Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus won't let me install any programs - Would appreciate help


  • This topic is locked This topic is locked

#1
ebelow

ebelow

    New Member

  • Member
  • Pip
  • 6 posts

Hi geeks :)

 

I just started a new job and got a brand new laptop and I've somehow gotten a virus (first time EVER!). I've tried installing several Malware removers before I read here that it's not a good idea - but none of them installed anyway, until just now, OTL has actually worked.

 

I didn't want to scan anything until I talked to you guys...I'm a bit clueless.

 

In addition to being unable to install programs (it says the programs aren't valid Win32 applications), my IE randomly opens and tries to load spam-y websites.

 

I hope this was enough info to get started. THANK YOU again in advance!


  • 0

Advertisements


#2
ebelow

ebelow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Oops I forgot to mention... this morning I got a blue screen of death and everything crashed. Like I said this computer is brand new, so I think it's safe to assume this virus had something to do with it. Not sure if this is helpful, but I got the following message after rebooting:

 

Additional information about the problem:
  BCCode: deaddead
  BCP1: 000000000F010015
  BCP2: 000000000023002C
  BCP3: 0000000012BD0000
  BCP4: 0000000000000000
  OS Version: 6_1_7601
  Service Pack: 1_0
  Product: 256_1

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As you have OTL ...

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    OTL_Main_Tutorial.gif
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach both logs

  • 0

#4
ebelow

ebelow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

(double post sorry)


Edited by ebelow, 27 March 2014 - 06:34 PM.

  • 0

#5
ebelow

ebelow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hi Essexboy, and thank you!

 

OTL.txt: (I'll reply again with extras.txt)

 

OTL logfile created on: 3/27/2014 5:20:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Elizabeth\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.90 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 57.57% Memory free
7.79 Gb Paging File | 4.60 Gb Available in Paging File | 59.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.10 Gb Total Space | 245.23 Gb Free Space | 85.72% Space Free | Partition Type: NTFS
 
Computer Name: L0234 | User Name: Elizabeth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/27 13:17:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elizabeth\Desktop\OTL.scr
PRC - [2014/03/25 03:21:46 | 000,631,808 | ---- | M] () -- C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe
PRC - [2014/03/23 18:39:14 | 001,592,632 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mikogo 4\M4-Capture.exe
PRC - [2014/03/14 17:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/03/06 09:23:03 | 000,219,832 | ---- | M] () -- C:\Users\Elizabeth\AppData\Roaming\Dashlane\Dashlane.exe
PRC - [2014/03/03 09:39:34 | 001,106,784 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Users\Elizabeth\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/11/05 07:01:58 | 000,070,144 | ---- | M] () -- C:\ProgramData\GorillaPrice\WatGorp.exe
PRC - [2013/05/30 18:34:14 | 003,232,152 | ---- | M] (ThreatTrack Security, Inc.) -- C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe
PRC - [2013/05/30 18:30:54 | 003,681,016 | ---- | M] (ThreatTrack Security, Inc.) -- C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe
PRC - [2013/05/30 18:30:48 | 000,176,536 | ---- | M] (ThreatTrack Security, Inc.) -- C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/10 06:46:56 | 001,008,968 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mikogo 4\M4-Service.exe
PRC - [2013/01/15 16:25:58 | 000,115,568 | ---- | M] (GFI Software Development Ltd.) -- C:\Program Files (x86)\GFI Software\LanGuard 10 Agent\lnssatt.exe
PRC - [2013/01/15 16:25:58 | 000,093,552 | ---- | M] (GFI Software Development Ltd.) -- C:\Program Files (x86)\GFI Software\LanGuard 10 Agent\mantle.exe
PRC - [2012/12/06 20:17:10 | 000,564,360 | ---- | M] () -- C:\Program Files (x86)\DesktopCentral_Agent\bin\dcondemand.exe
PRC - [2012/12/06 20:17:10 | 000,552,072 | ---- | M] () -- C:\Program Files (x86)\DesktopCentral_Agent\bin\dcagentservice.exe
PRC - [2012/03/16 10:27:26 | 000,976,256 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBank.exe
PRC - [2012/02/28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/27 03:01:56 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/21 12:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/02/04 21:41:10 | 000,231,328 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
PRC - [2012/02/04 21:40:56 | 000,219,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
PRC - [2012/02/04 13:47:54 | 000,251,808 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
PRC - [2012/02/04 13:16:54 | 002,824,104 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/12/23 10:24:00 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
PRC - [2011/11/25 13:41:36 | 000,645,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
PRC - [2011/11/21 15:12:48 | 000,253,312 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
PRC - [2011/10/24 11:09:58 | 000,305,080 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2011/08/08 13:43:00 | 000,690,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2011/08/08 13:36:00 | 000,087,960 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2011/06/07 12:07:58 | 000,063,432 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2011/06/07 12:07:28 | 000,047,032 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2011/02/03 15:18:00 | 000,742,800 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2010/09/06 16:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008/08/01 13:29:00 | 000,075,080 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/14 17:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/14 17:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/14 17:50:35 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
MOD - [2014/03/14 17:50:34 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
MOD - [2014/03/14 17:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/14 17:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2014/03/10 14:12:02 | 000,470,400 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniieblifogecdlkejbmonblijmdaiog\2.0.0_0\npTFPUBrowserAddin.dll
MOD - [2014/03/06 09:23:03 | 000,219,832 | ---- | M] () -- C:\Users\Elizabeth\AppData\Roaming\Dashlane\Dashlane.exe
MOD - [2014/03/06 09:23:00 | 000,423,608 | ---- | M] () -- C:\Users\Elizabeth\AppData\Roaming\Dashlane\2.4.0.57919\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.4.0.57919.dll
MOD - [2014/03/06 09:22:59 | 002,041,528 | ---- | M] () -- C:\Users\Elizabeth\AppData\Roaming\Dashlane\2.4.0.57919\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.2.4.0.57919.dll
MOD - [2014/03/06 09:22:59 | 000,263,352 | ---- | M] () -- C:\Users\Elizabeth\AppData\Roaming\Dashlane\2.4.0.57919\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.4.0.57919.dll
MOD - [2014/03/06 09:22:58 | 012,154,040 | ---- | M] () -- C:\Users\Elizabeth\AppData\Roaming\Dashlane\2.4.0.57919\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.2.4.0.57919.dll
MOD - [2014/03/06 09:22:58 | 000,216,248 | ---- | M] () -- C:\Users\Elizabeth\AppData\Roaming\Dashlane\2.4.0.57919\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_NPAPI_exports.2.4.0.57919.dll
MOD - [2014/03/06 09:22:56 | 028,202,680 | ---- | M] () -- C:\Users\Elizabeth\AppData\Roaming\Dashlane\2.4.0.57919\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.4.0.57919.dll
MOD - [2014/03/06 09:22:55 | 000,254,648 | ---- | M] () -- C:\Users\Elizabeth\AppData\Roaming\Dashlane\2.4.0.57919\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.4.0.57919.dll
MOD - [2014/03/06 09:22:54 | 004,799,160 | ---- | M] () -- C:\Users\Elizabeth\AppData\Roaming\Dashlane\2.4.0.57919\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.4.0.57919.dll
MOD - [2014/03/06 09:22:54 | 000,363,704 | ---- | M] () -- C:\Users\Elizabeth\AppData\Roaming\Dashlane\2.4.0.57919\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.4.0.57919.dll
MOD - [2014/03/06 09:22:53 | 004,311,736 | ---- | M] () -- C:\Users\Elizabeth\AppData\Roaming\Dashlane\2.4.0.57919\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.4.0.57919.dll
MOD - [2014/02/24 16:56:32 | 000,433,664 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\Apps\Evernote\Evernote\libxml2.dll
MOD - [2014/02/24 16:56:06 | 000,315,392 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\Apps\Evernote\Evernote\libtidy.dll
MOD - [2012/03/16 10:28:14 | 000,372,608 | ---- | M] () -- C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUCommon.dll
MOD - [2012/03/16 10:28:10 | 000,415,104 | ---- | M] () -- C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUBrowserAddinRC.dll
MOD - [2012/01/25 10:57:12 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosGatt.dll
MOD - [2011/12/23 10:24:00 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
MOD - [2011/11/25 13:42:50 | 000,499,976 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
MOD - [2011/11/25 13:29:32 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
MOD - [2011/11/25 13:28:26 | 000,484,352 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
MOD - [2011/11/25 13:26:14 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
MOD - [2011/08/17 16:48:24 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
MOD - [2011/08/17 16:48:22 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
MOD - [2011/08/17 16:41:36 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
MOD - [2011/08/15 20:17:30 | 009,224,704 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
MOD - [2011/08/15 20:15:44 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
MOD - [2011/08/15 20:12:04 | 002,603,520 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
MOD - [2011/08/15 20:12:04 | 001,006,592 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
MOD - [2011/08/15 19:23:00 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
MOD - [2011/07/19 16:05:40 | 014,978,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
MOD - [2011/07/19 16:04:56 | 000,317,952 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/01 04:16:08 | 002,169,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/11 17:05:44 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2012/03/29 16:04:58 | 000,586,624 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2012/03/16 15:54:58 | 000,846,208 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2012/02/28 19:00:32 | 000,342,464 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2012/02/26 05:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/02/26 05:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/02/26 05:07:32 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/02/26 05:07:26 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/02/02 22:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/04/20 15:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/10/20 14:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/03/25 03:21:46 | 000,631,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe -- (GorillaPrice)
SRV - [2013/11/05 07:01:58 | 000,070,144 | ---- | M] () [Auto | Running] -- C:\ProgramData\GorillaPrice\WatGorp.exe -- (WatGorp)
SRV - [2013/07/26 00:36:11 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/25 09:10:04 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/30 18:30:54 | 003,681,016 | ---- | M] (ThreatTrack Security, Inc.) [Auto | Running] -- C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe -- (SBAMSvc)
SRV - [2013/05/30 18:30:48 | 000,176,536 | ---- | M] (ThreatTrack Security, Inc.) [Auto | Running] -- C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/10 06:46:56 | 001,008,968 | ---- | M] () [Auto | Running] -- C:\Users\Administrator\AppData\Roaming\Mikogo 4\M4-Service.exe -- (M4-Service)
SRV - [2013/01/15 16:25:58 | 000,115,568 | ---- | M] (GFI Software Development Ltd.) [Auto | Running] -- C:\Program Files (x86)\GFI Software\LanGuard 10 Agent\lnssatt.exe -- (gfi_lanss10_attservice)
SRV - [2012/12/06 20:17:10 | 000,613,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\DesktopCentral_Agent\bin\dcrdservice.exe -- (ManageEngine Desktop Central - Remote Control)
SRV - [2012/12/06 20:17:10 | 000,552,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DesktopCentral_Agent\bin\dcagentservice.exe -- (ManageEngine Desktop Central - Agent)
SRV - [2012/04/02 11:03:22 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/02/28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/21 12:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/07/11 17:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/06/07 12:08:26 | 000,250,296 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2011/06/07 12:07:28 | 000,047,032 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2011/04/01 17:42:00 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/09/04 14:57:42 | 000,031,264 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiutil.sys -- (gfiutil)
DRV:64bit: - [2013/05/23 08:39:23 | 000,041,032 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2013/02/21 06:14:04 | 000,495,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2013/01/15 16:17:30 | 000,086,968 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2013/01/15 16:17:26 | 000,259,440 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2013/01/15 16:17:26 | 000,088,864 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2013/01/15 16:17:26 | 000,061,808 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (SbHips)
DRV:64bit: - [2012/09/24 20:26:18 | 000,120,608 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2012/09/24 20:26:18 | 000,120,608 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/03/26 19:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/14 01:34:34 | 011,472,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/27 03:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/27 03:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/27 03:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/01/30 14:14:00 | 000,304,696 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2012/01/27 07:18:04 | 001,073,200 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/12/16 17:24:00 | 000,079,040 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/12/06 04:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/09/30 18:16:50 | 000,393,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/12 20:08:02 | 000,019,904 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2011/05/25 17:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011/03/23 17:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 19:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010/11/29 11:47:56 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 06:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 04:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 04:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/11 10:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2010/08/30 10:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010/04/26 11:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 11:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 12:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/24 15:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 10:01:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Toshidpt.sys -- (toshidpt)
DRV:64bit: - [2009/06/17 12:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2762B474-F313-4C6D-B76F-2BFDFAAB1BB1}
IE:64bit: - HKLM\..\SearchScopes\{2762B474-F313-4C6D-B76F-2BFDFAAB1BB1}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {2762B474-F313-4C6D-B76F-2BFDFAAB1BB1}
IE - HKLM\..\SearchScopes\{2762B474-F313-4C6D-B76F-2BFDFAAB1BB1}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1235237089-3939341036-3401883774-1001\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-1235237089-3939341036-3401883774-1001\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKU\S-1-5-21-1235237089-3939341036-3401883774-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1235237089-3939341036-3401883774-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8080
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\bluejeans.com/bjninstallplugin: C:\Users\Elizabeth\AppData\Roaming\Blue Jeans\bjnplugin\2.4.143.8\npbjninstallplugin_2.4.143.8.dll (Blue Jeans)
FF - HKCU\Software\MozillaPlugins\bluejeans.com/bjnplugin: C:\Users\Elizabeth\AppData\Roaming\Blue Jeans\bjnplugin\2.4.143.8\npbjnplugin_2.4.143.8.dll (Blue Jeans)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{302BCF7B-E09E-4854-9F2F-8B2DA4EF70F9}: C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin [2013/07/26 00:37:13 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Lucidchart Diagrams - Desktop = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj\1.87_0\
CHR - Extension: Springpad = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla\6_0\
CHR - Extension: Folders = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfneimmafjbamgcijncgicpphapfmpgl\1.0_0\
CHR - Extension: Pin It Button = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_0\
CHR - Extension: Rapportive = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin\1.4.1_0\
CHR - Extension: Feedly - News, Blogs and Youtube = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.2_0\
CHR - Extension: Google Keep = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14125.1342_0\
CHR - Extension: TOSHIBA Fingerprint Utility Automatic Password Input = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniieblifogecdlkejbmonblijmdaiog\2.0.0_0\
CHR - Extension: Dashlane = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmpplnklgealmmnncbdpehifojcfomaf\1_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0\
CHR - Extension: Connectifier = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbbpjgnlpelaafnnigciegfpelchjldl\0.6.3_0\
CHR - Extension: Scraper = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd\1.6_0\
CHR - Extension: Dashlane = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd\2.4.0.57919_0\
CHR - Extension: Google Wallet = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Context Menu Search = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga\2.92_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.1.1_0\
CHR - Extension: Gmail = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Reditr - The Best Reddit Client = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmfcbbijgnhoebddbjpmlikabnbnddgb\0.3.2.2_0\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (MaxIESmartTag) - {d483691a-1020-47ee-b5de-05a7179d71b1} - c:\Program Files (x86)\AltiGen\Shared Files\Plugins\SmartTag\IE\adxloader64.dll ()
O2 - BHO: (TOSHIBA Fingerprint Utility Automatic Password Input) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBankBHO.dll (TOSHIBA)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MaxIESmartTag) - {d483691a-1020-47ee-b5de-05a7179d71b1} - c:\Program Files (x86)\AltiGen\Shared Files\Plugins\SmartTag\IE\adxloader.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [BatteryManager] C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SRS Premium Sound 3D] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBank.exe (TOSHIBA)
O4:64bit: - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe (TOSHIBA)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe (ThreatTrack Security, Inc.)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\Toshiba\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1235237089-3939341036-3401883774-1001..\Run: [Dashlane] C:\Users\Elizabeth\AppData\Roaming\Dashlane\Dashlane.exe ()
O4 - HKU\S-1-5-21-1235237089-3939341036-3401883774-1001..\Run: [GoogleChromeAutoLaunch_BC42A7D22EA4C9EEEC843EF2870E3FB5] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Users\Elizabeth\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LocalAccountTokenFilterPolicy = 1
O8:64bit: - Extra context menu item: Clip Image - C:\Users\Elizabeth\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Users\Elizabeth\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Users\Elizabeth\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Users\Elizabeth\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: New Note - C:\Users\Elizabeth\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Clip Image - C:\Users\Elizabeth\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Users\Elizabeth\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Users\Elizabeth\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Users\Elizabeth\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: New Note - C:\Users\Elizabeth\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F9FB63E-9CA2-4956-9EFA-25801F8E7CD9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/01 16:00:31 | 000,000,000 | ---D | M] - C:\AUTOUPGRADETEMP -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/27 14:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegexMagic
[2014/03/27 14:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Just Great Software
[2014/03/27 13:17:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Elizabeth\Desktop\OTL.scr
[2014/03/27 13:10:03 | 003,592,848 | ---- | C] (AVAST Software) -- C:\Users\Elizabeth\Desktop\aswMBR.exe
[2014/03/26 20:28:05 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\Microsoft Help
[2014/03/26 01:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\GorillaPrice
[2014/03/26 01:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GorillaPrice
[2014/03/26 01:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDownloaderManager
[2014/03/24 08:13:18 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\Blue Jeans
[2014/03/23 19:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2014/03/23 19:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2014/03/23 19:06:31 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\Skype
[2014/03/23 18:54:20 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\Adobe
[2014/03/15 02:52:22 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2014/03/15 02:38:19 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\CrashDumps
[2014/03/15 02:37:21 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\Diagnostics
[2014/03/12 21:51:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/03/12 21:51:56 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/03/12 21:51:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/03/12 21:51:55 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/03/12 21:51:55 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/03/12 21:51:55 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/03/12 21:51:55 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/03/12 21:51:55 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/03/12 21:51:55 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/03/12 21:51:54 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/03/12 21:51:54 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/03/12 21:51:54 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/03/12 21:51:53 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/03/12 21:51:53 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/03/12 21:51:53 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/03/12 21:51:53 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/03/12 21:51:53 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/03/12 21:51:53 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/03/12 21:51:52 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/03/12 21:51:52 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/03/12 21:51:52 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/03/12 21:51:52 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/03/12 21:51:52 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/03/12 21:51:51 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/03/12 21:50:29 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wer.dll
[2014/03/12 21:50:29 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wer.dll
[2014/03/12 21:50:13 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2014/03/12 21:50:13 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2014/03/12 21:50:13 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2014/03/11 20:35:39 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\Evernote
[2014/03/11 20:35:09 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evernote
[2014/03/11 20:34:48 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\Apps
[2014/03/11 18:33:59 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/03/11 11:35:33 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\Documents\Custom Office Templates
[2014/03/11 10:26:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2014/03/11 10:26:22 | 000,000,000 | R--D | C] -- C:\Users\Elizabeth\SkyDrive
[2014/03/11 10:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2014/03/11 10:25:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/03/11 10:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014/03/11 10:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2014/03/10 15:27:05 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
[2014/03/10 15:25:16 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\Packages
[2014/03/10 15:25:16 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\Dashlane
[2014/03/10 14:13:46 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[2014/03/10 14:12:02 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\Google
[2014/03/09 04:01:13 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/03/07 16:06:27 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmploc.DLL
[2014/03/07 16:06:27 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmploc.DLL
[2014/03/07 16:06:27 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
[2014/03/07 16:06:26 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll
[2014/03/07 16:04:18 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEUDINIT.EXE
[2014/03/07 16:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/03/07 16:01:44 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2014/03/07 16:01:34 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014/03/07 16:01:34 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014/03/07 16:01:34 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2014/03/07 16:01:34 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2014/03/07 16:01:34 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2014/03/07 16:01:34 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2014/03/07 16:01:34 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2014/03/07 16:01:34 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2014/03/07 16:01:34 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/03/07 16:01:34 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2014/03/07 16:01:34 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2014/03/07 16:01:34 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/03/07 16:01:34 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2014/03/07 16:01:34 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2014/03/07 16:01:34 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2014/03/07 16:01:34 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2014/03/07 16:01:34 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2014/03/07 16:01:34 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2014/03/07 16:01:34 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2014/03/07 16:01:34 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2014/03/07 16:01:34 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2014/03/07 16:01:34 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2014/03/07 16:01:34 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2014/03/07 16:01:34 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2014/03/07 16:01:34 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2014/03/07 16:01:34 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2014/03/07 16:01:34 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2014/03/07 16:01:34 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2014/03/07 16:01:34 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2014/03/07 16:01:34 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2014/03/07 16:01:34 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2014/03/07 16:01:34 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/03/07 16:01:34 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014/03/07 16:01:34 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2014/03/07 16:01:34 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2014/03/07 16:01:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2014/03/07 16:01:34 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2014/03/07 16:01:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2014/03/07 16:01:34 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/03/07 16:01:34 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2014/03/07 16:01:34 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2014/03/07 16:01:34 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2014/03/07 16:01:34 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014/03/07 16:01:34 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2014/03/07 16:01:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2014/03/07 16:01:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2014/03/07 16:01:34 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2014/03/07 16:01:34 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/03/07 16:01:34 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/03/07 16:01:34 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2014/03/07 16:01:34 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2014/03/07 16:01:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2014/03/07 16:01:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2014/03/07 16:01:34 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2014/03/07 15:30:48 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\Documents\Add-in Express
[2014/03/07 15:30:47 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\AltiGen
[2014/03/07 15:28:21 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\Documents\Bluetooth
[2014/03/07 15:28:11 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\SRS Labs
[2014/03/07 15:28:04 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\GFI Software
[2014/03/07 15:28:03 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\TFPU
[2014/03/07 15:28:02 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\TOSHIBA
[2014/03/07 15:27:56 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\Adobe
[2014/03/07 15:27:54 | 000,000,000 | R--D | C] -- C:\Users\Elizabeth\Virtual Machines
[2014/03/07 15:27:54 | 000,000,000 | R--D | C] -- C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/03/07 15:27:54 | 000,000,000 | R--D | C] -- C:\Users\Elizabeth\Searches
[2014/03/07 15:27:54 | 000,000,000 | R--D | C] -- C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/03/07 15:27:54 | 000,000,000 | -H-D | C] -- C:\Users\Elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/03/07 15:27:47 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\Identities
[2014/03/07 15:27:43 | 000,000,000 | R--D | C] -- C:\Users\Elizabeth\Contacts
[2014/03/07 15:27:42 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\VirtualStore
[2014/03/07 15:27:40 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\Intel
[2014/03/07 15:27:39 | 000,000,000 | --SD | C] -- C:\Users\Elizabeth\AppData\Roaming\Microsoft
[2014/03/07 15:27:39 | 000,000,000 | R--D | C] -- C:\Users\Elizabeth\Videos
[2014/03/07 15:27:39 | 000,000,000 | R--D | C] -- C:\Users\Elizabeth\Saved Games
[2014/03/07 15:27:39 | 000,000,000 | R--D | C] -- C:\Users\Elizabeth\Pictures
[2014/03/07 15:27:39 | 000,000,000 | R--D | C] -- C:\Users\Elizabeth\Music
[2014/03/07 15:27:39 | 000,000,000 | R--D | C] -- C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/03/07 15:27:39 | 000,000,000 | R--D | C] -- C:\Users\Elizabeth\Links
[2014/03/07 15:27:39 | 000,000,000 | R--D | C] -- C:\Users\Elizabeth\Favorites
[2014/03/07 15:27:39 | 000,000,000 | R--D | C] -- C:\Users\Elizabeth\Downloads
[2014/03/07 15:27:39 | 000,000,000 | R--D | C] -- C:\Users\Elizabeth\Documents
[2014/03/07 15:27:39 | 000,000,000 | R--D | C] -- C:\Users\Elizabeth\Desktop
[2014/03/07 15:27:39 | 000,000,000 | R--D | C] -- C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/03/07 15:27:39 | 000,000,000 | -HSD | C] -- C:\Users\Elizabeth\AppData\Local\Temporary Internet Files
[2014/03/07 15:27:39 | 000,000,000 | -HSD | C] -- C:\Users\Elizabeth\Templates
[2014/03/07 15:27:39 | 000,000,000 | -HSD | C] -- C:\Users\Elizabeth\Start Menu
[2014/03/07 15:27:39 | 000,000,000 | -HSD | C] -- C:\Users\Elizabeth\SendTo
[2014/03/07 15:27:39 | 000,000,000 | -HSD | C] -- C:\Users\Elizabeth\Recent
[2014/03/07 15:27:39 | 000,000,000 | -HSD | C] -- C:\Users\Elizabeth\PrintHood
[2014/03/07 15:27:39 | 000,000,000 | -HSD | C] -- C:\Users\Elizabeth\NetHood
[2014/03/07 15:27:39 | 000,000,000 | -HSD | C] -- C:\Users\Elizabeth\Documents\My Videos
[2014/03/07 15:27:39 | 000,000,000 | -HSD | C] -- C:\Users\Elizabeth\Documents\My Pictures
[2014/03/07 15:27:39 | 000,000,000 | -HSD | C] -- C:\Users\Elizabeth\Documents\My Music
[2014/03/07 15:27:39 | 000,000,000 | -HSD | C] -- C:\Users\Elizabeth\My Documents
[2014/03/07 15:27:39 | 000,000,000 | -HSD | C] -- C:\Users\Elizabeth\Local Settings
[2014/03/07 15:27:39 | 000,000,000 | -HSD | C] -- C:\Users\Elizabeth\AppData\Local\History
[2014/03/07 15:27:39 | 000,000,000 | -HSD | C] -- C:\Users\Elizabeth\Cookies
[2014/03/07 15:27:39 | 000,000,000 | -HSD | C] -- C:\Users\Elizabeth\Application Data
[2014/03/07 15:27:39 | 000,000,000 | -HSD | C] -- C:\Users\Elizabeth\AppData\Local\Application Data
[2014/03/07 15:27:39 | 000,000,000 | -H-D | C] -- C:\Users\Elizabeth\AppData
[2014/03/07 15:27:39 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\Temp
[2014/03/07 15:27:39 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\Roaming
[2014/03/07 15:27:39 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\Microsoft
[2014/03/07 15:27:39 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\Media Center Programs
[2014/03/07 15:27:39 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\Macromedia
[2014/03/07 13:43:17 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msieftp.dll
[2014/03/07 13:43:17 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msieftp.dll
[2014/03/07 13:42:41 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2014/03/07 13:42:41 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2014/03/07 13:42:39 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2014/03/07 13:42:37 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2014/03/07 13:42:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2014/03/07 13:42:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2014/03/07 13:41:43 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys
[2014/03/07 13:41:43 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\drmk.sys
[2014/03/07 13:41:41 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2014/03/07 13:41:41 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2014/03/07 13:41:41 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\credui.dll
[2014/03/07 13:41:41 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SmartcardCredentialProvider.dll
[2014/03/07 13:41:41 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SmartcardCredentialProvider.dll
[2014/03/07 13:41:34 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2014/03/07 13:41:34 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2014/03/07 13:41:33 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2014/03/07 13:41:33 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2014/03/07 13:41:33 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2014/03/07 13:41:31 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate_isv.exe
[2014/03/07 13:41:31 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate.exe
[2014/03/07 13:41:31 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate_isv.exe
[2014/03/07 13:41:31 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate.exe
[2014/03/07 13:41:31 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate_ssp.exe
[2014/03/07 13:41:31 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate_ssp_isv.exe
[2014/03/07 13:41:31 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msdrm.dll
[2014/03/07 13:41:31 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate_ssp.exe
[2014/03/07 13:41:31 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate_ssp_isv.exe
[2014/03/07 13:41:31 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc.dll
[2014/03/07 13:41:31 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc_isv.dll
[2014/03/07 13:41:31 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc_isv.dll
[2014/03/07 13:41:30 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc.dll
[2014/03/07 13:41:30 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc_ssp_isv.dll
[2014/03/07 13:41:30 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc_ssp.dll
[2014/03/07 13:41:30 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc_ssp_isv.dll
[2014/03/07 13:41:30 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc_ssp.dll
[2014/03/07 13:41:17 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys
[2014/03/07 13:41:17 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys
[2014/03/07 13:41:16 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2014/03/07 13:41:16 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2014/03/07 13:41:01 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2014/03/07 13:40:59 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scrrun.dll
[2014/03/07 13:40:59 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\scrrun.dll
[2014/03/07 13:40:59 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscript.exe
[2014/03/07 13:40:59 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wshom.ocx
[2014/03/07 13:40:59 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cscript.exe
[2014/03/07 13:40:59 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wshom.ocx
[2014/03/07 13:40:31 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2014/03/07 13:40:31 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2014/03/07 13:40:31 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2014/03/07 13:40:31 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2014/03/07 13:32:36 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/27 17:05:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\DCAgentUpdater.job
[2014/03/27 16:43:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/03/27 16:36:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/27 15:24:40 | 000,000,495 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2014/03/27 14:55:25 | 000,001,417 | ---- | M] () -- C:\Users\Public\Desktop\RegexMagic.lnk
[2014/03/27 13:19:32 | 000,027,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/27 13:19:32 | 000,027,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/27 13:17:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elizabeth\Desktop\OTL.scr
[2014/03/27 13:15:08 | 001,874,448 | ---- | M] () -- C:\Users\Elizabeth\Desktop\tdsskiller.exe
[2014/03/27 13:10:11 | 003,592,848 | ---- | M] (AVAST Software) -- C:\Users\Elizabeth\Desktop\aswMBR.exe
[2014/03/27 12:38:56 | 000,002,226 | -H-- | M] () -- C:\Users\Elizabeth\Documents\Default.rdp
[2014/03/27 12:36:01 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/27 11:01:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/03/27 08:26:12 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/03/27 08:26:12 | 000,625,770 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/03/27 08:26:12 | 000,107,104 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/03/27 08:20:11 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/03/27 08:19:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/03/27 08:19:11 | 449,871,754 | ---- | M] () -- C:\windows\MEMORY.DMP
[2014/03/27 08:19:10 | 3137,994,752 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/26 08:56:29 | 000,694,168 | ---- | M] () -- C:\Users\Elizabeth\Desktop\AdwCleaner.exe
[2014/03/26 07:16:44 | 000,001,422 | ---- | M] () -- C:\Users\Elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/23 19:06:28 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/15 08:38:39 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/13 03:18:47 | 000,437,568 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/03/12 02:21:22 | 000,317,362 | ---- | M] () -- C:\Users\Elizabeth\Desktop\Deep Web Research and Resources 2014.pdf
[2014/03/12 00:09:29 | 004,581,525 | ---- | M] () -- C:\Users\Elizabeth\Desktop\Searcher-Magazine---December-2012.pdf
[2014/03/11 23:27:54 | 000,594,839 | ---- | M] () -- C:\Users\Elizabeth\Desktop\The-Information-Advisors-Guide-to-Internet-Research.pdf
[2014/03/11 22:17:25 | 000,350,126 | ---- | M] () -- C:\Users\Elizabeth\Desktop\American Fact Finder from Online.pdf
[2014/03/11 20:36:06 | 000,001,208 | ---- | M] () -- C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2014/03/11 20:34:38 | 000,001,230 | ---- | M] () -- C:\Users\Elizabeth\Desktop\Evernote.lnk
[2014/03/11 18:33:59 | 000,002,314 | ---- | M] () -- C:\Users\Elizabeth\Desktop\Chrome App Launcher.lnk
[2014/03/10 15:27:05 | 000,002,008 | ---- | M] () -- C:\Users\Elizabeth\Desktop\Dashlane.lnk
[2014/03/10 14:12:09 | 000,002,294 | ---- | M] () -- C:\Users\Elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/10 13:59:52 | 000,005,684 | ---- | M] () -- C:\Users\Elizabeth\Desktop\1 - Morgan Samuels RDP - Shortcut.lnk
[2014/03/07 16:01:44 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2014/03/07 16:01:34 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014/03/07 16:01:34 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014/03/07 16:01:34 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2014/03/07 16:01:34 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2014/03/07 16:01:34 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2014/03/07 16:01:34 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2014/03/07 16:01:34 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2014/03/07 16:01:34 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2014/03/07 16:01:34 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/03/07 16:01:34 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2014/03/07 16:01:34 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2014/03/07 16:01:34 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/03/07 16:01:34 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2014/03/07 16:01:34 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2014/03/07 16:01:34 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2014/03/07 16:01:34 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2014/03/07 16:01:34 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2014/03/07 16:01:34 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2014/03/07 16:01:34 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2014/03/07 16:01:34 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2014/03/07 16:01:34 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2014/03/07 16:01:34 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2014/03/07 16:01:34 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2014/03/07 16:01:34 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2014/03/07 16:01:34 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2014/03/07 16:01:34 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2014/03/07 16:01:34 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2014/03/07 16:01:34 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2014/03/07 16:01:34 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2014/03/07 16:01:34 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2014/03/07 16:01:34 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2014/03/07 16:01:34 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/03/07 16:01:34 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014/03/07 16:01:34 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2014/03/07 16:01:34 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2014/03/07 16:01:34 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2014/03/07 16:01:34 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2014/03/07 16:01:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2014/03/07 16:01:34 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/03/07 16:01:34 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2014/03/07 16:01:34 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2014/03/07 16:01:34 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2014/03/07 16:01:34 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014/03/07 16:01:34 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2014/03/07 16:01:34 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2014/03/07 16:01:34 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2014/03/07 16:01:34 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2014/03/07 16:01:34 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/03/07 16:01:34 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/03/07 16:01:34 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2014/03/07 16:01:34 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2014/03/07 16:01:34 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2014/03/07 16:01:34 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2014/03/07 16:01:34 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2014/03/07 16:01:34 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2014/03/07 16:01:34 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2014/03/07 15:29:45 | 000,001,772 | ---- | M] () -- C:\Users\Elizabeth\Desktop\2 - Morgan Samuels RDP - Shortcut.lnk
[2014/03/07 15:29:12 | 000,002,262 | ---- | M] () -- C:\Users\Public\Documents\2 - Morgan Samuels RDP.RDP
[2014/03/07 15:29:12 | 000,002,262 | ---- | M] () -- C:\Users\Elizabeth\Documents\1 - Morgan Samuels RDP.RDP
[2014/03/07 15:28:19 | 000,000,956 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2014/02/28 22:16:26 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/02/28 21:52:55 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/02/28 21:51:59 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/02/28 21:40:43 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/02/28 21:37:12 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/02/28 21:33:52 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/02/28 21:32:59 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/02/28 21:23:49 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/02/28 21:17:43 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/02/28 21:02:07 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/02/28 20:54:33 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/02/28 20:52:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/02/28 20:51:53 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/02/28 20:43:28 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/02/28 20:42:12 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/02/28 20:40:17 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/02/28 20:38:26 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/02/28 20:37:35 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/02/28 20:35:11 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/02/28 20:16:09 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/02/28 20:00:08 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/02/28 19:25:42 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/02/28 19:25:22 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
 
========== Files Created - No Company Name ==========
 
[2014/03/27 14:55:25 | 000,001,417 | ---- | C] () -- C:\Users\Public\Desktop\RegexMagic.lnk
[2014/03/27 13:15:02 | 001,874,448 | ---- | C] () -- C:\Users\Elizabeth\Desktop\tdsskiller.exe
[2014/03/26 08:56:23 | 000,694,168 | ---- | C] () -- C:\Users\Elizabeth\Desktop\AdwCleaner.exe
[2014/03/26 07:16:44 | 000,001,422 | ---- | C] () -- C:\Users\Elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/15 02:52:18 | 449,871,754 | ---- | C] () -- C:\windows\MEMORY.DMP
[2014/03/12 02:21:11 | 000,317,362 | ---- | C] () -- C:\Users\Elizabeth\Desktop\Deep Web Research and Resources 2014.pdf
[2014/03/12 00:09:25 | 004,581,525 | ---- | C] () -- C:\Users\Elizabeth\Desktop\Searcher-Magazine---December-2012.pdf
[2014/03/11 23:27:53 | 000,594,839 | ---- | C] () -- C:\Users\Elizabeth\Desktop\The-Information-Advisors-Guide-to-Internet-Research.pdf
[2014/03/11 22:17:24 | 000,350,126 | ---- | C] () -- C:\Users\Elizabeth\Desktop\American Fact Finder from Online.pdf
[2014/03/11 20:36:06 | 000,001,208 | ---- | C] () -- C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2014/03/11 20:34:38 | 000,001,230 | ---- | C] () -- C:\Users\Elizabeth\Desktop\Evernote.lnk
[2014/03/11 18:33:59 | 000,002,314 | ---- | C] () -- C:\Users\Elizabeth\Desktop\Chrome App Launcher.lnk
[2014/03/11 10:26:20 | 000,002,145 | ---- | C] () -- C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2014/03/10 15:27:05 | 000,002,008 | ---- | C] () -- C:\Users\Elizabeth\Desktop\Dashlane.lnk
[2014/03/07 16:01:34 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2014/03/07 16:01:34 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2014/03/07 15:29:45 | 000,001,772 | ---- | C] () -- C:\Users\Elizabeth\Desktop\2 - Morgan Samuels RDP - Shortcut.lnk
[2014/03/07 15:29:29 | 000,002,262 | ---- | C] () -- C:\Users\Elizabeth\Documents\1 - Morgan Samuels RDP.RDP
[2014/03/07 15:29:27 | 000,005,684 | ---- | C] () -- C:\Users\Elizabeth\Desktop\1 - Morgan Samuels RDP - Shortcut.lnk
[2014/03/07 15:28:40 | 000,002,226 | -H-- | C] () -- C:\Users\Elizabeth\Documents\Default.rdp
[2014/03/07 15:27:56 | 000,001,428 | ---- | C] () -- C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/03/07 15:27:55 | 000,002,294 | ---- | C] () -- C:\Users\Elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/07 15:27:39 | 000,000,290 | ---- | C] () -- C:\Users\Elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/03/07 15:27:39 | 000,000,272 | ---- | C] () -- C:\Users\Elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/07/26 00:48:44 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2012/12/06 20:17:08 | 000,841,864 | ---- | C] () -- C:\windows\SysWow64\dclibxml2.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/09/01 16:00:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AltiGen
[2013/09/01 16:36:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GFI Software
[2014/03/23 18:39:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mikogo 4
[2013/08/31 19:40:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TFPU
[2013/08/31 19:40:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Toshiba
[2013/09/01 16:36:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinBatch
[2014/03/07 15:30:47 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\AltiGen
[2014/03/24 08:13:18 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Blue Jeans
[2014/03/10 15:27:13 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Dashlane
[2014/03/07 15:28:04 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\GFI Software
[2014/03/10 13:29:58 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\TFPU
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009/07/13 18:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 22:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 20:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 20:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 15:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 22:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 21:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 20:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 20:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 20:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 10:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 04:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/10 23:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 20:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 20:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 18:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 20:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 20:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 20:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 20:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 20:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 20:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 22:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 20:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 20:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 20:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 20:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 20:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 20:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 20:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 20:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 20:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 15:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 20:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 20:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< c:\program files (x86)\Google\Desktop >
[2009/07/13 22:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009/07/13 22:08:49 | 000,018,954 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2013/01/22 20:15:10 | 000,000,830 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2013/07/25 23:58:06 | 000,000,830 | ---- | C] () -- C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013/07/25 23:58:07 | 000,000,828 | ---- | C] () -- C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013/09/01 15:15:22 | 000,000,908 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/09/01 15:15:23 | 000,000,912 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/09/01 16:05:13 | 000,000,416 | ---- | C] () -- C:\windows\Tasks\DCAgentUpdater.job
 
< c:\program files\Google\Desktop >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is TI10661700B
 Volume Serial Number is A472-BE25
 Directory of C:\
07/13/2009  10:08 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/13/2009  10:08 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator
08/31/2013  07:38 PM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Roaming]
08/31/2013  07:38 PM    <JUNCTION>     Cookies [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies]
08/31/2013  07:38 PM    <JUNCTION>     Local Settings [C:\Users\Administrator\AppData\Local]
08/31/2013  07:38 PM    <JUNCTION>     My Documents [C:\Users\Administrator\Documents]
08/31/2013  07:38 PM    <JUNCTION>     NetHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/31/2013  07:38 PM    <JUNCTION>     PrintHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/31/2013  07:38 PM    <JUNCTION>     Recent [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent]
08/31/2013  07:38 PM    <JUNCTION>     SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
08/31/2013  07:38 PM    <JUNCTION>     Start Menu [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
08/31/2013  07:38 PM    <JUNCTION>     Templates [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local
08/31/2013  07:38 PM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
08/31/2013  07:38 PM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
08/31/2013  07:38 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Documents
08/31/2013  07:38 PM    <JUNCTION>     My Music [C:\Users\Administrator\Music]
08/31/2013  07:38 PM    <JUNCTION>     My Pictures [C:\Users\Administrator\Pictures]
08/31/2013  07:38 PM    <JUNCTION>     My Videos [C:\Users\Administrator\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009  10:08 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009  10:08 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/13/2009  10:08 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/13/2009  10:08 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009  10:08 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009  10:08 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009  10:08 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/13/2009  10:08 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009  10:08 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/13/2009  10:08 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/13/2009  10:08 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/13/2009  10:08 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Elizabeth
03/07/2014  03:27 PM    <JUNCTION>     Application Data [C:\Users\Elizabeth\AppData\Roaming]
03/07/2014  03:27 PM    <JUNCTION>     Cookies [C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Cookies]
03/07/2014  03:27 PM    <JUNCTION>     Local Settings [C:\Users\Elizabeth\AppData\Local]
03/07/2014  03:27 PM    <JUNCTION>     My Documents [C:\Users\Elizabeth\Documents]
03/07/2014  03:27 PM    <JUNCTION>     NetHood [C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/07/2014  03:27 PM    <JUNCTION>     PrintHood [C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/07/2014  03:27 PM    <JUNCTION>     Recent [C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Recent]
03/07/2014  03:27 PM    <JUNCTION>     SendTo [C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\SendTo]
03/07/2014  03:27 PM    <JUNCTION>     Start Menu [C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu]
03/07/2014  03:27 PM    <JUNCTION>     Templates [C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Elizabeth\AppData\Local
03/07/2014  03:27 PM    <JUNCTION>     Application Data [C:\Users\Elizabeth\AppData\Local]
03/07/2014  03:27 PM    <JUNCTION>     History [C:\Users\Elizabeth\AppData\Local\Microsoft\Windows\History]
03/07/2014  03:27 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Elizabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Elizabeth\Documents
03/07/2014  03:27 PM    <JUNCTION>     My Music [C:\Users\Elizabeth\Music]
03/07/2014  03:27 PM    <JUNCTION>     My Pictures [C:\Users\Elizabeth\Pictures]
03/07/2014  03:27 PM    <JUNCTION>     My Videos [C:\Users\Elizabeth\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/13/2009  10:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/13/2009  10:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/13/2009  10:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              66 Dir(s)  263,268,532,224 bytes free
 
< MD5 for: RPCSS.DLL  >
[2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\windows\SysNative\rpcss.dll
[2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
 
< End of report >

  • 0

#6
ebelow

ebelow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

And here's extras.txt:

 

OTL Extras logfile created on: 3/27/2014 5:20:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Elizabeth\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.90 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 57.57% Memory free
7.79 Gb Paging File | 4.60 Gb Available in Paging File | 59.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.10 Gb Total Space | 245.23 Gb Free Space | 85.72% Space Free | Partition Type: NTFS
 
Computer Name: L0234 | User Name: Elizabeth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1235237089-3939341036-3401883774-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045A3138-9189-4615-AF7D-9AF09474A507}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
"{04FA3B94-251B-4C93-8DC3-923AE0E3ACAE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{0F49DF75-0C5C-4F7C-924E-81F93ABFD884}" = lport=139 | protocol=6 | dir=in | app=system | 
"{15DE4664-0226-42F1-B827-31393CCCFE86}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{23CD5745-00ED-4EE6-8B4F-750692E03BCF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2DB880B5-5180-429B-A87B-6B7BD46E0A5C}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{2E2AF5DF-6E58-4EEF-B9CC-ACC5CEB235A4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2F1B80BC-F9A8-4F09-B502-BB39EA3D30CD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{30D7DDFF-BE1B-458D-8EED-52F0FE45B8CF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{33B537AE-3128-4201-94ED-3A555F44591E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3BFB5B4A-8200-4BDB-AC2E-8A900B51E153}" = lport=445 | protocol=6 | dir=in | app=system | 
"{47B56449-556A-4A4B-9FFC-F24C186D643A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{62DED462-3CF2-4D19-82DD-D6E8C0CB7E42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{660292AF-AFB5-4C34-AD7D-75C287F4F04E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6EA7B3A5-23E4-4162-B02B-EAC19CC5B43C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{745EF8DC-E451-4145-B16E-414124F733C6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7AEF7B8D-74EE-43A7-8374-CA22E8F3C0F1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7AF80337-FE1D-4DAC-B53F-E3B491698823}" = rport=138 | protocol=17 | dir=out | app=system | 
"{819792D4-5D42-4DB6-B7D9-149AB5DEE6B2}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{8522EE27-E31F-4F44-A166-3A651D68C71F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8AE649CC-7133-47B0-B924-10B65489E42C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{91DA3AF7-140C-41D0-9AF8-E7904B8B5DCF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{96EC835F-4927-44B3-AFE9-D2B9ED9C6F15}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9700AAB5-D1B0-4436-8EC9-47680FD5328F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | 
"{A0B5AD29-E408-4DA1-9BE1-4FDD2F09AF66}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A2CEDE17-9C6B-4CEF-8178-C824CA11E1AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A91E818D-DD68-4D6A-8F65-2DFEB91F872F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AA5238CA-C822-4A54-B6AC-BE99ED8D167A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B74080CC-FD25-48AA-BF16-A018A31CA2E8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BD5CEA35-E9A7-40E1-8EFB-D8B066615D4D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C1AF8B4B-A674-48EA-88A4-2F729C025F01}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C6611D7E-2AD0-4F89-8923-1D2F9719B43F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CF38C45D-59AD-403A-BDE4-8F284EDAC40E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) | 
"{D2C616D8-1A89-4FA8-A5E1-F8EFBC32C90C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E719545D-31BE-427A-81D2-BD5CDE3D2A07}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{ECF1AC2A-F0C7-4B2F-829E-4EF5265091F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{EF868D6B-D4DD-4B50-8989-0594E31F66B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F0CE2C60-FD46-45A8-97F0-F661A7673155}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F72868D0-803D-42E5-BB55-1D80EC223F9E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F8E041B5-07DD-48E2-A720-2B9B081CDECE}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02701A11-94B4-41E6-A1DD-2EF7CAA2EEEA}" = dir=in | app=c:\program files (x86)\altigen\jlib15\jre\bin\java.exe | 
"{02BD17B7-4F61-49D4-8F40-F382ADB84A4C}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) | 
"{09E22032-F4A9-4C2E-A998-6E860E9A6486}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) | 
"{0CD53C78-9B9D-4041-A1E4-02DD4175B7E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1272D83E-7DCC-431C-8983-9B467E92794A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{128710AF-986D-4402-A680-338BF7C6CFFB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2B597FFE-0CD2-420E-8781-A2D26EAADD1E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2F09DFFA-725F-48EE-BFAE-6F3E5437D08E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4167D733-DE71-48EB-918F-E9CC4F408EAB}" = protocol=58 | dir=in | [email protected],-148 | 
"{446A7780-518C-4033-BFF4-37FA582FEF8A}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe | 
"{4501ACFE-19F7-45F1-9C1B-7115E3EB37C3}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{575699B4-A00C-42D3-8940-1692187763F7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5900DD59-9C66-4879-BA20-6DA1809005F6}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\deployment\microinstaller.exe | 
"{61A9BCF1-7E28-403C-8C0B-C90339B61AEF}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe | 
"{65B74BA0-4E82-4457-AB93-B44EC972C0DA}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe | 
"{685E6693-58F6-4750-B62E-5FD46AF821D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6E703140-AF4B-458E-BEAF-DA666B9059D5}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) | 
"{72C8FD12-7E7E-45D9-9B26-DAE839F8D7F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{79E091A7-92E5-421B-A87E-D3415CFCBA1D}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe | 
"{8F118A3E-74F4-4291-840C-7C84FAFC33BF}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\deployment\microinstaller.exe | 
"{90EBACD5-239C-46BA-B90F-1D873B8686A2}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe | 
"{A3DC372E-0A85-4F02-84E5-6D05AF8BD421}" = dir=in | app=c:\program files (x86)\altigen\jlib15\jre\bin\javaw.exe | 
"{A573AB41-B4FF-4D6B-879D-EE05DA74857A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A869D7B4-F8E1-424D-9A16-79CAEDD871EF}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) | 
"{AB0E0DF0-B6CD-413C-8A34-EB84D733FD90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ABA2E20E-695A-443F-8A55-85C6746ECDE9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AC1B17DF-F7A8-4DE7-B527-A48B167646D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B7FE9CAE-1C67-4411-8200-938E5D0DC942}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\deployment\microinstaller.exe | 
"{BE305C91-55DE-4610-98BA-39F795225748}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BFF7CA02-7D15-49ED-99A4-E379FA1FA6EF}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\deployment\microinstaller.exe | 
"{C25AE747-EA1F-428B-99E6-A3E77748E2D2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C7D14E21-1B72-4A66-8045-FE3D127CBF48}" = protocol=6 | dir=out | app=system | 
"{D012C7EB-7FE9-4D83-9EC2-CC44DD762B56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D01FEFE6-C3F4-4387-AE74-4929241B5275}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\deployment\microinstaller.exe | 
"{D32BEF11-C349-4BE4-8850-BB12357C5140}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\deployment\microinstaller.exe | 
"{D4E6B055-05E9-4900-9B59-6A000CD3DF04}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D7A3C10F-038A-48A2-AD6E-9D8579DCCB19}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe | 
"{E122BB6C-6895-49B3-BBF1-452AD490FF75}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe | 
"{FD636520-2BC2-4C50-A32A-45D092065B1D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{FE828334-DD00-4B51-9EE4-3723A88C1524}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{1E904E33-1E95-4CE5-8A9B-5D2E931A735B}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"TCP Query User{D4DBA720-429C-46FE-9AE3-AB7CC87D64A4}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"TCP Query User{E65CAF4B-1661-4FCA-987E-D3C41B923B4F}C:\program files (x86)\altigen\maxcommunicator\maxcommunicator.exe" = protocol=6 | dir=in | app=c:\program files (x86)\altigen\maxcommunicator\maxcommunicator.exe | 
"UDP Query User{394802BF-F383-4932-8F89-0CD4DE859A94}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"UDP Query User{51427D60-6E1A-4BF6-803C-C9FAF6834BA7}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"UDP Query User{BDB8F7CC-C1B5-4940-A0D2-7DD043B9BA8D}C:\program files (x86)\altigen\maxcommunicator\maxcommunicator.exe" = protocol=17 | dir=in | app=c:\program files (x86)\altigen\maxcommunicator\maxcommunicator.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}" = SRS Premium Sound Control Panel
"{3CEE4431-D0DA-49AA-A78D-5D3B559446DF}" = AuthenTec WinBio FingerPrint Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{62BBF381-D208-4EF0-B502-6CB6E5B9A161}" = TOSHIBA Fingerprint Utility
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E2D0B67F-8032-4E11-87C6-C8C721D331B3}" = Intel® PROSet/Wireless WiFi Software
"{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}" = TOSHIBA eco Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"O365HomePremRetail - en-us" = Microsoft Office 365 Home Premium - en-us
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{090931D6-A2F4-11E3-AD9C-00163E98E7D0}" = Evernote v. 5.2
"{1BFAE1CD-360A-4013-BDE6-DDE10FE8B5E8}" = bjnplugin
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{2C5F4884-62AB-4B32-ADB2-BD3D71760CD6}" = OutlookAccessAddInSetup
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{6AD2231F-FF48-4D59-AC26-405AFAE23DB7}" = ManageEngine Desktop Central 8 - Agent
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{8552FD97-5A8E-46F4-9AD8-72A275F1ACCB}" = Microsoft Unified Communications Client API SDK
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{A286F749-4EAA-4DC8-AA26-3FA777924AAD}" = MaxCommunicator 6.7
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = GFI Business Agent
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2E081ED-4FD6-43A5-B001-DC906E1C00AA}" = AltiGenJLIB
"{E10809C0-E65F-4493-A31B-3F86DB6E9E2A}" = GFI Business Agent
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EAF55C99-A493-4373-A8C5-09ACC5DCD7EF}" = TOSHIBA ConfigFree
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F078B3AF-1772-4AC4-9D92-03D9198BACF8}" = bjnplugin
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.15.17.02
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Google Chrome" = Google Chrome
"GorillaPrice" = GorillaPrice
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"RegexMagic" = RegexMagic DEMO 1.4.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1235237089-3939341036-3401883774-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dashlane" = Dashlane
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/7/2013 1:43:13 AM | Computer Name = L0234 | Source = WinMgmt | ID = 10
Description = 
 
Error - 11/7/2013 1:44:22 AM | Computer Name = L0234 | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 11/7/2013 1:44:22 AM | Computer Name = L0234 | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 11/20/2013 9:14:57 PM | Computer Name = L0234 | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/6/2014 5:27:38 PM | Computer Name = L0234 | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/7/2014 4:26:59 PM | Computer Name = L0234 | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/7/2014 5:23:08 PM | Computer Name = L0234 | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files (x86)\AltiGen\Shared
 Files\Plugins\SmartTag\adxloader.dll.Manifest".Error in manifest or policy file
 "C:\Program Files (x86)\AltiGen\Shared Files\Plugins\SmartTag\adxloader.dll.Manifest"
 on line 2.  The manifest file root element must be assembly.
 
Error - 3/7/2014 5:23:37 PM | Computer Name = L0234 | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files (x86)\AltiGen\Shared
 Files\Plugins\SmartTag\IE\adxloader.dll.Manifest".Error in manifest or policy file
 "C:\Program Files (x86)\AltiGen\Shared Files\Plugins\SmartTag\IE\adxloader.dll.Manifest"
 on line 2.  The manifest file root element must be assembly.
 
Error - 3/7/2014 6:31:07 PM | Computer Name = L0234 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\WinSxS\x86_microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_29a8a38855141f6e\MFC80D.DLL".
Dependent
 Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 3/7/2014 6:31:07 PM | Computer Name = L0234 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\windows\WinSxS\x86_microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_29a8a38855141f6e\MFC80D.DLL".
Dependent
 Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
[ System Events ]
Error - 10/26/2013 5:43:25 PM | Computer Name = L0234 | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
 
Error - 10/26/2013 5:43:31 PM | Computer Name = L0234 | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
 
Error - 10/26/2013 5:43:34 PM | Computer Name = L0234 | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
 
Error - 3/7/2014 7:22:34 PM | Computer Name = L0234 | Source = DCOM | ID = 10010
Description = 
 
Error - 3/7/2014 10:41:10 PM | Computer Name = L0234 | Source = DCOM | ID = 10010
Description = 
 
Error - 3/7/2014 10:41:18 PM | Computer Name = L0234 | Source = DCOM | ID = 10010
Description = 
 
Error - 3/7/2014 10:41:41 PM | Computer Name = L0234 | Source = DCOM | ID = 10010
Description = 
 
Error - 3/7/2014 10:39:39 PM | Computer Name = L0234 | Source = Service Control Manager | ID = 7023
Description = The Windows Time service terminated with the following error:   %%1115
 
Error - 3/7/2014 10:46:24 PM | Computer Name = L0234 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80242016: Security Update for Internet Explorer 10 for Windows 7 for
 x64-based Systems (KB2909210).
 
Error - 3/7/2014 10:46:24 PM | Computer Name = L0234 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for 
Windows 7 Service Pack 1 for x64-based Systems (KB2909921).
 
 
< End of report >
 

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of these two runs could you try a programme installation and let me know the result please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2014/03/25 03:21:46 | 000,631,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe -- (GorillaPrice)
SRV - [2013/11/05 07:01:58 | 000,070,144 | ---- | M] () [Auto | Running] -- C:\ProgramData\GorillaPrice\WatGorp.exe -- (WatGorp)
IE - HKU\S-1-5-21-1235237089-3939341036-3401883774-1001\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-1235237089-3939341036-3401883774-1001\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKU\S-1-5-21-1235237089-3939341036-3401883774-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1235237089-3939341036-3401883774-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8080
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
[2014/03/26 01:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\GorillaPrice
[2014/03/26 01:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GorillaPrice

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#8
ebelow

ebelow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
# AdwCleaner v3.022 - Report created 28/03/2014 at 05:37:20
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Elizabeth - L0234
# Running from : C:\Users\Elizabeth\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\wecarereminder
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1789 octets] - [28/03/2014 05:36:07]
AdwCleaner[S0].txt - [1562 octets] - [28/03/2014 05:37:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1622 octets] ##########

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Are you able to install programmes now ?


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP