14Zox9HGOSb4yKkL2_I&callback=google.LU[1].js not found!
C:\Users\Chops Towing\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Chops Towing\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


will continue on next step asap
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP