Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Adobe Flash Popup constantly on my Laptop


  • Please log in to reply

#1
Triskelion

Triskelion

    Member

  • Member
  • PipPipPip
  • 652 posts

For some reason I am getting constant random popups on my browser.

Most of the time it is saying I need to update my Adobe Flash, but I have done that.

I also get redirected to random "cleaning" tools which I know are bogus.

 

I also couldn't dload OTL.exe, it was blocked. Had to use the OTL.scr link.

Log below.

 

Please Help!

 

OTL:

 

OTL logfile created on: 4/21/2014 12:15:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JButler\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
5.48 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 35.76% Memory free
10.96 Gb Paging File | 7.02 Gb Available in Paging File | 64.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.79 Gb Total Space | 585.69 Gb Free Space | 85.78% Space Free | Partition Type: NTFS
Drive D: | 15.55 Gb Total Space | 1.66 Gb Free Space | 10.68% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 88.74 Mb Free Space | 89.76% Space Free | Partition Type: FAT32
 
Computer Name: JBUTLER-HP | User Name: JButler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/21 11:54:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JButler\Desktop\OTL.scr
PRC - [2014/04/15 13:48:24 | 003,158,016 | ---- | M] () -- C:\Users\JButler\AppData\Local\Genesis\Genesis.exe
PRC - [2014/04/09 09:52:30 | 010,743,808 | ---- | M] (AVDL) -- C:\Desjardins\Suvriq\Suvriq.exe
PRC - [2014/04/01 19:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/03/26 12:36:58 | 001,347,584 | ---- | M] (Desjardins Sécurité financière) -- C:\Desjardins\Accueil\Accueil.exe
PRC - [2014/01/02 18:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/03 13:05:50 | 001,672,592 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
PRC - [2013/12/03 13:03:20 | 005,186,512 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
PRC - [2013/12/03 10:59:32 | 001,168,960 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/02/21 11:57:52 | 014,100,992 | ---- | M] (Foxit Software) -- C:\Program Files (x86)\Foxit Software\Foxit Phantom\Foxit Phantom.exe
PRC - [2012/01/06 12:08:30 | 000,949,760 | ---- | M] (Manulife Financial) -- C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe
PRC - [2011/10/22 02:20:44 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/03/04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/01 15:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/15 13:48:24 | 003,158,016 | ---- | M] () -- C:\Users\JButler\AppData\Local\Genesis\Genesis.exe
MOD - [2014/04/01 19:58:03 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014/04/01 19:58:02 | 013,691,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
MOD - [2014/04/01 19:57:59 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014/04/01 19:57:54 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
MOD - [2014/04/01 19:57:53 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
MOD - [2014/04/01 19:57:52 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014/04/01 19:57:49 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
MOD - [2014/02/18 05:40:36 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\13372e3b6a7e4126d48827a30c2c1d9a\Microsoft.VisualBasic.ni.dll
MOD - [2014/02/18 05:22:24 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014/02/18 05:21:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/18 05:21:15 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/18 05:20:41 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/18 05:20:35 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/18 05:20:33 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/18 05:19:58 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/02 18:45:04 | 003,558,400 | ---- | M] () -- C:\Users\JButler\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 17:55:02 | 025,100,288 | ---- | M] () -- C:\Users\JButler\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/09/18 21:44:28 | 000,361,904 | ---- | M] () -- C:\Program Files (x86)\iolo\System Mechanic Professional\lorraine.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/02/14 16:46:50 | 001,044,048 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/02/28 22:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/11/02 18:11:40 | 000,322,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/08/24 15:36:52 | 000,181,600 | ---- | M] (Commtouch, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV:64bit: - [2012/08/24 15:36:48 | 000,119,136 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV:64bit: - [2012/08/24 15:36:34 | 000,121,696 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV:64bit: - [2011/09/15 18:12:12 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/04/02 00:06:22 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/11/30 14:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/04/14 09:59:30 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/11 12:28:53 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/03 10:59:32 | 001,168,960 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/11/02 18:15:37 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/10/22 02:20:44 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2011/10/22 02:02:42 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/05/23 11:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/03/04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/04/12 10:13:08 | 000,142,336 | ---- | M] (HP) [Disabled | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/04/17 11:32:35 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wStLib64.sys -- (wStLib64)
DRV:64bit: - [2014/04/17 10:54:34 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wStLibG64.sys -- (wStLibG64)
DRV:64bit: - [2014/01/22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/09/18 21:12:08 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV:64bit: - [2013/09/18 21:12:04 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2013/03/25 15:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/01/29 19:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/01/29 19:15:04 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/02 18:16:43 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/11/02 18:15:37 | 000,339,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/11/02 18:11:41 | 000,542,208 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/08/24 15:44:12 | 000,173,408 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\amp.sys -- (AMP)
DRV:64bit: - [2012/08/24 15:44:06 | 001,504,608 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ampse.sys -- (AMPSE)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/05 17:48:36 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/26 14:07:32 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/10/22 02:12:14 | 000,521,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/10/22 02:11:28 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/10/22 02:11:12 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/10/22 02:10:42 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/10/22 02:10:26 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/10/22 02:10:10 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/10/22 02:09:56 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/10/22 02:09:40 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/10/21 14:59:02 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/21 14:58:54 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/10/21 14:58:54 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/09/15 18:51:12 | 010,206,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/15 17:38:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/12/16 01:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/25 11:58:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM)
DRV:64bit: - [2008/11/16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2013/03/20 02:07:16 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{EDFBB4EE-982F-443F-9340-23CB4FD46E9A}: "URL" = http://www.amazon.ca...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {a977fcda-764d-eb2a-eccf-6afb531fe360}:1.0
FF - prefs.js..extensions.enabledAddons: transtorrent%40mobilityflow.com:1.3
FF - prefs.js..extensions.enabledAddons: %7B27c60876-b5c9-4335-b4f3-52b26782220c%7D:0.9.4
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7Bcd6c4ebf-366e-45a0-98b5-b8217288eed7%7D:0.7.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..browser.startup.homepage: "http://feed.snapdo.c...EmpoRFyxkEsCw,"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..keyword.URL: "http://feed.snapdo.c...lFsD8hP2Q,,&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\JButler\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/04/14 09:59:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/04/14 09:59:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012/04/15 14:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Extensions
[2012/04/15 14:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/04/17 11:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions
[2013/11/30 22:18:04 | 000,000,000 | ---D | M] (WOT) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014/04/15 13:50:44 | 000,000,000 | ---D | M] ("Shopping Helper Smartbar") -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{a977fcda-764d-eb2a-eccf-6afb531fe360}
[2014/04/15 13:51:07 | 000,000,000 | ---D | M] ("MediaPlayerplus") -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com
[2014/01/17 14:10:37 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]
[2014/04/15 13:50:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\staged
[2014/04/15 13:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\extensionData
[2014/04/15 13:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\extensionData\plugins
[2014/04/15 13:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\extensionData\userCode
[2012/02/13 11:05:35 | 000,026,529 | ---- | M] () (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]
[2011/10/16 15:12:36 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2011/11/06 00:17:22 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2012/08/06 16:05:32 | 002,966,066 | ---- | M] () (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{c7b3cf78-9cbc-47b9-ba47-bb84a56069dd}.xpi
[2012/01/18 22:04:07 | 000,009,732 | ---- | M] () (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{cd6c4ebf-366e-45a0-98b5-b8217288eed7}.xpi
[2014/04/15 13:51:06 | 000,022,877 | ---- | M] () -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\searchplugins\Web Search.xml
[2014/04/14 09:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/04/14 09:59:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/04/14 09:59:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/04/14 09:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/14 09:59:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/11/12 12:25:00 | 000,076,288 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: TELUS security advisor (Enabled) = C:\Program Files (x86)\TELUS\TELUS security advisor\nprpspa.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\JButler\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.14_0\
CHR - Extension: YouTube = C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: IE Tab Multi (Enhance) = C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.2.1_0\
CHR - Extension: TweetDeck by Twitter = C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.6.1_0\
CHR - Extension: Crackle = C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
CHR - Extension: Google Wallet = C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
CHR - Extension: Abstract-Blue = C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa\1.1_0\
 
O1 HOSTS File: ([2014/04/14 11:29:35 | 000,793,927 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 0.0.0.0 banners.weselltraffic.com
O1 - Hosts: 0.0.0.0 adsatt.abcnews.starwave.com
O2:64bit: - BHO: (MediaPlayerplus) - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll File not found
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DSFMAJAutoService] C:\Desjardins\Accueil\DesjardinsMajAutoFusion.exe (DJSFC)
O4 - HKLM..\Run: [fst_ca_72]  File not found
O4 - HKCU..\Run: [DiamondView] C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe (Manulife Financial)
O4 - HKCU..\Run: [genesis] c:\users\jbutler\appdata\local\genesis\genesis.exe ()
O4 - HKCU..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\iavlsp64.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\iavlsp64.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\iavlsp64.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://www.avdlext.com/dwa7W.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6E2DE1C-2CBB-4C2E-B03F-3AB93F3B8626}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/12/29 16:03:26 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/21 11:54:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JButler\Desktop\OTL.scr
[2014/04/17 11:32:35 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\wStLib64.sys
[2014/04/17 11:26:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\predm
[2014/04/17 11:25:45 | 000,000,000 | ---D | C] -- C:\Users\JButler\AppData\Roaming\ContentExplorer
[2014/04/17 11:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/04/17 11:14:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/04/17 10:54:34 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/04/15 13:51:40 | 000,000,000 | ---D | C] -- C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[2014/04/15 13:51:31 | 000,000,000 | ---D | C] -- C:\Users\JButler\AppData\Roaming\VOPackage
[2014/04/15 13:48:05 | 000,000,000 | ---D | C] -- C:\Users\JButler\AppData\Local\Genesis
[2014/04/14 09:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/21 12:12:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/21 11:59:04 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/21 11:54:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JButler\Desktop\OTL.scr
[2014/04/21 11:51:05 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA.job
[2014/04/21 11:15:36 | 000,000,408 | ---- | M] () -- C:\Windows\SysWow64\iolo.ini
[2014/04/21 11:15:36 | 000,000,408 | ---- | M] () -- C:\Windows\SysNative\iolo.ini
[2014/04/21 11:09:11 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/21 11:09:11 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/21 11:07:48 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core.job
[2014/04/21 11:05:48 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/21 11:03:49 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJButler.job
[2014/04/21 11:03:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/20 21:39:23 | 000,679,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/20 21:39:23 | 000,132,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/20 21:39:22 | 000,801,138 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/17 15:13:03 | 000,000,172 | ---- | M] () -- C:\Windows\Maritimelife.ini
[2014/04/17 15:11:37 | 117,628,927 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/17 13:08:38 | 000,006,006 | ---- | M] () -- C:\Users\JButler\Documents\MLTMTRA.DAT
[2014/04/17 13:06:26 | 000,000,097 | ---- | M] () -- C:\Windows\fdpxld.ini
[2014/04/17 13:04:47 | 000,011,719 | ---- | M] () -- C:\Users\JButler\Documents\MLTMTRA1.DAT
[2014/04/17 12:57:43 | 000,009,654 | ---- | M] () -- C:\Users\JButler\Documents\GWSHTRA.DAT
[2014/04/17 12:57:43 | 000,008,690 | ---- | M] () -- C:\Users\JButler\Documents\GWTMTRA.DAT
[2014/04/17 12:51:55 | 000,000,029 | ---- | M] () -- C:\Windows\MLI.INI
[2014/04/17 12:51:23 | 000,004,273 | ---- | M] () -- C:\Users\JButler\Documents\AIWVTRA.DAT
[2014/04/17 12:51:21 | 000,000,460 | ---- | M] () -- C:\Users\JButler\Documents\AIBRIDGE.NIS
[2014/04/17 11:32:35 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\wStLib64.sys
[2014/04/17 10:54:34 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/04/14 14:25:33 | 001,425,341 | ---- | M] () -- C:\Users\JButler\Desktop\Smith, Larry.pdf
[2014/04/03 11:17:53 | 000,514,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/24 11:01:36 | 000,002,114 | ---- | M] () -- C:\Users\JButler\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/17 12:51:21 | 000,000,460 | ---- | C] () -- C:\Users\JButler\Documents\AIBRIDGE.NIS
[2014/04/14 14:19:51 | 001,425,341 | ---- | C] () -- C:\Users\JButler\Desktop\Smith, Larry.pdf
[2014/03/11 13:36:47 | 000,000,024 | ---- | C] () -- C:\Windows\LifeView.INI
[2014/03/11 12:48:54 | 000,002,488 | ---- | C] () -- C:\ProgramData\regid.2012-05.ca.repsource_EC596C15-1BA5-4A0F-8804-4CC5BB52F1EE.swidtag
[2014/03/11 12:15:59 | 000,000,023 | ---- | C] () -- C:\Windows\Transwin.ini
[2014/01/18 18:06:59 | 000,251,104 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/12/13 14:21:00 | 000,000,318 | ---- | C] () -- C:\Windows\GWLCFG.INI
[2013/10/10 13:16:05 | 000,000,408 | ---- | C] () -- C:\Windows\SysWow64\iolo.ini
[2013/10/10 12:49:19 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/04/03 13:51:11 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013/04/03 13:51:11 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2012/10/17 14:06:38 | 000,164,864 | ---- | C] () -- C:\Windows\Unwise32.exe
[2012/10/17 14:06:37 | 000,000,298 | ---- | C] () -- C:\Windows\SysWow64\Sunlife.ini
[2012/10/17 12:50:59 | 000,000,598 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/10/17 12:50:54 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll
[2012/10/17 12:50:54 | 000,037,376 | ---- | C] () -- C:\Windows\Olodmg35.dll
[2012/10/12 11:42:03 | 000,000,000 | ---- | C] () -- C:\Windows\iireport53.INI
[2012/10/12 11:38:47 | 000,003,750 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/10/12 11:38:46 | 000,149,504 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE
[2012/10/12 11:38:33 | 000,010,912 | ---- | C] () -- C:\Windows\SHARE.EXE
[2012/10/12 11:38:22 | 000,022,776 | ---- | C] () -- C:\Windows\SysWow64\FDPTOOLS.DLL
[2012/10/12 11:38:22 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\Implode.dll
[2012/10/12 11:38:20 | 000,000,097 | ---- | C] () -- C:\Windows\fdpxld.ini
[2012/10/12 11:38:20 | 000,000,000 | ---- | C] () -- C:\Windows\IIREPO~1.INI
[2012/10/12 11:37:36 | 000,000,000 | ---- | C] () -- C:\Windows\efgtemp.ini
[2012/10/10 12:30:17 | 000,000,017 | ---- | C] () -- C:\Users\JButler\AppData\Local\resmon.resmoncfg
[2012/10/05 13:45:22 | 000,003,584 | ---- | C] () -- C:\Users\JButler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/13 13:40:37 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/05/30 11:56:55 | 000,000,029 | ---- | C] () -- C:\Windows\MLI.INI
[2012/03/16 14:21:15 | 000,000,095 | ---- | C] () -- C:\Users\JButler\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/12/27 17:02:52 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\calibre
[2014/04/17 15:08:30 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\ContentExplorer
[2014/04/20 21:35:25 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Dropbox
[2011/12/15 00:32:37 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\EPSON
[2012/03/25 20:30:23 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Foxit Software
[2013/10/10 13:40:07 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\iolo
[2013/12/14 15:41:40 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\ioloGovernor
[2012/04/17 17:42:16 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Leadertech
[2012/03/22 22:59:32 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\MetroTwit
[2012/02/13 00:08:26 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Mobile Action
[2013/01/07 14:20:37 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Opera
[2013/04/04 10:35:57 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Postbox
[2012/05/02 10:53:01 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\RBC Illustrations
[2014/01/15 14:55:00 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\RBC Insurance
[2012/10/22 13:34:33 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\SalesStrategies
[2013/04/03 13:39:20 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Samsung
[2013/11/25 09:56:01 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Sound ID
[2011/10/06 16:07:32 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Synaptics
[2013/10/10 13:00:45 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\TELUS
[2012/04/15 12:47:37 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Temp
[2011/10/07 14:47:32 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Thunderbird
[2012/04/15 14:27:15 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\TomTom
[2011/10/06 17:31:21 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2013/09/26 18:40:45 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\uTorrent
[2014/04/15 13:51:37 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\VOPackage
 
========== Purity Check ==========
 
 
 
< End of report >
 
Extras:
 

OTL Extras logfile created on: 4/21/2014 12:15:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JButler\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
5.48 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 35.76% Memory free
10.96 Gb Paging File | 7.02 Gb Available in Paging File | 64.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.79 Gb Total Space | 585.69 Gb Free Space | 85.78% Space Free | Partition Type: NTFS
Drive D: | 15.55 Gb Total Space | 1.66 Gb Free Space | 10.68% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 88.74 Mb Free Space | 89.76% Space Free | Partition Type: FAT32
 
Computer Name: JBUTLER-HP | User Name: JButler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27F95574-36D9-4368-9D62-B516B052BED1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{314C8D4C-E95F-4893-A5AC-79ACC17FBF91}" = lport=138 | protocol=17 | dir=in | app=system | 
"{34DBDA59-D424-4801-AECD-2752A53D1469}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{35FE13D5-F0DA-4560-A43A-07FAAC719F91}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3EBC71AF-AA0E-4699-9D23-0121DB52CEA9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{414976B0-DB07-4EE8-AAFA-1A4521F0FD30}" = lport=445 | protocol=6 | dir=in | app=system | 
"{590EA7A4-53A4-4690-B7A5-5751E901A152}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{62455673-1DF7-449C-BE50-C10F7B41748B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6CC84463-24D1-4E61-AFA8-9868E9DD7A2D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7E193348-F26B-44EB-986E-4683745A6FEC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9E62C99E-9E4D-4865-88FF-957AD1681510}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9F521CFA-1191-420D-9F4A-7AABE8655703}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9FD8FA64-48F4-44CF-8219-C7C46ACDE943}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A916E216-C21C-4309-B669-8662B9016487}" = rport=137 | protocol=17 | dir=out | app=system | 
"{ACE18835-73DC-4A10-9A48-7889602F8C1D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{B7A79ED3-FB8E-4D15-804C-0120404EA78E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B7B7944E-4658-4952-B1F1-6716EA2D444E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C109EEDF-5F74-458C-831B-BBC26B88E770}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D64DBD4F-33A1-4C48-9A8A-FD29233F4480}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DA0EBE25-42FD-4AA2-8207-0292C672E940}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E4180DAF-4965-4CE8-BD01-D18E735B18F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EE4D36BB-3562-4770-94B1-81632031D88B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EFD3A3CC-BDD0-4E04-8669-38642A6CCFC0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F04436D2-324E-4E71-946C-A56470E89A07}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F10A9EA2-6A90-402B-86AA-48FC89FC9406}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{F6392E85-C51F-4E16-AF44-F95AB1BD81F0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5FBA9D-F05D-466D-B0F3-252223ED0EDC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{10423B55-CF7D-4ED0-BBB3-0417C8311405}" = protocol=6 | dir=in | app=c:\program files (x86)\iolo\system mechanic professional\sysmech.exe | 
"{10963935-58D3-4742-9289-5A5ECA5952D3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{11D75E7B-0401-496B-8B47-0A3BA1F3204F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{13A330DB-FEE4-4DE2-803B-84CF75C9A22D}" = protocol=6 | dir=in | app=c:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe | 
"{18DDC92A-D9D3-40AE-9A99-AAD3B91472C6}" = protocol=6 | dir=in | app=c:\program files (x86)\telus\telus security advisor\servicepointservice.exe | 
"{19839625-B537-4466-AD3E-582DBB3CADD3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{1B8A1BDF-2EC2-4AD0-A946-0EC24859A42A}" = protocol=58 | dir=out | [email protected],-28546 | 
"{1D1A38E2-2390-47B2-A906-430C23648210}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 
"{2AC7D0BF-5FCC-42F0-9A83-6F3FE1B51A77}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{32B170E7-3725-41C9-9D2E-7E61327E85E2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{335B2DC3-5269-4607-9E4A-F00A04135725}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{40C8CF68-71F9-42CC-8B3E-8019A4DF677D}" = protocol=17 | dir=in | app=c:\program files (x86)\telus\telus security advisor\servicepointservice.exe | 
"{42398C44-DB28-408F-8962-B24BBF31F10B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{45659497-EE08-443E-9E84-C2A2C50E427E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{47010424-2FB5-4449-9674-97EB7A6BAC4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{549B0C91-E550-4FD9-95E2-6F5008518A06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5692C443-FCEA-4E73-8F4C-87F2F5F621F0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{75819433-776C-4B72-8FDB-BB6AF54C01FC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{7F62F2C5-32B8-4D9C-83E8-DA20EED8D1D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8234CB96-F0C9-4C33-B02D-F4754FD2B766}" = dir=in | app=c:\users\jbutler\appdata\roaming\allmyapps\allmyapps.exe | 
"{8346C3D9-7894-4FDD-ADC7-C26DBA27BC25}" = protocol=1 | dir=out | [email protected],-28544 | 
"{894A9A89-B5DF-40AE-A4DF-EA0BC58F04E2}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{8AA10002-73B3-4339-9135-DBF827015AC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8BCE1FCF-C6FF-4C59-88C9-C54590BC2BB8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8C012308-1D0F-4406-8F1A-219DB8AB50E3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{8D9F8E4B-3916-4960-8ED5-A4895B1E4C63}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{95C9BEB6-BF2A-490E-B021-910CB2B91877}" = protocol=1 | dir=in | [email protected],-28543 | 
"{A399BB5E-8A13-4C25-A1D6-F0B16A848FBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A5F16D41-829C-46F0-A377-CD752DE2EE7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB553565-1E17-4D18-A7E7-EBEFAB565EC9}" = protocol=17 | dir=in | app=c:\program files (x86)\iolo\system mechanic professional\sysmech.exe | 
"{B4CC2D76-74D3-4968-A7A4-35BD762A023C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B76EA94C-89E9-407E-887F-46C6D0648015}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BCF43689-359B-4E7C-95D3-60963C9BF43C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BE086AEC-E2A4-4F5A-9194-EF7C25B158C9}" = protocol=17 | dir=in | app=c:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C3F13D47-95DD-4123-A92E-460CAAFF8C95}" = protocol=58 | dir=in | [email protected],-28545 | 
"{CC14D937-1CCB-4639-ADED-410CFC7EEAA4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{D5A8E6DD-0F69-4695-AAB9-0F4038F5E2F9}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
"{D858849A-1FF1-4876-8084-0B1B74703D91}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D8B166D0-302F-43D9-9CAF-E002EF05514D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{DF765507-946B-4DE8-BEA2-2BA562CBADD1}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 
"{E1C88BCE-28AE-47BF-9A9C-42963EE545CE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{E4BF9DC2-83C1-4157-A08E-A123D13C2DE8}" = protocol=6 | dir=out | app=system | 
"{EAFDB806-2346-4832-B781-09A4190D3B64}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{EDCF9443-1BBD-4478-AFBB-3B229F3FDA56}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | 
"{EE25172D-EC22-464D-ADA2-F4DA89B9074D}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{EE554F6D-1C4F-4EB4-B91F-62AC29094274}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFECAB1B-E275-4CDD-8991-7955C521E4DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{B3F53259-CD56-48CB-A045-6A3137B7B660}C:\users\jbutler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\jbutler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe | 
"TCP Query User{D664876B-8CA0-4640-9F0A-8AF767EEE013}C:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{805B0B07-CB10-4052-B1BE-5E17E4CB32A6}C:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{E207F3C7-5CE7-4B83-93E2-37AF0E22E576}C:\users\jbutler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\jbutler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{2CDF0D0A-C58C-4136-9978-F029B2723B0D}" = Corel Graphics - Windows Shell Extension
"_{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 (64-Bit)
"{10762393-1B90-4AC2-AF1A-4C0C04AE303F}" = CorelDRAW Graphics Suite X6 - VBA (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1967EF95-E00B-4669-8B1C-A589BE8BF24F}" = CorelDRAW Graphics Suite X6 - Capture (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E3A578C-0A7D-4820-990F-B7545C0B2303}" = CorelDRAW Graphics Suite X6 - VSTA (x64)
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center
"{26A24AE4-039D-4CA4-87B4-2F86417051FF}" = Java 7 Update 51 (64-bit)
"{26AF7BC7-DB35-B7C5-3169-29BC62835C48}" = AMD Fuel
"{27AE72A4-B217-4CDC-B82B-3311E9D7460E}" = CorelDRAW Graphics Suite X6 - Draw (x64)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{2CDF0D0A-C58C-4136-9978-F029B2723B0D}" = Corel Graphics - Windows Shell Extension
"{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}" = Foxit Phantom
"{35869A6C-BA31-4F23-B52D-BC1B1E41EC1B}" = CorelDRAW Graphics Suite X6 - Common (x64)
"{3933C06C-8239-432B-87FC-F2BDC5B49A10}" = CorelDRAW Graphics Suite X6 - FontNav (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{6099F026-0A98-4D40-9B3D-ED2123A8CBD0}" = CorelDRAW Graphics Suite X6 - Redist (x64)
"{6153098B-60DB-6A9F-EA0F-B006A96B57D5}" = ATI Catalyst Install Manager
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{695E54E9-5B06-4FFD-8481-B09E5761B5D5}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{71F13BA8-96D0-F281-6473-196A5842C6CF}" = ccc-utility64
"{7386B5FA-8715-481D-821F-7785110506DF}" = CorelDRAW Graphics Suite X6 - Custom Data (x64)
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7B79AE44-9B76-4815-84E5-ACAC3F0F0278}" = CorelDRAW Graphics Suite X6 - VideoBrowser (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{80F776E8-B47B-4F23-835F-4464EA3E8BC6}" = Corel Graphics - Windows Shell Extension 32 Bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{839546C9-2E4E-4A42-B0D4-22E05E92E7AA}" = CorelDRAW Graphics Suite X6 - ES (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EF2B1E1-4D7A-43FA-92C5-61DB6F0524C4}" = CorelDRAW Graphics Suite X6 - BR (x64)
"{90120064-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x64)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90F60409-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) English
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AAAB95-AEBE-437A-B7CA-37C7BE13FFE9}" = CorelDRAW Graphics Suite X6 - Connect (x64)
"{A1CDB206-B8F1-41F0-9DAA-C7FC8664C737}" = CorelDRAW Graphics Suite X6 - FR (x64)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6DF7031-2843-44FD-9CAB-DECAB4257456}" = CorelDRAW Graphics Suite X6 - IPM
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BB65D262-3EBC-4F10-89D9-67A320E94EAA}" = CorelDRAW Graphics Suite X6 - EN (x64)
"{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 - Setup Files (x64)
"{C0DA129B-1E45-494D-A362-5CD0109C306B}" = WOT for Internet Explorer
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{CB1A2FE6-2BDF-DECC-C91B-4E5FFD59C5D6}" = WMV9/VC-1 Video Playback
"{CBC1BFA3-E641-4FCA-8EFA-77E2B7D7E552}" = CorelDRAW Graphics Suite X6 (x64)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4A6E342-907C-4CEF-96CC-FC2F4990DC9C}" = AVSDK5
"{D7C2687D-924E-4485-B367-C7D95CBF8DDD}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DDE82E3D-20C4-48E1-AE1D-B1F10E42CA44}" = CorelDRAW Graphics Suite X6 - Writing Tools (x64)
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E699230D-4B5E-411E-9F45-FF50789B18DD}" = CorelDRAW Graphics Suite X6 - Filters (x64)
"{FB8CF321-07A3-464C-B1D5-35CE28E474C3}" = CorelDRAW Graphics Suite X6 - IPM
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"SynTPDeinstKey" = Synaptics TouchPad Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0867AFE1-3469-11D7-8193-0010B5BCE08C}" = ABF / FNA
"{08B31070-171E-11D6-BECF-000629F77048}" = MenuFusion 
"{09064D50-FF4A-407C-9B13-15B9D231EBA2}" = RegimeRetraiteIndividuel
"{0AE17B00-31FA-11D6-BED9-000629F77048}" = Avantage d'Or / Golden Edge
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D1B9D71-7EB6-70DA-DB23-E14F59A14E1D}" = AMD VISION Engine Control Center
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{0DC33570-D9E6-9189-7143-612F34DC317B}" = CCC Help Danish
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F69006A-CD2F-4C12-A786-C659C8F98423}" = Catalyst Control Center - Branding
"{10202EBB-A6E7-4BA2-9E38-8563DB84C28F}" = Manulife - Synergy / Manuvie - Synergie
"{10895847-3460-11D7-8193-0010B5BCE08C}" = Zone retraite / Retirement zone
"{11B97514-C022-420A-9FCB-4FD079E2DBBC}" = Equitable Sales Illustrations/ Système d’illustration des ventes
"{13D946AF-DAD9-0200-0000-000000000000}" = Android Sync Manager WiFi
"{14025FDE-2A98-4241-9DC5-FA9F5B7A488F}" = CIMS.Net
"{15822027-43D3-C69F-40EF-2AF83AA781AA}" = CCC Help English
"{192BFB6B-7E9C-4346-8ECB-2A42DABFF4DB}" = Manulife - Insure Right / Manuvie - Bien s'assurer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX680 Series Scanner Driver Update
"{1D04A14D-6C97-19C1-CA9D-FDDE5EAE1026}" = CCC Help Chinese Standard
"{1E5E7177-5156-4541-B8D5-B0C7E9064329}" = System Mechanic 12 Professional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F9D123D-2850-494B-AAA0-24492F70C4A4}" = RPS CRT
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{209255AF-E7F3-4FF3-86EE-575C35BA716D}" = Living Benefits 5.30
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{27916B81-FEDB-43A0-B724-923784B3DAE7}" = Empire Life Envision
"{27DDB75B-8483-4F0A-91DF-C57B6631F795}" = Concourse 1.5 - Content
"{2893EE72-7BB9-41E8-9AE2-45DA92331A8D}" = Manulife - Performax Gold - Performax Or - MLPG
"{28BF1FE2-8F54-4356-8404-26EA20E0C1BA}" = Manulife - Term
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29248674-96FE-4C01-94C6-D82ECD06E916}" = Manulife - Concept slideshows
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A9009E1-122C-4692-B442-A750C0DE7BA1}_is1" = VIO Player version 1.2
"{2B37E43D-10AB-9D24-7234-31929A3A7D11}" = CCC Help German
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30879FF8-1582-41CB-BCDB-B5DDFF93FD3C}" = GWL Illustrator Par
"{32D3C724-3E32-11D9-8211-00B0D075DF5C}" = Diamond View Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33530062-0419-71CE-3BD3-13D7D5E4C7DE}" = CCC Help French
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37BF8DE6-CB40-4F3C-8A24-6CE6BB1F6A55}" = Manulife - Concepts
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{388A15E4-7507-CD40-4DBA-F78B4BBEB56E}" = CCC Help Japanese
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E35E63A-CC9D-45B8-B599-4DA774BFC74C}" = Transamerica - Five-for-Life 2.1
"{4168E08D-3349-476F-9497-7891CB8153A6}" = LEApp - AppVers 5.4
"{4210D645-9D71-419E-9002-BB1A0358A9B3}" = Independent Order of Foresters
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{448B78CF-4A52-191D-1436-54D039B382DB}" = CCC Help Spanish
"{47582F50-3974-4F89-AFEA-468DD33B2EA4}" = GWL Illustrator Par Config
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{521FA973-C4C9-249D-5CF6-0A6F7B18F7DC}" = CCC Help Greek
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5905DC5D-00E7-4BEF-A1CD-FCAE05E20DA8}" = GWL Illustrator Term
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5C069542-CA13-4f1b-B90C-28C6430F4992}" = HP LaserJet Professional CP1520 Series
"{5ED3BAF3-DA06-038D-F21E-AB35404626D4}" = CCC Help Dutch
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C44315-A107-D3F6-B868-52AC0481ED6B}" = CCC Help Finnish
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{64B54493-BC68-4D6F-B9EB-214E74CC0647}" = Concourse 1.0
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6522241B-09FE-B16D-0E23-9485424507EB}" = CCC Help Korean
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{698C92A9-66A7-11D6-8178-0010B5BCE08C}" = Presentations
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B075E9F-4D23-0883-F66C-C698E949CD90}" = Catalyst Control Center Graphics Previews Common
"{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}" = HP Documentation
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{794A3AB9-DB12-1115-33B2-29C5DDD1DCD4}" = CCC Help Chinese Traditional
"{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager
"{7CF6604E-BCB8-4B5F-A1CC-1E6DA0C60151}" = MSXML
"{803E2C5C-E39B-BEBA-4046-6C0CF7695DA4}" = CCC Help Hungarian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{839B9B4C-7FC7-4F7F-BD31-99AEF07A49F1}" = GWL Illustrator
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{85184706-2E77-11D9-9BE0-000103E0519E}" = Investment Loan / Prêt Placement
"{876FAEDD-8CA3-4729-A09F-4E582DB560F7}" = Manulife - Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88EFE047-67E7-4194-92E6-9B79A563BAA0}" = Assumption-Online-Insurance-Solutions
"{8B705ED7-A86B-4895-9955-BA80E0B3F40B}" = Calculatrice Financière / Invest
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9325A80A-C2B4-141E-952E-30589770A79B}" = CCC Help Turkish
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{93D90A5B-6694-4849-AD0F-3EB7E7E1B040}" = KeySource 1.0
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{962CB079-85E6-405F-8704-1C62365AE46F}" = HP Software Framework
"{96EA5361-BF11-4518-A14A-8FCADEEA7820}" = GWL Illustrator Term Config
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5088FA-8C09-439E-A515-E1957993303F}" = GWL Illustrator Config
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F9C5C18-9665-41EC-A660-5A3BA213CA1D}" = Licensing Service (03000201)
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1A9956A-56A2-4933-A4F0-CC236790CC29}" = Diamond View Launcher
"{A5A8C157-A89D-4F7E-89A3-3C5519CEE18C}" = GarantieAvantage
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7393DB5-6CAB-70A7-4A5E-C96AF518858A}" = Catalyst Control Center Localization All
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AABE44D1-0B72-4C6B-9778-20B2317F8064}" = hpzTLBXFX
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C39D3-7BF4-4897-8C97-35061FBECED2}" = Manulife - Limited Pay UL / Manuvie - Vu à prime temporaire
"{AC6E9B2A-A7E6-4B17-8A6C-29D519673E12}" = Shopping Helper Smartbar
"{AE75C941-3838-47F9-B372-281EE634516E}" = RoueDesRendements
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B2E60EBE-35BC-41CA-BED6-EDBB9329C037}" = Concepts
"{B48DC0B2-DBFD-41DB-992E-19EE9DA6EE96}" = Manulife - Universal Life
"{B573B6E4-81AA-47E0-8BBB-2023B1906524}" = KeySource 2.1 - Content
"{B6F2B585-D9F2-4D23-A176-B0AA1A5DD286}" = LEApp - Electronic Application for Life Insurance 5.5.0.1
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}" = LPT System Updater Service
"{BC4516DF-F14B-42FE-960C-A6EB1F279F73}" = Manulife - UltraVision
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BEEDEC2C-D33F-4FEF-8692-A5CCE6FF6835}" = hppTLBXFXCP1520
"{BFBC2A94-C9C0-4E98-A58A-86295575B02A}" = Pyramide 3.1.0
"{C007CFA1-FC3C-49B8-8D30-DB5BF3396632}" = ZoomExpressKeyView14.1
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C3579810-5AC8-545D-089D-6735792490B5}" = CCC Help Thai
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3E2B404-EF69-4C60-A7C1-CF116D2C3267}" = YTD Toolbar v7.6
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C915103C-F9E5-8989-233C-367DCFB07652}" = CCC Help Italian
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE8EF688-BD0E-29E2-3472-E23CC6AB0C98}" = CCC Help Polish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF09D056-3FFA-11D6-8171-0010B5BCE08C}" = Solo
"{D003CEFC-10B1-48E8-ACDA-4FF452BCE344}" = calibre
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2437C5C-2D8C-40D2-8059-689AD7239FA3}" = Intel® C++ Redistributables for Windows* on Intel® 64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D608C59B-424B-45D4-971C-5978F8564CEE}" = hppLaserJetService
"{D73E2E92-C6A1-4850-B50D-7CCC9CF81C6E}" = Manulife - Personal Accident/Personal Accident
"{D811186E-06BC-F7D3-E10B-4C7450F88611}" = CCC Help Swedish
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDAFC46A-90E2-11E2-B700-984BE15F174E}" = Evernote v. 4.6.4
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE723887-712F-499D-8B82-5A1EC8F46062}" = SetupCrystalReports
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFE70D3F-C54C-4025-9344-9CBB7D0447C0}" = CorelDRAW Graphics Suite X6 - IPM Content
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E15C68A1-9CA5-44AC-A7F7-6C0673F196A8}" = HPLaserJetHelp_LearnCenter
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E45832B8-C3E6-C26B-A038-4599DCAC1F17}" = CCC Help Norwegian
"{E5441D19-417C-8C34-3F31-CCBD563C946E}" = Catalyst Control Center InstallProxy
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED5C76B7-0F52-4245-AF1B-E0DC08EFE283}" = Manulife Financial - Health and Dental
"{EED3CC4B-40BD-11D6-8171-0010B5BCE08C}" = Sommum / Pace / Traditionnel
"{F023440E-6D03-1AB2-1414-27A62074556C}" = CCC Help Portuguese
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F4E3A754-5569-4E1C-BF99-B3CC2BDFDEFB}" = Manulife - Living Benefits
"{F7A9EFFB-F905-FA4D-A431-06B1E0A5EE5A}" = CCC Help Czech
"{FA6381E9-96D2-4F6F-866C-4D16E5986FF6}" = TweetDeck
"{FD8966E8-8227-9180-51D2-F1C75D3222B8}" = CCC Help Russian
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE6DB3B1-C754-405D-BCAB-F4F9C765BF35}" = hppCP1520LaserJetService
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVS Media Player_is1" = AVS Media Player 4.1.9.95
"AVS Update Manager_is1" = AVS Update Manager 1.0
"ContentExplorer" = ContentExplorer
"CPP Illustration" = CPP Illustration
"CPP V3" = CPP V3
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EFR_is1" = EFR 3.14 (2013-11)
"Eos" = Eos 6.0
"EOS_6_0" = 
"Foresters Life - V7.0" = Foresters Life - V7.0
"Google Chrome" = Google Chrome
"in sync 3.0" = in sync 3.0
"Inforce Illustration 1.3" = Inforce Illustration 1.3
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Kobo" = Kobo
"LifeView - VisionVie 10.0" = LifeView - VisionVie 10.0
"LifeView - VisionVie 10.1" = LifeView - VisionVie 10.1
"LifeView - VisionVie 10.4" = LifeView - VisionVie 10.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"Mozilla Thunderbird 24.4.0 (x86 en-US)" = Mozilla Thunderbird 24.4.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.1.0.530
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"RBC Illustrations System 6.0" = RBC Illustrations System 6.0
"Revo Uninstaller" = Revo Uninstaller 1.95
"Silent Package Run-Time Sample" = EPSON RX680 User's Guide
"Sky1.0" = Sky
"Sky1.1.153" = Sky
"SLF Sales Concepts" = Sun Life Financial - Sales Concepts
"SSTChannel" = SST Channel - Canada Life (CL)
"Trusted Software Assistant_is1" = File Type Assistant
"VLC media player" = VLC media player 1.0.1
"VOPackage" = VO Package
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3
"WT089504" = Final Drive Nitro
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2cdca571-9571-43bf-8129-ad453d9a55c8}" = Shopping Helper Smartbar Engine
"121406415.www.c-vote.ca" = direcTORY Application
"Dropbox" = Dropbox
"genesis" = Genesis
"GoToMeeting" = GoToMeeting 4.8.0.723
"Kies Air Discovery Service" = Kies Air Discovery Service
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/20/2014 11:39:36 PM | Computer Name = JButler-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2122
 
Error - 4/20/2014 11:39:36 PM | Computer Name = JButler-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2122
 
Error - 4/20/2014 11:39:37 PM | Computer Name = JButler-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 4/20/2014 11:39:37 PM | Computer Name = JButler-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3136
 
Error - 4/20/2014 11:39:37 PM | Computer Name = JButler-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3136
 
Error - 4/20/2014 11:39:38 PM | Computer Name = JButler-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 4/20/2014 11:39:38 PM | Computer Name = JButler-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4165
 
Error - 4/20/2014 11:39:38 PM | Computer Name = JButler-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4165
 
Error - 4/20/2014 11:39:39 PM | Computer Name = JButler-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 4/20/2014 11:39:39 PM | Computer Name = JButler-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5179
 
Error - 4/20/2014 11:39:39 PM | Computer Name = JButler-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5179
 
[ Hewlett-Packard Events ]
Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
 
[ HP Connection Manager Events ]
Error - 1/31/2013 5:50:31 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
Description = 2013/01/31 02:50:31.840|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 1/31/2013 5:50:31 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
Description = 2013/01/31 02:50:31.965|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 1/31/2013 5:50:31 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
Description = 2013/01/31 02:50:31.980|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 1/31/2013 5:50:31 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
Description = 2013/01/31 02:50:31.996|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 1/31/2013 5:50:38 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
Description = 2013/01/31 02:50:38.844|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 1/31/2013 5:50:38 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
Description = 2013/01/31 02:50:38.969|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 1/31/2013 5:50:38 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
Description = 2013/01/31 02:50:38.985|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 1/31/2013 5:50:39 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
Description = 2013/01/31 02:50:39.000|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 1/31/2013 5:51:04 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
Description = 2013/01/31 02:51:04.803|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 1/31/2013 5:52:04 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
Description = 2013/01/31 02:52:04.800|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
[ HP Software Framework Events ]
Error - 5/12/2012 1:01:27 AM | Computer Name = JButler-HP | Source = CaslWmi | ID = 5
Description = 2012/05/11 23:01:27.409|00000A68|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/12/2012 1:03:59 AM | Computer Name = JButler-HP | Source = CaslWmi | ID = 5
Description = 2012/05/11 23:03:59.181|0000124C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/12/2012 1:04:07 AM | Computer Name = JButler-HP | Source = CaslWmi | ID = 5
Description = 2012/05/11 23:04:07.227|00000EB8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/12/2012 1:04:15 AM | Computer Name = JButler-HP | Source = CaslWmi | ID = 5
Description = 2012/05/11 23:04:15.485|00000F3C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/13/2012 11:22:54 PM | Computer Name = JButler-HP | Source = CaslWmi | ID = 5
Description = 2012/05/13 21:22:54.316|00001BDC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 8/24/2012 7:51:36 PM | Computer Name = JButler-HP | Source = CaslSmBios | ID = 5
Description = 2012/08/24 17:51:36.750|0000348C|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 8/24/2012 7:52:59 PM | Computer Name = JButler-HP | Source = CaslSmBios | ID = 5
Description = 2012/08/24 17:52:59.376|0000464C|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 9/1/2012 11:09:20 PM | Computer Name = JButler-HP | Source = CaslSmBios | ID = 5
Description = 2012/09/01 21:09:20.789|00001A80|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 9/2/2012 1:40:42 PM | Computer Name = JButler-HP | Source = CaslSmBios | ID = 5
Description = 2012/09/02 11:40:42.634|000019C8|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 9/2/2012 1:40:48 PM | Computer Name = JButler-HP | Source = CaslSmBios | ID = 5
Description = 2012/09/02 11:40:48.030|000023A4|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
[ iolo Applications Events ]
Error - 11/29/2013 12:06:09 PM | Computer Name = JButler-HP | Source = Service Manager | ID = 1
Description = Exception occured on service shutdown   Error message: System Error. 
 Code: 1115.  A system shutdown is in progress
 
Error - 1/14/2014 2:35:35 PM | Computer Name = JButler-HP | Source = System Shield | ID = 20
Description = Failed to install DAT file C:\ProgramData\iolo\System Shield\antivir-c-201401131812.cab
 
Error
 message: Unspecified error
 
Error - 1/19/2014 3:09:23 PM | Computer Name = JButler-HP | Source = Service Manager | ID = 1
Description = Exception occured on service shutdown   Error message: System Error. 
 Code: 1115.  A system shutdown is in progress
 
Error - 2/18/2014 3:21:04 PM | Computer Name = JButler-HP | Source = Service Manager | ID = 1
Description = Exception occured on service shutdown   Error message: System Error. 
 Code: 1115.  A system shutdown is in progress
 
[ System Events ]
Error - 4/7/2014 3:36:08 PM | Computer Name = JButler-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 4/7/2014 3:36:09 PM | Computer Name = JButler-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 4/7/2014 3:36:09 PM | Computer Name = JButler-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 4/7/2014 3:36:10 PM | Computer Name = JButler-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 4/7/2014 3:36:10 PM | Computer Name = JButler-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 4/9/2014 3:55:55 PM | Computer Name = JButler-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
 
Error - 4/14/2014 1:29:28 PM | Computer Name = JButler-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
 
Error - 4/17/2014 12:53:05 PM | Computer Name = JButler-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 4/17/2014 1:39:17 PM | Computer Name = JButler-HP | Source = Service Control Manager | ID = 7034
Description = The Zombie Alert service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 4/17/2014 5:12:02 PM | Computer Name = JButler-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   FileDisk
 
 
< End of report >
 

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c
 
:OTL
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
[2014/04/15 13:50:44 | 000,000,000 | ---D | M] ("Shopping Helper Smartbar") -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{a977fcda-764d-eb2a-eccf-6afb531fe360}
[2014/04/15 13:51:07 | 000,000,000 | ---D | M] ("MediaPlayerplus") -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com
[2014/04/15 13:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\extensionData
[2014/04/15 13:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\extensionData\plugins
[2014/04/15 13:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\extensionData\userCode
[2012/02/13 11:05:35 | 000,026,529 | ---- | M] () (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]
[2011/10/16 15:12:36 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2011/11/06 00:17:22 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2012/08/06 16:05:32 | 002,966,066 | ---- | M] () (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{c7b3cf78-9cbc-47b9-ba47-bb84a56069dd}.xpi
[2012/01/18 22:04:07 | 000,009,732 | ---- | M] () (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{cd6c4ebf-366e-45a0-98b5-b8217288eed7}.xpi
[2014/04/15 13:51:06 | 000,022,877 | ---- | M] () -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\searchplugins\Web Search.xml
[2014/04/14 09:59:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/04/14 09:59:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
 
O4 - HKLM..\Run: [DSFMAJAutoService] C:\Desjardins\Accueil\DesjardinsMajAutoFusion.exe (DJSFC)
O4 - HKLM..\Run: [fst_ca_72]  File not found
O4 - HKCU..\Run: [genesis] c:\users\jbutler\appdata\local\genesis\genesis.exe ()
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
[2014/04/17 11:32:35 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\wStLib64.sys
[2014/04/17 11:26:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\predm
[2014/04/17 11:25:45 | 000,000,000 | ---D | C] -- C:\Users\JButler\AppData\Roaming\ContentExplorer
[2014/04/17 10:54:34 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/04/15 13:51:40 | 000,000,000 | ---D | C] -- C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[2014/04/15 13:51:31 | 000,000,000 | ---D | C] -- C:\Users\JButler\AppData\Roaming\VOPackage
[2014/04/15 13:48:05 | 000,000,000 | ---D | C] -- C:\Users\JButler\AppData\Local\Genesis
[2014/04/17 11:32:35 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\wStLib64.sys
[2014/04/17 10:54:34 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
 
:files
C:\Users\JButler\AppData\Local\Genesis
C:\Desjardins\Suvriq\
 
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
 
 
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\04212014-some number.log so look there if you don't see it.
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
     
    Download OTL from
    and Save it to your desktop.
     
    Copy the text in the code box:
     
    DRIVES
    nnetsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    rsvpsp.dll
    pnrpnsp.dll 
    nwprovau.dll
    nlaapi.dll
    napinsp.dll
    mswsock.dll
    winrnr.dll
    wshelper.dll
    services.exe
    atapi.sys
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    csrss.exe
    PrintIsolationHost.exe
    consrv.dll
    user32.dll
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %ProgramFiles%\WINDOWS NT\*.* /s
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
    
     
    Run OTL (Vista or Win 7 => right click and Run As Administrator)
     
    Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
     
    Select the All option in the Extra Registry group then Run Scan.
     
    You should get two logs.  Please copy and paste both of them.
     
    Ron

    • 0

    #3
    Triskelion

    Triskelion

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 652 posts
    Thanks for all the help so far Ron.. Here come the reports..
    I have to post them in a few postings. It doesn't seem to like it all at once.
     
    OTL:
     
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{a977fcda-764d-eb2a-eccf-6afb531fe360}\components folder moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{a977fcda-764d-eb2a-eccf-6afb531fe360}\chrome\PublisherImages folder moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{a977fcda-764d-eb2a-eccf-6afb531fe360}\chrome\images folder moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{a977fcda-764d-eb2a-eccf-6afb531fe360}\chrome folder moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{a977fcda-764d-eb2a-eccf-6afb531fe360} folder moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\skin folder moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\locale\en-US folder moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\locale folder moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\extensionData\userCode folder moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\extensionData\plugins folder moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\extensionData folder moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\defaults\preferences folder moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\defaults folder moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\chrome\content\core folder moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\chrome\content\api folder moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\chrome\content folder moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\chrome folder moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com folder moved successfully.
    Folder C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\extensionData\ not found.
    Folder C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\extensionData\plugins\ not found.
    Folder C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]01c922b68.com\extensionData\userCode\ not found.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected] moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{c7b3cf78-9cbc-47b9-ba47-bb84a56069dd}.xpi moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{cd6c4ebf-366e-45a0-98b5-b8217288eed7}.xpi moved successfully.
    C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\searchplugins\Web Search.xml moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} folder moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DSFMAJAutoService deleted successfully.
    C:\Desjardins\Accueil\DesjardinsMajAutoFusion.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fst_ca_72 deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\genesis deleted successfully.
    c:\Users\JButler\AppData\Local\Genesis\Genesis.exe moved successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Clip selection\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Clip this page\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Clip URL\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\New Note\ deleted successfully.
    C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html moved successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Clip selection\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Clip this page\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Clip URL\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.
    C:\Windows\SysNative\drivers\wStLib64.sys moved successfully.
    C:\Program Files (x86)\predm folder moved successfully.
    C:\Users\JButler\AppData\Roaming\ContentExplorer folder moved successfully.
    C:\Windows\SysNative\drivers\wStLibG64.sys moved successfully.
    C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage folder moved successfully.
    C:\Users\JButler\AppData\Roaming\VOPackage folder moved successfully.
    Folder move failed. C:\Users\JButler\AppData\Local\Genesis scheduled to be moved on reboot.
    File C:\Windows\SysNative\drivers\wStLib64.sys not found.
    File C:\Windows\SysNative\drivers\wStLibG64.sys not found.
    ========== FILES ==========
    Folder move failed. C:\Users\JButler\AppData\Local\Genesis scheduled to be moved on reboot.
    C:\Desjardins\Suvriq\suvriqTemp folder moved successfully.
    C:\Desjardins\Suvriq folder moved successfully.
    ========== COMMANDS ==========
     
    [EMPTYFLASH]
     
    User: All Users
     
    User: Default
    ->Flash cache emptied: 0 bytes
     
    User: Default User
    ->Flash cache emptied: 0 bytes
     
    User: JButler
    ->Flash cache emptied: 697 bytes
     
    User: Public
     
    Total Flash Files Cleaned = 0.00 mb
     
     
    [EMPTYJAVA]
     
    User: All Users
     
    User: Default
     
    User: Default User
     
    User: JButler
    ->Java cache emptied: 0 bytes
     
    User: Public
     
    Total Java Files Cleaned = 0.00 mb
     
     
    OTL by OldTimer - Version 3.2.69.0 log created on 04222014_094250
     
    Files\Folders moved on Reboot...
    C:\Users\JButler\AppData\Local\Genesis folder moved successfully.
     
    PendingFileRenameOperations files...
     
    Registry entries deleted on Reboot...
     
    AdwCleaner:
     
    # AdwCleaner v3.200 - Report created 22/04/2014 at 10:12:29
    # Updated 22/04/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : JButler - JBUTLER-HP
    # Running from : C:\Users\JButler\Desktop\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
    [#] Service Deleted : wStLibG64
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\ProgramData\Computer Updater
    Folder Deleted : C:\ProgramData\WPM
    Folder Deleted : C:\Program Files (x86)\File Type Assistant
    Folder Deleted : C:\Users\JButler\AppData\Local\CrashRpt
    File Deleted : C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\invalidprefs.js
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [genesis]
    Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
    Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D9E7BE9-95E5-4392-8CD2-D82DE89589ED}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Key Deleted : HKCU\Software\genesis
    Key Deleted : HKCU\Software\installedbrowserextensions
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\TutoTag
    Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
    Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\Software\free_soft_to_day
    Key Deleted : HKLM\Software\installedbrowserextensions
    Key Deleted : HKLM\Software\supWPM
    Key Deleted : HKLM\Software\Tutorials
    Key Deleted : HKLM\Software\Uniblue
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\genesis
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC6E9B2A-A7E6-4B17-8A6C-29D519673E12}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
    Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17041
     
     
    -\\ Mozilla Firefox v28.0 (en-US)
     
    [ File : C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\prefs.js ]
     
    Line Deleted : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZcPmSeeX2prPxXLkPk_0O4jAfJAvN5lBjuPNhgM3gwhlz1RtfIV2s6Yr4iLKphMU54Rkul[...]
    Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
    Line Deleted : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZcPmSeeX2prPxXLkPk_0O4jAfJAvN5lBjuPNhgM3gwhlz1RtfIV2s6Yr4iLKphMU54Rkulw-ae3_j5_MDXl[...]
    Line Deleted : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZcPmSeeX2prPxXLkPk_0O4jAfJAvN5lBjuPNhgM3gwhlz1RtfIV2s6Yr4iLKphMU54Rkulw-ae3_[...]
     
    -\\ Google Chrome v34.0.1847.116
     
    [ File : C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\preferences ]
     
    Deleted [Extension] : cekcjpgehmohobmdiikfnopibipmgnml
    Deleted [Extension] : icpgjfneehieebagbmdbhnlpiopdcmna
    Deleted [Extension] : ifohbjbgfchkkfhphahclmkpgejiplfo
     
    *************************
     
    AdwCleaner[R1].txt - [4677 octets] - [13/02/2014 18:44:21]
    AdwCleaner[R2].txt - [6975 octets] - [22/04/2014 10:08:02]
    AdwCleaner[S1].txt - [4659 octets] - [13/02/2014 19:02:45]
    AdwCleaner[S2].txt - [6691 octets] - [22/04/2014 10:12:29]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [6751 octets] ##########

    • 0

    #4
    Triskelion

    Triskelion

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 652 posts
    JRT:
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by JButler on 22/04/2014 at 10:20:10.03
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
     
     
    ~~~ Files
     
     
     
    ~~~ Folders
     
     
     
    ~~~ FireFox
     
    Successfully deleted: [Folder] C:\Users\JButler\AppData\Roaming\mozilla\firefox\profiles\t4oi22eh.default\extensions\staged
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 22/04/2014 at 10:31:08.37
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    Farbar:
     
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
    Ran by JButler (administrator) on JBUTLER-HP on 22-04-2014 11:04:12
    Running from C:\Users\JButler\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
    (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    (Commtouch, Inc.) C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (Commtouch, Inc.) C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Manulife Financial) C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe
    (Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Dropbox, Inc.) C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (OldTimer Tools) C:\Users\JButler\Desktop\OTL.scr
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [984736 2011-10-22] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-10-22] (Atheros Commnucations)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-02] (IDT, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
    HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *‮* <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
    HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
    HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [DiamondView] => C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe [949760 2012-01-06] (Manulife Financial)
    HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
    Startup: C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
     
    ==================== Internet (Whitelisted) ====================
     
    ProxyServer:
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKLM - {EDFBB4EE-982F-443F-9340-23CB4FD46E9A} URL = http://www.amazon.ca...s={searchTerms}
    BHO: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll No File
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
    Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    DPF: HKLM-x32 {E008A543-CEFB-4559-912F-C27C2B89F13B} https://www.avdlext.com/dwa7W.cab
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default
    FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
    FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\JButler\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF Extension: LavaFox V2-Blue - C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\Extensions\[email protected] [2014-01-17]
    FF Extension: WOT - C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-30]
     
    Chrome: 
    =======
    CHR Extension: (Google Drive) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-22]
    CHR Extension: (Google Wallet) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
    CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JButler\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-16]
     
    ==================== Services (Whitelisted) =================
     
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-02] (Advanced Micro Devices, Inc.)
    R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
    R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
    R2 vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [121696 2012-08-24] (Commtouch, Inc.)
    R2 vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [119136 2012-08-24] (Commtouch, Inc.)
    S3 vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [181600 2012-08-24] (Commtouch, Inc.)
    R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-22] (Atheros)
     
    ==================== Drivers (Whitelisted) ====================
     
    R2 AMP; C:\Windows\system32\Drivers\amp.sys [173408 2012-08-24] (Commtouch, Inc.)
    R2 AMPSE; C:\Windows\system32\Drivers\ampse.sys [1504608 2012-08-24] (Commtouch, Inc.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
    R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-09-18] (EldoS Corporation)
    S1 FileDisk; No ImagePath
    S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] ()
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S1 wStLib64; system32\drivers\wStLib64.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-04-22 11:04 - 2014-04-22 11:04 - 00027928 _____ () C:\Users\JButler\Desktop\FRST.txt
    2014-04-22 11:04 - 2014-04-22 11:04 - 00000000 ____D () C:\FRST
    2014-04-22 10:57 - 2014-04-22 10:57 - 00130512 _____ () C:\Users\JButler\Desktop\Extras.Txt
    2014-04-22 10:31 - 2014-04-22 10:31 - 00000773 _____ () C:\Users\JButler\Desktop\JRT.txt
    2014-04-22 10:20 - 2014-04-22 10:20 - 02061312 _____ (Farbar) C:\Users\JButler\Desktop\FRST64.exe
    2014-04-22 10:19 - 2014-04-22 10:57 - 00203230 _____ () C:\Users\JButler\Desktop\OTL.txt
    2014-04-22 10:19 - 2014-04-22 10:19 - 00006895 _____ () C:\Users\JButler\Desktop\AdwCleaner[S2].txt
    2014-04-22 10:01 - 2014-04-22 10:01 - 01016261 _____ (Thisisu) C:\Users\JButler\Desktop\JRT.exe
    2014-04-22 09:59 - 2014-04-22 09:59 - 01335637 _____ () C:\Users\JButler\Desktop\AdwCleaner.exe
    2014-04-22 09:42 - 2014-04-22 09:42 - 00000000 ____D () C:\_OTL
    2014-04-22 09:40 - 2014-04-22 09:47 - 00406486 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
    2014-04-21 11:54 - 2014-04-21 11:54 - 00602112 _____ (OldTimer Tools) C:\Users\JButler\Desktop\OTL.scr
    2014-04-21 11:17 - 2014-03-06 02:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-04-21 11:17 - 2014-03-06 02:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-04-21 11:17 - 2014-03-06 02:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-04-21 11:17 - 2014-03-06 01:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-04-21 11:16 - 2014-03-06 04:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-04-21 11:16 - 2014-03-06 03:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-04-21 11:16 - 2014-03-06 03:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-04-21 11:16 - 2014-03-06 03:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-04-21 11:16 - 2014-03-06 02:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-04-21 11:16 - 2014-03-06 02:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-04-21 11:16 - 2014-03-06 02:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-04-21 11:16 - 2014-03-06 02:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-04-21 11:16 - 2014-03-06 02:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-04-21 11:16 - 2014-03-06 02:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-04-21 11:16 - 2014-03-06 02:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-04-21 11:16 - 2014-03-06 02:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-04-21 11:16 - 2014-03-06 02:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-04-21 11:16 - 2014-03-06 02:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-04-21 11:16 - 2014-03-06 02:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-04-21 11:16 - 2014-03-06 02:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-04-21 11:16 - 2014-03-06 02:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-04-21 11:16 - 2014-03-06 02:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-04-21 11:16 - 2014-03-06 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-04-21 11:16 - 2014-03-06 01:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-04-21 11:16 - 2014-03-06 01:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-04-21 11:16 - 2014-03-06 01:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-04-21 11:16 - 2014-03-06 01:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-04-21 11:16 - 2014-03-06 01:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-04-21 11:16 - 2014-03-06 01:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-04-21 11:16 - 2014-03-06 01:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-04-21 11:16 - 2014-03-06 01:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-04-21 11:16 - 2014-03-06 01:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-04-21 11:16 - 2014-03-06 01:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-04-21 11:16 - 2014-03-06 01:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-04-21 11:16 - 2014-03-06 01:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-04-21 11:16 - 2014-03-06 01:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-04-21 11:16 - 2014-03-06 01:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-04-21 11:16 - 2014-03-06 01:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-04-21 11:16 - 2014-03-06 00:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-04-21 11:16 - 2014-03-06 00:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-04-21 11:16 - 2014-03-06 00:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-04-21 11:16 - 2014-03-06 00:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-04-21 11:16 - 2014-03-06 00:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-04-21 11:16 - 2014-03-05 23:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-04-21 11:16 - 2014-03-05 23:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-04-21 11:16 - 2014-03-05 23:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-04-21 11:16 - 2014-03-05 23:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-04-21 11:16 - 2014-03-05 23:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-04-17 13:05 - 2014-04-17 13:05 - 13656402 _____ (Macrovision Corporation) C:\Users\JButler\Downloads\Envision-9-3-update.exe
    2014-04-17 12:51 - 2014-04-17 12:51 - 00000460 _____ () C:\Users\JButler\Documents\AIBRIDGE.NIS
    2014-04-17 11:19 - 2014-04-17 11:19 - 00921512 _____ (Oracle Corporation) C:\Users\JButler\Downloads\chromeinstall-7u55 (1).exe
    2014-04-17 11:16 - 2014-04-17 11:15 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-04-17 11:15 - 2014-04-17 11:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-04-17 11:15 - 2014-04-17 11:15 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-04-17 11:15 - 2014-04-17 11:15 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-04-17 11:13 - 2014-04-17 11:13 - 00921512 _____ (Oracle Corporation) C:\Users\JButler\Downloads\chromeinstall-7u55.exe
    2014-04-14 09:59 - 2014-04-14 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-04-09 11:45 - 2014-04-09 11:45 - 00012415 _____ () C:\Users\JButler\Desktop\2013 Stampede Breakfast Expenses.xlsx
    2014-04-09 10:19 - 2014-03-04 03:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2014-04-09 10:19 - 2014-03-04 03:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2014-04-09 10:19 - 2014-03-04 03:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2014-04-09 10:19 - 2014-03-04 03:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2014-04-09 10:19 - 2014-03-04 03:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2014-04-09 10:19 - 2014-03-04 03:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2014-04-09 10:19 - 2014-03-04 03:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2014-04-09 10:19 - 2014-03-04 03:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2014-04-09 10:19 - 2014-03-04 03:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2014-04-09 10:19 - 2014-03-04 02:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2014-04-09 10:19 - 2014-03-04 02:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2014-04-09 10:18 - 2014-02-03 20:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
    2014-04-09 10:18 - 2014-02-03 20:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
    2014-04-09 10:18 - 2014-02-03 20:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
    2014-04-09 10:18 - 2014-02-03 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
    2014-04-09 10:18 - 2014-02-03 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
    2014-04-09 10:18 - 2014-01-23 20:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2014-03-26 10:52 - 2014-03-26 10:55 - 00011543 _____ () C:\Users\JButler\Desktop\2013 Expenses.xlsx
     
    ==================== One Month Modified Files and Folders =======
     
    2014-04-22 11:04 - 2014-04-22 11:04 - 00027928 _____ () C:\Users\JButler\Desktop\FRST.txt
    2014-04-22 11:04 - 2014-04-22 11:04 - 00000000 ____D () C:\FRST
    2014-04-22 10:59 - 2012-09-28 14:01 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-04-22 10:57 - 2014-04-22 10:57 - 00130512 _____ () C:\Users\JButler\Desktop\Extras.Txt
    2014-04-22 10:57 - 2014-04-22 10:19 - 00203230 _____ () C:\Users\JButler\Desktop\OTL.txt
    2014-04-22 10:33 - 2011-09-08 06:59 - 01220580 _____ () C:\Windows\WindowsUpdate.log
    2014-04-22 10:31 - 2014-04-22 10:31 - 00000773 _____ () C:\Users\JButler\Desktop\JRT.txt
    2014-04-22 10:23 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-04-22 10:23 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-04-22 10:20 - 2014-04-22 10:20 - 02061312 _____ (Farbar) C:\Users\JButler\Desktop\FRST64.exe
    2014-04-22 10:19 - 2014-04-22 10:19 - 00006895 _____ () C:\Users\JButler\Desktop\AdwCleaner[S2].txt
    2014-04-22 10:19 - 2009-07-13 23:13 - 00801138 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-04-22 10:16 - 2013-10-10 13:16 - 00000408 _____ () C:\Windows\SysWOW64\iolo.ini
    2014-04-22 10:16 - 2013-10-10 13:16 - 00000408 _____ () C:\Windows\system32\iolo.ini
    2014-04-22 10:16 - 2013-10-10 13:16 - 00000392 _____ () C:\Windows\SysWOW64\iolo.ini.txt
    2014-04-22 10:16 - 2012-06-22 15:59 - 00000000 ____D () C:\Users\JButler\AppData\Roaming\Dropbox
    2014-04-22 10:15 - 2012-09-28 14:01 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-04-22 10:15 - 2012-06-22 16:01 - 00000000 ___RD () C:\Users\JButler\Dropbox
    2014-04-22 10:15 - 2004-10-19 14:30 - 00000172 _____ () C:\Windows\Maritimelife.ini
    2014-04-22 10:14 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-04-22 10:14 - 2009-07-13 22:51 - 00145611 _____ () C:\Windows\setupact.log
    2014-04-22 10:13 - 2014-02-13 18:44 - 00000000 ____D () C:\AdwCleaner
    2014-04-22 10:12 - 2012-04-03 22:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-04-22 10:01 - 2014-04-22 10:01 - 01016261 _____ (Thisisu) C:\Users\JButler\Desktop\JRT.exe
    2014-04-22 09:59 - 2014-04-22 09:59 - 01335637 _____ () C:\Users\JButler\Desktop\AdwCleaner.exe
    2014-04-22 09:47 - 2014-04-22 09:40 - 00406486 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
    2014-04-22 09:47 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-04-22 09:45 - 2012-04-10 14:27 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core.job
    2014-04-22 09:45 - 2011-10-24 12:00 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
    2014-04-22 09:44 - 2011-10-07 11:39 - 00000000 ____D () C:\Desjardins
    2014-04-22 09:43 - 2011-10-06 16:07 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{68809F62-1306-49BA-99C4-8BAF2943F43D}
    2014-04-22 09:42 - 2014-04-22 09:42 - 00000000 ____D () C:\_OTL
    2014-04-22 09:37 - 2012-04-10 14:27 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA.job
    2014-04-21 11:54 - 2014-04-21 11:54 - 00602112 _____ (OldTimer Tools) C:\Users\JButler\Desktop\OTL.scr
    2014-04-21 11:22 - 2012-09-03 15:10 - 00000000 ____D () C:\ProgramData\Leapfrog
    2014-04-21 11:21 - 2011-10-07 12:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-04-21 11:19 - 2012-09-03 15:10 - 00000000 ____D () C:\Program Files (x86)\LeapFrog
    2014-04-21 11:16 - 2011-11-04 17:38 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-04-21 11:16 - 2011-10-07 11:10 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-04-21 11:12 - 2013-08-21 10:21 - 00000000 ____D () C:\Windows\system32\MRT
    2014-04-21 11:07 - 2011-10-06 17:35 - 00000000 ___RD () C:\Users\JButler\Desktop\Utilities
    2014-04-21 11:06 - 2011-10-09 00:03 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-04-21 11:03 - 2013-08-24 13:27 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJButler
    2014-04-21 11:03 - 2013-08-24 13:27 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForJButler.job
    2014-04-17 15:11 - 2012-04-25 09:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-04-17 15:11 - 2010-11-20 21:47 - 00999352 _____ () C:\Windows\PFRO.log
    2014-04-17 15:10 - 2009-07-13 20:34 - 00000935 _____ () C:\Windows\win.ini
    2014-04-17 13:08 - 2012-12-17 11:36 - 00006006 _____ () C:\Users\JButler\Documents\MLTMTRA.DAT
    2014-04-17 13:06 - 2012-10-12 11:38 - 00000097 _____ () C:\Windows\fdpxld.ini
    2014-04-17 13:06 - 2012-10-12 11:37 - 00000000 ____D () C:\Program Files (x86)\illustrate inc
    2014-04-17 13:06 - 2012-10-12 11:37 - 00000000 ____D () C:\Program Files (x86)\Empire
    2014-04-17 13:05 - 2014-04-17 13:05 - 13656402 _____ (Macrovision Corporation) C:\Users\JButler\Downloads\Envision-9-3-update.exe
    2014-04-17 13:04 - 2012-12-17 11:36 - 00011719 _____ () C:\Users\JButler\Documents\MLTMTRA1.DAT
    2014-04-17 12:57 - 2012-10-22 12:36 - 00009654 _____ () C:\Users\JButler\Documents\GWSHTRA.DAT
    2014-04-17 12:57 - 2012-10-22 12:36 - 00008690 _____ () C:\Users\JButler\Documents\GWTMTRA.DAT
    2014-04-17 12:57 - 2012-10-22 12:36 - 00000000 ____D () C:\Users\JButler\Documents\SST
    2014-04-17 12:55 - 2012-05-30 12:00 - 00000000 ____D () C:\Windows\Downloaded Installations
    2014-04-17 12:54 - 2012-02-10 14:24 - 00000000 ____D () C:\Users\JButler\AppData\Local\Downloaded Installations
    2014-04-17 12:51 - 2014-04-17 12:51 - 00000460 _____ () C:\Users\JButler\Documents\AIBRIDGE.NIS
    2014-04-17 12:51 - 2013-01-24 10:28 - 00004273 _____ () C:\Users\JButler\Documents\AIWVTRA.DAT
    2014-04-17 12:51 - 2012-05-30 11:56 - 00000029 _____ () C:\Windows\MLI.INI
    2014-04-17 12:39 - 2011-10-07 11:39 - 00000914 _____ () C:\Windows\Partenai.log
    2014-04-17 12:35 - 2011-10-07 11:39 - 00000000 ____D () C:\repres
    2014-04-17 11:21 - 2011-10-10 00:26 - 00000000 ____D () C:\Users\JButler\AppData\Local\CrashDumps
    2014-04-17 11:19 - 2014-04-17 11:19 - 00921512 _____ (Oracle Corporation) C:\Users\JButler\Downloads\chromeinstall-7u55 (1).exe
    2014-04-17 11:17 - 2013-09-26 19:06 - 00000000 ____D () C:\ProgramData\Oracle
    2014-04-17 11:15 - 2014-04-17 11:16 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-04-17 11:15 - 2014-04-17 11:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-04-17 11:15 - 2014-04-17 11:15 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-04-17 11:15 - 2014-04-17 11:15 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-04-17 11:13 - 2014-04-17 11:13 - 00921512 _____ (Oracle Corporation) C:\Users\JButler\Downloads\chromeinstall-7u55.exe
    2014-04-15 13:55 - 2011-10-06 16:07 - 00000000 ___RD () C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-04-14 14:44 - 2011-11-18 16:20 - 00000000 ____D () C:\Program Files (x86)\Insync26
    2014-04-14 13:28 - 2014-03-03 13:23 - 00000000 ____D () C:\Users\JButler\Desktop\JavaRa-2.5
    2014-04-14 13:18 - 2013-04-22 13:37 - 00000000 ____D () C:\Users\JButler\Documents\Personal
    2014-04-14 13:16 - 2011-10-31 10:53 - 00000000 ____D () C:\Users\JButler\Documents\Google Talk Received Files
    2014-04-14 09:59 - 2014-04-14 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-04-14 09:59 - 2014-02-19 14:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
    2014-04-09 11:45 - 2014-04-09 11:45 - 00012415 _____ () C:\Users\JButler\Desktop\2013 Stampede Breakfast Expenses.xlsx
    2014-04-03 11:17 - 2009-07-13 22:45 - 00514944 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-04-03 11:16 - 2012-07-31 11:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-04-03 11:16 - 2012-07-31 11:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-04-02 14:09 - 2013-11-24 18:14 - 00000000 ____D () C:\Program Files (x86)\CIMS.Net
    2014-03-31 09:35 - 2010-11-20 21:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-03-27 07:54 - 2012-09-28 14:01 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-03-27 07:54 - 2012-09-28 14:01 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-03-26 10:55 - 2014-03-26 10:52 - 00011543 _____ () C:\Users\JButler\Desktop\2013 Expenses.xlsx
    2014-03-24 11:27 - 2014-03-13 19:56 - 00012377 _____ () C:\Users\JButler\Desktop\Larry Smith Retirement.xlsx
    2014-03-24 11:02 - 2014-03-19 13:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
    2014-03-24 09:27 - 2012-05-30 11:57 - 00000000 ____D () C:\Users\JButler\Desktop\SE EDA
     
    Some content of TEMP:
    ====================
    C:\Users\JButler\AppData\Local\Temp\BackupSetup.exe
    C:\Users\JButler\AppData\Local\Temp\FirewallAPI.dll
    C:\Users\JButler\AppData\Local\Temp\java-installer.exe
    C:\Users\JButler\AppData\Local\Temp\Quarantine.exe
    C:\Users\JButler\AppData\Local\Temp\ShoppinHelper2new2.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
     
     
    LastRegBack: 2014-04-06 19:41
     
    ==================== End Of Log ============================
     
    FRST Addition:
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
    Ran by JButler at 2014-04-22 11:04:51
    Running from C:\Users\JButler\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    AV: System Shield (Disabled - Up to date) {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: System Shield (Disabled - Up to date) {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}
     
    ==================== Installed Programs ======================
     
    64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
    ABF / FNA (HKLM-x32\...\{0867AFE1-3469-11D7-8193-0010B5BCE08C}) (Version: 8.3.0.0 - Desjardins Assurances)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    AMD APP SDK Runtime (Version: 2.4.595.9 - Advanced Micro Devices Inc.) Hidden
    AMD Fuel (Version: 2011.0401.2259.39449 - AMD) Hidden
    AMD VISION Engine Control Center (x32 Version: 2011.0401.2259.39449 - ATI) Hidden
    Android Sync Manager WiFi (HKLM-x32\...\{13D946AF-DAD9-0200-0000-000000000000}) (Version: 11.10.2763 - Mobile Action)
    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft PhotoImpression 6 (HKLM-x32\...\{D03E7B00-CA85-4684-9321-1888873C34BD}) (Version: 6 - ArcSoft)
    ArcSoft Print Creations (HKLM-x32\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version:  - ArcSoft)
    Assumption-Online-Insurance-Solutions (HKLM-x32\...\{88EFE047-67E7-4194-92E6-9B79A563BAA0}) (Version: 9.5.0 - IIS)
    Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.102 - Atheros)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
    ATI Catalyst Install Manager (HKLM\...\{6153098B-60DB-6A9F-EA0F-B006A96B57D5}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
    Avantage d'Or / Golden Edge (HKLM-x32\...\{0AE17B00-31FA-11D6-BED9-000629F77048}) (Version:  - )
    AVS Media Player 4.1.9.95 (HKLM-x32\...\AVS Media Player_is1) (Version:  - Online Media Technologies Ltd.)
    AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
    AVSDK5 (Version: 5.3.20 - Commtouch, Inc.) Hidden
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Calculatrice Financière / Invest (HKLM-x32\...\{8B705ED7-A86B-4895-9955-BA80E0B3F40B}) (Version:  - )
    calibre (HKLM-x32\...\{D003CEFC-10B1-48E8-ACDA-4FF452BCE344}) (Version: 0.9.25 - Kovid Goyal)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0401.2259.39449 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2011.0705.1115.18310 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2011.0401.2259.39449 - ATI) Hidden
    CCC Help Chinese Standard (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Chinese Traditional (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Czech (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Danish (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Dutch (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help English (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Finnish (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help French (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help German (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Greek (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Hungarian (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Italian (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Japanese (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Korean (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Norwegian (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Polish (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Portuguese (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Russian (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Spanish (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Swedish (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Thai (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Turkish (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    ccc-utility64 (Version: 2011.0401.2259.39449 - ATI) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CIMS.Net (HKLM-x32\...\{14025FDE-2A98-4241-9DC5-FA9F5B7A488F}) (Version: 2.0.0 - Microworld)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
    Concepts (HKLM-x32\...\{B2E60EBE-35BC-41CA-BED6-EDBB9329C037}) (Version: 2.8.0.3 - Desjardins Assurances)
    Concourse 1.0 (HKLM-x32\...\{64B54493-BC68-4D6F-B9EB-214E74CC0647}) (Version: 1.0 - London Life)
    Concourse 1.5 - Content (HKLM-x32\...\{27DDB75B-8483-4F0A-91DF-C57B6631F795}) (Version: 1.5 - London Life)
    ContentExplorer (HKLM-x32\...\ContentExplorer) (Version: 6.5 - ContentExplorer.net)
    Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Corel Graphics - Windows Shell Extension (HKLM\...\_{2CDF0D0A-C58C-4136-9978-F029B2723B0D}) (Version: 16.4.0.1280 - Corel Corporation)
    Corel Graphics - Windows Shell Extension (Version: 16.4.1280 - Corel Corporation) Hidden
    Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.4.1280 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - BR (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - ES (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.2 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - FR (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - IPM (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - IPM Content (x32 Version: 16.1 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.6 -  Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.4.0.1280 - Corel Corporation)
    CorelDRAW Graphics Suite X6 (x64) (Version: 16.6 - Corel Corporation) Hidden
    CPP Illustration (HKLM-x32\...\CPP Illustration) (Version:  - )
    CPP V3 (HKLM-x32\...\CPP V3) (Version:  - )
    Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
    CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4305 - CyberLink Corp.)
    CyberLink YouCam (x32 Version: 3.5.1.4305 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
    Diamond View Launcher (HKLM-x32\...\{A1A9956A-56A2-4933-A4F0-CC236790CC29}) (Version: 4.9.0.0 - Manulife Financial)
    Diamond View Update (HKLM-x32\...\{32D3C724-3E32-11D9-8211-00B0D075DF5C}) (Version: 7.0.0.4 - Manulife Financial)
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    direcTORY Application (HKCU\...\121406415.www.c-vote.ca) (Version:  - www.c-vote.ca)
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
    DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
    EFR 3.14 (2013-11) (HKLM-x32\...\EFR_is1) (Version:  - Elections Canada)
    Empire Life Envision (HKLM-x32\...\{27916B81-FEDB-43A0-B724-923784B3DAE7}) (Version: 9.3.0000 - Empire Life)
    Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
    Eos 6.0 (HKLM-x32\...\Eos) (Version: 6.0 - Sun Life Financial)
    EPSON Print CD (HKLM-x32\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: 1.60.000 - )
    EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
    EPSON RX680 User's Guide (HKLM-x32\...\Silent Package Run-Time Sample) (Version:  - )
    EPSON Stylus Photo RX680 Series Scanner Driver Update (HKLM-x32\...\{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}) (Version:  - )
    Equitable Sales Illustrations/ Système d’illustration des ventes (HKLM-x32\...\{11B97514-C022-420A-9FCB-4FD079E2DBBC}) (Version: 3.0.3.39 - Equitable Life Of Canada)
    ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
    Evernote v. 4.6.4 (HKLM-x32\...\{DDAFC46A-90E2-11E2-B700-984BE15F174E}) (Version: 4.6.4.8136 - Evernote Corp.)
    Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
    File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version:  - Trusted Software) <==== ATTENTION
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Foresters Life - V7.0 (HKLM-x32\...\Foresters Life - V7.0) (Version:  - )
    Foxit Phantom (HKLM\...\{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}) (Version: 2.2.0225 - Foxit Software Company)
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    GarantieAvantage (HKLM-x32\...\{A5A8C157-A89D-4F7E-89A3-3C5519CEE18C}) (Version: 2.9 - Desjardins Assurances)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
    Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
    Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
    Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
    GoToMeeting 4.8.0.723 (HKCU\...\GoToMeeting) (Version: 4.8.0.723 - CitrixOnline)
    GWL Illustrator (HKLM-x32\...\{839B9B4C-7FC7-4F7F-BD31-99AEF07A49F1}) (Version: 2.2.0.0 - Novinsoft Inc.)
    GWL Illustrator Config (HKLM-x32\...\{9B5088FA-8C09-439E-A515-E1957993303F}) (Version: 2.2.0.0 - Novinsoft Inc.)
    GWL Illustrator Par (HKLM-x32\...\{30879FF8-1582-41CB-BCDB-B5DDFF93FD3C}) (Version: 2.2.0.0 - Novinsoft Inc.)
    GWL Illustrator Par Config (HKLM-x32\...\{47582F50-3974-4F89-AFEA-468DD33B2EA4}) (Version: 2.2.0.0 - Novinsoft Inc.)
    GWL Illustrator Term (HKLM-x32\...\{5905DC5D-00E7-4BEF-A1CD-FCAE05E20DA8}) (Version: 2.2.0.0 - Novinsoft Inc.)
    GWL Illustrator Term Config (HKLM-x32\...\{96EA5361-BF11-4518-A14A-8FCADEEA7820}) (Version: 2.2.0.0 - Novinsoft Inc.)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
    HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
    HP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)
    HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
    HP Documentation (HKLM-x32\...\{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
    HP LaserJet Professional CP1520 Series (HKLM-x32\...\{5C069542-CA13-4f1b-B90C-28C6430F4992}) (Version:  - Hewlett-Packard)
    HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
    HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
    HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
    HPLaserJetHelp_LearnCenter (HKLM-x32\...\{E15C68A1-9CA5-44AC-A7F7-6C0673F196A8}) (Version: 1.01.0000 - Hewlett-Packard)
    HPLJUT (HKLM-x32\...\{229D6185-BD7E-494B-A73B-C5215BE0690E}) (Version: 1.00.0008 - HP)
    hppCP1520LaserJetService (x32 Version: 001.007.00319 - Hewlett-Packard) Hidden
    hppLaserJetService (x32 Version: 002.007.00397 - Hewlett-Packard) Hidden
    hppTLBXFXCP1520 (x32 Version: 001.007.00647 - Hewlett-Packard) Hidden
    hpzTLBXFX (x32 Version: 006.007.00770 - Hewlett-Packard) Hidden
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6423.0 - IDT)
    in sync 3.0 (HKLM-x32\...\in sync 3.0) (Version:  - )
    Independent Order of Foresters (HKLM-x32\...\{4210D645-9D71-419E-9002-BB1A0358A9B3}) (Version: 6.0 - Novinsoft Inc.)
    Inforce Illustration 1.3 (HKLM-x32\...\Inforce Illustration 1.3) (Version:  - )
    Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
    Investment Loan / Prêt Placement (HKLM-x32\...\{85184706-2E77-11D9-9BE0-000103E0519E}) (Version: 5.0.3.0 - Manulife Financial)
    iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 12.5.0 - iolo technologies, LLC)
    iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
    Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
    Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    KeySource 1.0 (HKLM-x32\...\{93D90A5B-6694-4849-AD0F-3EB7E7E1B040}) (Version: 1.0 - London Life)
    KeySource 2.1 - Content (HKLM-x32\...\{B573B6E4-81AA-47E0-8BBB-2023B1906524}) (Version: 2.1 - London Life)
    Kies Air Discovery Service (HKCU\...\Kies Air Discovery Service) (Version:  - Samsung)
    Kobo (HKLM-x32\...\Kobo) (Version: 3.1.5 - Kobo Inc.)
    LEApp - AppVers 5.4 (HKLM-x32\...\{4168E08D-3349-476F-9497-7891CB8153A6}) (Version: 5.4.0 - GWL Software Distribution)
    LEApp - Electronic Application for Life Insurance 5.5.0.1 (HKLM-x32\...\{B6F2B585-D9F2-4D23-A176-B0AA1A5DD286}) (Version: 5.5.0.0 - GWL Software Distribution)
    Licensing Service (03000201) (x32 Version: 03.00.02.15 - Protexis Inc.) Hidden
    LifeView - VisionVie 10.0 (HKLM-x32\...\LifeView - VisionVie 10.0) (Version:  - )
    LifeView - VisionVie 10.1 (HKLM-x32\...\LifeView - VisionVie 10.1) (Version:  - )
    LifeView - VisionVie 10.4 (HKLM-x32\...\LifeView - VisionVie 10.4) (Version:  - )
    Living Benefits 5.30 (HKLM-x32\...\{209255AF-E7F3-4FF3-86EE-575C35BA716D}) (Version: 5.30 - GWL)
    Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Manulife - Concept slideshows (HKLM-x32\...\{29248674-96FE-4C01-94C6-D82ECD06E916}) (Version: 14.8.0.0 - Novinsoft Inc.)
    Manulife - Concepts (HKLM-x32\...\{37BF8DE6-CB40-4F3C-8A24-6CE6BB1F6A55}) (Version: 12.3.0.1 - Novinsoft Inc.)
    Manulife - Insure Right / Manuvie - Bien s'assurer (HKLM-x32\...\{192BFB6B-7E9C-4346-8ECB-2A42DABFF4DB}) (Version: 11.5.0.0 - Novinsoft Inc.)
    Manulife - Launcher (HKLM-x32\...\{876FAEDD-8CA3-4729-A09F-4E582DB560F7}) (Version: 14.15.0.1 - Novinsoft Inc.)
    Manulife - Limited Pay UL / Manuvie - Vu à prime temporaire (HKLM-x32\...\{AB5C39D3-7BF4-4897-8C97-35061FBECED2}) (Version: 14.13.0.0 - Novinsoft Inc.)
    Manulife - Living Benefits (HKLM-x32\...\{F4E3A754-5569-4E1C-BF99-B3CC2BDFDEFB}) (Version: 14.14.0.14 - Novinsoft Inc.)
    Manulife - Performax Gold - Performax Or - MLPG (HKLM-x32\...\{2893EE72-7BB9-41E8-9AE2-45DA92331A8D}) (Version: 14.15.0.4 - Novinsoft Inc.)
    Manulife - Personal Accident/Personal Accident (HKLM-x32\...\{D73E2E92-C6A1-4850-B50D-7CCC9CF81C6E}) (Version: 14.10.0.1 - Novinsoft Inc.)
    Manulife - Synergy / Manuvie - Synergie (HKLM-x32\...\{10202EBB-A6E7-4BA2-9E38-8563DB84C28F}) (Version: 14.15.0.3 -  Novinsoft Inc.)
    Manulife - Term (HKLM-x32\...\{28BF1FE2-8F54-4356-8404-26EA20E0C1BA}) (Version: 14.15.0.2 - Novinsoft Inc.)
    Manulife - UltraVision (HKLM-x32\...\{BC4516DF-F14B-42FE-960C-A6EB1F279F73}) (Version: 14.12.0.0 - Novinsoft Inc.)
    Manulife - Universal Life (HKLM-x32\...\{B48DC0B2-DBFD-41DB-992E-19EE9DA6EE96}) (Version: 14.15.0.2 - Novinsoft Inc.)
    Manulife Financial - Health and Dental (HKLM-x32\...\{ED5C76B7-0F52-4245-AF1B-E0DC08EFE283}) (Version: 3.31.0.0 - Manulife Financial)
    MenuFusion  (HKLM-x32\...\{08B31070-171E-11D6-BECF-000629F77048}) (Version: 6.1.0.0 - Desjardins Assurances)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
    Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
    MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
    Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
    Mozilla Thunderbird 24.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML (HKLM-x32\...\{7CF6604E-BCB8-4B5F-A1CC-1E6DA0C60151}) (Version: 4.20.9818 - London Life Insurance Company)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
    MyTomTom 3.1.0.530 (HKLM-x32\...\MyTomTom) (Version: 3.1.0.530 - TomTom)
    Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Presentations (HKLM-x32\...\{698C92A9-66A7-11D6-8178-0010B5BCE08C}) (Version: 3.4 - Desjardins Assurances)
    Pyramide 3.1.0 (HKLM-x32\...\{BFBC2A94-C9C0-4E98-A58A-86295575B02A}) (Version: 3.1.0000 - Your Company Name)
    QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
    RBC Illustrations System 6.0 (HKLM-x32\...\RBC Illustrations System 6.0) (Version: RBC Illustrations 6.0 - RBC Insurance)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
    RegimeRetraiteIndividuel (HKLM-x32\...\{09064D50-FF4A-407C-9B13-15B9D231EBA2}) (Version:  - )
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    RoueDesRendements (HKLM-x32\...\{AE75C941-3838-47F9-B372-281EE634516E}) (Version: 9.0 - Desjardins Assurances)
    RPS CRT (x32 Version: 9.0.48 - TELUS) Hidden
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
    SetupCrystalReports (HKLM-x32\...\{DE723887-712F-499D-8B82-5A1EC8F46062}) (Version: 1.0.0 - DSF)
    Shopping Helper Smartbar Engine (HKCU\...\{2cdca571-9571-43bf-8129-ad453d9a55c8}) (Version: 10.215.63.15249 - ReSoft Ltd.) <==== ATTENTION
    Sky (HKLM-x32\...\Sky1.0) (Version: 1.0 - Foresters)
    Sky (HKLM-x32\...\Sky1.1.153) (Version: 1.1.153 - Foresters)
    Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Solo (HKLM-x32\...\{CF09D056-3FFA-11D6-8171-0010B5BCE08C}) (Version: 5.1.0.0 - Desjardins Assurances)
    Sommum / Pace / Traditionnel (HKLM-x32\...\{EED3CC4B-40BD-11D6-8171-0010B5BCE08C}) (Version: 15.3.1.0 - Desjardins Assurances)
    SST Channel - Canada Life (CL) (HKLM-x32\...\SSTChannel) (Version:  - )
    Sun Life Financial - Sales Concepts (HKLM-x32\...\SLF Sales Concepts) (Version:  - )
    Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
    System Mechanic 12 Professional (x32 Version: 12.5.0 - ) Hidden
    Transamerica - Five-for-Life 2.1 (HKLM-x32\...\{3E35E63A-CC9D-45B8-B599-4DA774BFC74C}) (Version: 2.1.4 - Transamerica Life Canada )
    TweetDeck (HKLM-x32\...\{FA6381E9-96D2-4F6F-866C-4D16E5986FF6}) (Version: 2.7.1 - Twitter, Inc.)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
    Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    VIO Player version 1.2 (HKLM-x32\...\{2A9009E1-122C-4692-B442-A750C0DE7BA1}_is1) (Version: 1.2 - VIO Player)
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
    VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
    WildTangent Games App (HP Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
    Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
    WOT for Internet Explorer (HKLM\...\{C0DA129B-1E45-494D-A362-5CD0109C306B}) (Version: 11.11.7.0 - WOT Services Oy)
    YTD Toolbar v7.6 (HKLM-x32\...\{C3E2B404-EF69-4C60-A7C1-CF116D2C3267}) (Version: 7.6 - Spigot, Inc.)
    YTD YouTube Downloader & Converter 3.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - GreenTree Applications SRL)
    Zone retraite / Retirement zone (HKLM-x32\...\{10895847-3460-11D7-8193-0010B5BCE08C}) (Version: 3.8.0.0 - Desjardins Assurances)
    ZoomExpressKeyView14.1 (HKLM-x32\...\{C007CFA1-FC3C-49B8-8D30-DB5BF3396632}) (Version: 14.1.04 - ...)
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
     
    ==================== Restore Points  =========================
     
    18-03-2014 18:08:31 Windows Update
    21-03-2014 20:25:19 Windows Update
    24-03-2014 15:28:50 Windows Update
    29-03-2014 15:51:57 Windows Update
    01-04-2014 17:54:23 Windows Update
    06-04-2014 03:14:41 Windows Update
    09-04-2014 16:16:06 Windows Update
    15-04-2014 17:14:07 Windows Update
    15-04-2014 19:48:36 Uniblue SpeedUpMyPC installation
    15-04-2014 19:56:21 Revo Uninstaller's restore point - SpeedUpMyPC
    17-04-2014 17:14:16 Installed Java 7 Update 55
    21-04-2014 03:38:10 Windows Update
    21-04-2014 17:04:56 Windows Modules Installer
    21-04-2014 17:24:12 Removed Brand Thunder Theme Manager for Internet Explorer
    22-04-2014 15:38:09 Windows Update
    22-04-2014 16:36:41 OTL Restore Point - 4/22/2014 10:36:35 AM
     
    ==================== Hosts content: ==========================
     
    2009-07-13 20:34 - 2014-04-14 11:29 - 00793927 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost #[IPv6]
    0.0.0.0 banners.weselltraffic.com
    0.0.0.0 adsatt.abcnews.starwave.com
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    Task: {0672D3D5-C923-4E23-90AD-04E329E73C4F} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
    Task: {1B5C2A26-AA64-4688-A4D4-A630F7020BC2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
    Task: {1E73C201-016C-4AD1-950B-8677238A833E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {218F1E4C-A15B-4C7F-A40B-CA86BDFA00D6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
    Task: {2F8C5DD5-1E73-45C3-91AB-1DDCA9FC685B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
    Task: {3168ADC7-7138-4622-81F6-10922003E183} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-28] (Google Inc.)
    Task: {36175958-14CD-4048-9AEE-B81160984C9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-28] (Google Inc.)
    Task: {3A82BBE0-C3B3-42F9-A9A4-1D23C8696413} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
    Task: {3B252575-1635-4CB4-8B0C-118C4D408CB3} - System32\Tasks\HPCeeScheduleForJButler => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {3FDA38DA-37F2-4FF3-B53C-25B907C62F74} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
    Task: {504D6BD9-9F53-4AB1-B022-333FB258B369} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
    Task: {5859E464-3C48-44C9-934B-3C42D5746F06} - System32\Tasks\AllmyappsUpdateTask => c:\users\jbutler\appdata\roaming\allmyapps\allmyappsupdater.exe
    Task: {59EFE770-EDDE-4690-ADE1-C9B624C4C495} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
    Task: {5E38EA3B-E033-4782-B48F-5984A6319E51} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
    Task: {62436556-5011-41F3-B3E9-D96B2586E6F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
    Task: {64B15A2A-3692-47EC-9E1F-EE9982DA2529} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
    Task: {6B0AC538-663D-4BF8-9ABB-1CF2C92923ED} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-02] (Synaptics Incorporated)
    Task: {7BA8BEB9-3702-485F-B143-E2B0150FEBB9} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe [2013-12-03] (iolo technologies, LLC)
    Task: {87876009-4FE2-4836-9988-5BA63F63FA54} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
    Task: {87ACFC4A-6145-4869-B54C-AF6CDE3BB849} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA => C:\Users\JButler\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
    Task: {916CA52F-7C48-4480-B607-073ED089122F} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
    Task: {C89DD698-504F-4039-86FF-601D66E3760E} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-05-02] (Hewlett Packard)
    Task: {CC7958DA-564A-477A-A073-C944A9B2495C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
    Task: {D2F270C6-BD35-4FB4-AAB0-F86CC297540A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core => C:\Users\JButler\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
    Task: {D80BD92A-0111-4D59-8B52-D189288580E0} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe
    Task: {D81CD8DD-8D71-4725-9E2D-F5E5433643A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {DFBEF069-17B6-487D-9747-5049CF4E23A0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-07-06] (CyberLink)
    Task: {E55B3DDE-12F3-4A38-B93D-64D1A99866BA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core.job => C:\Users\JButler\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA.job => C:\Users\JButler\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForJButler.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2012-05-02 14:29 - 2012-03-11 14:56 - 00086608 _____ () C:\Windows\System32\cpwmon64.dll
    2011-04-02 00:06 - 2011-04-02 00:06 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2011-03-04 13:49 - 2011-03-04 13:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
    2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2013-10-18 17:55 - 2013-10-18 17:55 - 25100288 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\libcef.dll
    2014-04-11 11:53 - 2014-04-01 19:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
    2014-04-11 11:53 - 2014-04-01 19:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
    2014-04-11 11:53 - 2014-04-01 19:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
    2014-04-11 11:53 - 2014-04-01 19:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
    2014-04-11 11:53 - 2014-04-01 19:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
    2014-04-11 11:53 - 2014-04-01 19:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
    2014-04-11 11:53 - 2014-04-01 19:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMP => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMPSE => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"
     
    ==================== Disabled items from MSCONFIG ==============
     
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
     
    Name: wStLib64
    Description: wStLib64
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer: 
    Service: wStLib64
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
     
    Name: Cisco Systems VPN Adapter for 64-bit Windows
    Description: Cisco Systems VPN Adapter for 64-bit Windows
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: CVirtA
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
     
    System errors:
    =============
     
    Microsoft Office Sessions:
    =========================
     
    CodeIntegrity Errors:
    ===================================
      Date: 2013-09-26 11:31:23.125
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-09-26 11:31:22.969
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-09-26 11:31:22.829
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-09-26 11:31:22.688
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-09-25 20:10:21.336
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-09-25 20:10:21.195
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-04-03 13:51:24.725
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-04-03 13:51:24.615
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-04-03 13:51:22.109
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-04-03 13:51:21.996
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 42%
    Total physical RAM: 5610.91 MB
    Available physical RAM: 3212.87 MB
    Total Pagefile: 11219.99 MB
    Available Pagefile: 8567.24 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:682.79 GB) (Free:586.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:15.55 GB) (Free:1.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: A626DF5C)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=683 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
     
    ==================== End Of Log ============================

    • 0

    #5
    Triskelion

    Triskelion

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 652 posts
    OTL Reg Scan:
     
    OTL logfile created on: 4/22/2014 10:34:12 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JButler\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17041)
    Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
     
    5.48 Gb Total Physical Memory | 3.74 Gb Available Physical Memory | 68.27% Memory free
    10.96 Gb Paging File | 8.97 Gb Available in Paging File | 81.86% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 682.79 Gb Total Space | 586.58 Gb Free Space | 85.91% Space Free | Partition Type: NTFS
    Drive D: | 15.55 Gb Total Space | 1.66 Gb Free Space | 10.68% Space Free | Partition Type: NTFS
    Drive F: | 98.87 Mb Total Space | 88.74 Mb Free Space | 89.76% Space Free | Partition Type: FAT32
     
    Computer Name: JBUTLER-HP | User Name: JButler | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2014/04/21 11:54:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JButler\Desktop\OTL.scr
    PRC - [2014/04/01 19:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2014/01/02 18:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2013/12/03 13:05:50 | 001,672,592 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
    PRC - [2013/12/03 10:59:32 | 001,168,960 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2012/01/06 12:08:30 | 000,949,760 | ---- | M] (Manulife Financial) -- C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe
    PRC - [2011/10/22 02:20:44 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    PRC - [2011/07/06 20:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    PRC - [2011/03/04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    PRC - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2007/01/01 15:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2014/04/01 19:58:03 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
    MOD - [2014/04/01 19:57:59 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
    MOD - [2014/04/01 19:57:54 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
    MOD - [2014/04/01 19:57:53 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
    MOD - [2014/04/01 19:57:52 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
    MOD - [2014/04/01 19:57:49 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
    MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2014/01/02 18:45:04 | 003,558,400 | ---- | M] () -- C:\Users\JButler\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
    MOD - [2013/10/18 17:55:02 | 025,100,288 | ---- | M] () -- C:\Users\JButler\AppData\Roaming\Dropbox\bin\libcef.dll
    MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - [2014/03/06 02:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2012/11/02 18:11:40 | 000,322,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2012/08/24 15:36:52 | 000,181,600 | ---- | M] (Commtouch, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
    SRV:64bit: - [2012/08/24 15:36:48 | 000,119,136 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
    SRV:64bit: - [2012/08/24 15:36:34 | 000,121,696 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
    SRV:64bit: - [2011/09/15 18:12:12 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/04/02 00:06:22 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2010/11/30 14:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
    SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV - [2014/04/14 09:59:30 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/03/11 12:28:53 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/12/03 10:59:32 | 001,168,960 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
    SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2012/11/02 18:15:37 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2011/10/22 02:20:44 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
    SRV - [2011/10/22 02:02:42 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
    SRV - [2011/05/23 11:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
    SRV - [2011/03/04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/04/12 10:13:08 | 000,142,336 | ---- | M] (HP) [Disabled | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
    SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV:64bit: - [2014/01/22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
    DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV:64bit: - [2013/09/18 21:12:08 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
    DRV:64bit: - [2013/09/18 21:12:04 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
    DRV:64bit: - [2013/03/25 15:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2013/01/29 19:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2013/01/29 19:15:04 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/11/02 18:16:43 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2012/11/02 18:15:37 | 000,339,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2012/11/02 18:11:41 | 000,542,208 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2012/08/24 15:44:12 | 000,173,408 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\amp.sys -- (AMP)
    DRV:64bit: - [2012/08/24 15:44:06 | 001,504,608 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ampse.sys -- (AMPSE)
    DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/05 17:48:36 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
    DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/26 14:07:32 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/10/22 02:12:14 | 000,521,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2011/10/22 02:11:28 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV:64bit: - [2011/10/22 02:11:12 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV:64bit: - [2011/10/22 02:10:42 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV:64bit: - [2011/10/22 02:10:26 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
    DRV:64bit: - [2011/10/22 02:10:10 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV:64bit: - [2011/10/22 02:09:56 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
    DRV:64bit: - [2011/10/22 02:09:40 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV:64bit: - [2011/10/21 14:59:02 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/10/21 14:58:54 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2011/10/21 14:58:54 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2011/09/15 18:51:12 | 010,206,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/09/15 17:38:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV:64bit: - [2010/12/16 01:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2010/02/08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/02/25 11:58:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM)
    DRV:64bit: - [2008/11/16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
    DRV - [2013/03/20 02:07:16 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{EDFBB4EE-982F-443F-9340-23CB4FD46E9A}: "URL" = http://www.amazon.ca...s={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope = 
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
    IE - HKCU\..\SearchScopes,DefaultScope = 
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledAddons: {a977fcda-764d-eb2a-eccf-6afb531fe360}:1.0
    FF - prefs.js..extensions.enabledAddons: transtorrent%40mobilityflow.com:1.3
    FF - prefs.js..extensions.enabledAddons: %7B27c60876-b5c9-4335-b4f3-52b26782220c%7D:0.9.4
    FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
    FF - prefs.js..extensions.enabledAddons: %7Bcd6c4ebf-366e-45a0-98b5-b8217288eed7%7D:0.7.3
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
    FF - user.js - File not found
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\JButler\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/04/14 09:59:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/04/14 09:59:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
     
    [2012/04/15 14:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Extensions
    [2012/04/15 14:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Extensions\[email protected]
    [2014/04/22 10:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions
    [2013/11/30 22:18:04 | 000,000,000 | ---D | M] (WOT) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2014/01/17 14:10:37 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\extensions\[email protected]
    [2014/04/22 09:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2014/04/14 09:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/04/14 09:59:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    File not found (No name found) -- C:\USERS\JBUTLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4OI22EH.DEFAULT\EXTENSIONS\{27C60876-B5C9-4335-B4F3-52B26782220C}.XPI
    File not found (No name found) -- C:\USERS\JBUTLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4OI22EH.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
    File not found (No name found) -- C:\USERS\JBUTLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4OI22EH.DEFAULT\EXTENSIONS\{CD6C4EBF-366E-45A0-98B5-B8217288EED7}.XPI
    File not found (No name found) -- C:\USERS\JBUTLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4OI22EH.DEFAULT\EXTENSIONS\[email protected]01C922B68.COM
    File not found (No name found) -- C:\USERS\JBUTLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4OI22EH.DEFAULT\EXTENSIONS\[email protected]
    [2010/11/12 12:25:00 | 000,076,288 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
     
    ========== Chrome  ==========
     
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - plugin: Error reading preferences file
    CHR - Extension: Google Drive = C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: Google Wallet = C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
     
    O1 HOSTS File: ([2014/04/14 11:29:35 | 000,793,927 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost #[IPv6]
    O1 - Hosts: 0.0.0.0 banners.weselltraffic.com
    O1 - Hosts: 0.0.0.0 adsatt.abcnews.starwave.com
    O2:64bit: - BHO: (MediaPlayerplus) - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll File not found
    O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
    O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKCU..\Run: [DiamondView] C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe (Manulife Financial)
    O4 - HKCU..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
    O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
    O4 - Startup: C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://www.avdlext.com/dwa7W.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6E2DE1C-2CBB-4C2E-B03F-3AB93F3B8626}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/12/29 16:03:26 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
     
    MsConfig:64bit - State: "services" - Reg Error: Key error.
    MsConfig:64bit - State: "startup" - Reg Error: Key error.
     
    SafeBootMin:64bit: AMP - C:\Windows\SysNative\drivers\amp.sys (Commtouch, Inc.)
    SafeBootMin:64bit: AMPSE - C:\Windows\SysNative\drivers\ampse.sys (Commtouch, Inc.)
    SafeBootMin:64bit: Base - Driver Group
    SafeBootMin:64bit: Boot Bus Extender - Driver Group
    SafeBootMin:64bit: Boot file system - Driver Group
    SafeBootMin:64bit: File system - Driver Group
    SafeBootMin:64bit: Filter - Driver Group
    SafeBootMin:64bit: HelpSvc - Service
    SafeBootMin:64bit: PCI Configuration - Driver Group
    SafeBootMin:64bit: PNP Filter - Driver Group
    SafeBootMin:64bit: Primary disk - Driver Group
    SafeBootMin:64bit: sacsvr - Service
    SafeBootMin:64bit: SCSI Class - Driver Group
    SafeBootMin:64bit: System Bus Extender - Driver Group
    SafeBootMin:64bit: vmms - Service
    SafeBootMin:64bit: vseamps - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Commtouch, Inc.)
    SafeBootMin:64bit: vsedsps - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Commtouch, Inc.)
    SafeBootMin:64bit: vseqrts - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Commtouch, Inc.)
    SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: ioloSystemService - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
     
    SafeBootNet:64bit: AMP - C:\Windows\SysNative\drivers\amp.sys (Commtouch, Inc.)
    SafeBootNet:64bit: AMPSE - C:\Windows\SysNative\drivers\ampse.sys (Commtouch, Inc.)
    SafeBootNet:64bit: Base - Driver Group
    SafeBootNet:64bit: Boot Bus Extender - Driver Group
    SafeBootNet:64bit: Boot file system - Driver Group
    SafeBootNet:64bit: File system - Driver Group
    SafeBootNet:64bit: Filter - Driver Group
    SafeBootNet:64bit: HelpSvc - Service
    SafeBootNet:64bit: Messenger - Service
    SafeBootNet:64bit: NDIS Wrapper - Driver Group
    SafeBootNet:64bit: NetBIOSGroup - Driver Group
    SafeBootNet:64bit: NetDDEGroup - Driver Group
    SafeBootNet:64bit: Network - Driver Group
    SafeBootNet:64bit: NetworkProvider - Driver Group
    SafeBootNet:64bit: PCI Configuration - Driver Group
    SafeBootNet:64bit: PNP Filter - Driver Group
    SafeBootNet:64bit: PNP_TDI - Driver Group
    SafeBootNet:64bit: Primary disk - Driver Group
    SafeBootNet:64bit: rdsessmgr - Service
    SafeBootNet:64bit: sacsvr - Service
    SafeBootNet:64bit: SCSI Class - Driver Group
    SafeBootNet:64bit: Streams Drivers - Driver Group
    SafeBootNet:64bit: System Bus Extender - Driver Group
    SafeBootNet:64bit: TDI - Driver Group
    SafeBootNet:64bit: vmms - Service
    SafeBootNet:64bit: vseamps - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Commtouch, Inc.)
    SafeBootNet:64bit: vsedsps - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Commtouch, Inc.)
    SafeBootNet:64bit: vseqrts - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Commtouch, Inc.)
    SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet:64bit: WudfUsbccidDriver - Driver
    SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: ioloSystemService - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vmms - Service
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
     
    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
     
    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
     
    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2014/04/22 10:20:41 | 002,061,312 | ---- | C] (Farbar) -- C:\Users\JButler\Desktop\FRST64.exe
    [2014/04/22 10:01:31 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\JButler\Desktop\JRT.exe
    [2014/04/22 09:42:50 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/04/21 11:54:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JButler\Desktop\OTL.scr
    [2014/04/21 11:17:16 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2014/04/21 11:17:16 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2014/04/21 11:17:09 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2014/04/21 11:16:54 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2014/04/21 11:16:54 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
    [2014/04/21 11:16:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2014/04/21 11:16:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
    [2014/04/21 11:16:48 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
    [2014/04/21 11:16:48 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2014/04/21 11:16:48 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2014/04/21 11:16:47 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/04/21 11:16:47 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2014/04/21 11:16:47 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2014/04/21 11:16:45 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2014/04/21 11:16:45 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2014/04/21 11:16:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2014/04/21 11:16:44 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2014/04/21 11:16:44 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2014/04/21 11:16:44 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    [2014/04/21 11:16:38 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2014/04/21 11:16:38 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2014/04/21 11:16:38 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
    [2014/04/21 11:16:38 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
    [2014/04/21 11:16:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
    [2014/04/21 11:16:37 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
    [2014/04/21 11:16:37 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
    [2014/04/21 11:16:32 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2014/04/21 11:16:32 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2014/04/21 11:16:26 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/04/17 11:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2014/04/17 11:16:14 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2014/04/17 11:15:49 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2014/04/17 11:15:49 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2014/04/17 11:15:49 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2014/04/17 11:14:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2014/04/14 09:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2014/04/09 10:19:07 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2014/04/09 10:19:07 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2014/04/09 10:19:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2014/04/09 10:19:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2014/04/09 10:19:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2014/04/09 10:19:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2014/04/09 10:19:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2014/04/09 10:19:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2014/04/09 10:19:04 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2014/04/09 10:19:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2014/04/09 10:18:52 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
    [2014/04/09 10:18:52 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
    [2014/04/09 10:18:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
    [2014/04/09 10:18:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2014/04/22 10:23:20 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/04/22 10:23:20 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/04/22 10:20:53 | 002,061,312 | ---- | M] (Farbar) -- C:\Users\JButler\Desktop\FRST64.exe
    [2014/04/22 10:19:30 | 000,801,138 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/04/22 10:19:30 | 000,679,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/04/22 10:19:30 | 000,132,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/04/22 10:16:26 | 000,000,408 | ---- | M] () -- C:\Windows\SysWow64\iolo.ini
    [2014/04/22 10:16:26 | 000,000,408 | ---- | M] () -- C:\Windows\SysNative\iolo.ini
    [2014/04/22 10:15:20 | 000,000,172 | ---- | M] () -- C:\Windows\Maritimelife.ini
    [2014/04/22 10:15:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/04/22 10:14:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/04/22 10:14:28 | 117,628,927 | -HS- | M] () -- C:\hiberfil.sys
    [2014/04/22 10:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/04/22 10:01:48 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\JButler\Desktop\JRT.exe
    [2014/04/22 09:59:24 | 001,335,637 | ---- | M] () -- C:\Users\JButler\Desktop\AdwCleaner.exe
    [2014/04/22 09:59:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/04/22 09:45:12 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core.job
    [2014/04/22 09:37:54 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA.job
    [2014/04/21 11:54:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JButler\Desktop\OTL.scr
    [2014/04/21 11:03:49 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJButler.job
    [2014/04/17 13:08:38 | 000,006,006 | ---- | M] () -- C:\Users\JButler\Documents\MLTMTRA.DAT
    [2014/04/17 13:06:26 | 000,000,097 | ---- | M] () -- C:\Windows\fdpxld.ini
    [2014/04/17 13:04:47 | 000,011,719 | ---- | M] () -- C:\Users\JButler\Documents\MLTMTRA1.DAT
    [2014/04/17 12:57:43 | 000,009,654 | ---- | M] () -- C:\Users\JButler\Documents\GWSHTRA.DAT
    [2014/04/17 12:57:43 | 000,008,690 | ---- | M] () -- C:\Users\JButler\Documents\GWTMTRA.DAT
    [2014/04/17 12:51:55 | 000,000,029 | ---- | M] () -- C:\Windows\MLI.INI
    [2014/04/17 12:51:23 | 000,004,273 | ---- | M] () -- C:\Users\JButler\Documents\AIWVTRA.DAT
    [2014/04/17 12:51:21 | 000,000,460 | ---- | M] () -- C:\Users\JButler\Documents\AIBRIDGE.NIS
    [2014/04/17 11:15:12 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2014/04/17 11:15:09 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2014/04/17 11:15:09 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2014/04/17 11:15:09 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2014/04/14 14:25:33 | 001,425,341 | ---- | M] () -- C:\Users\JButler\Desktop\Smith, Larry.pdf
    [2014/04/03 11:17:53 | 000,514,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/03/24 11:01:36 | 000,002,114 | ---- | M] () -- C:\Users\JButler\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2014/04/22 09:59:08 | 001,335,637 | ---- | C] () -- C:\Users\JButler\Desktop\AdwCleaner.exe
    [2014/04/17 12:51:21 | 000,000,460 | ---- | C] () -- C:\Users\JButler\Documents\AIBRIDGE.NIS
    [2014/04/14 14:19:51 | 001,425,341 | ---- | C] () -- C:\Users\JButler\Desktop\Smith, Larry.pdf
    [2014/03/11 13:36:47 | 000,000,024 | ---- | C] () -- C:\Windows\LifeView.INI
    [2014/03/11 12:48:54 | 000,002,488 | ---- | C] () -- C:\ProgramData\regid.2012-05.ca.repsource_EC596C15-1BA5-4A0F-8804-4CC5BB52F1EE.swidtag
    [2014/03/11 12:15:59 | 000,000,023 | ---- | C] () -- C:\Windows\Transwin.ini
    [2014/01/18 18:06:59 | 000,251,104 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2013/12/13 14:21:00 | 000,000,318 | ---- | C] () -- C:\Windows\GWLCFG.INI
    [2013/10/10 13:16:05 | 000,000,408 | ---- | C] () -- C:\Windows\SysWow64\iolo.ini
    [2013/10/10 12:49:19 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
    [2013/04/03 13:51:11 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
    [2013/04/03 13:51:11 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
    [2012/10/17 14:06:38 | 000,164,864 | ---- | C] () -- C:\Windows\Unwise32.exe
    [2012/10/17 14:06:37 | 000,000,298 | ---- | C] () -- C:\Windows\SysWow64\Sunlife.ini
    [2012/10/17 12:50:59 | 000,000,598 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2012/10/17 12:50:54 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll
    [2012/10/17 12:50:54 | 000,037,376 | ---- | C] () -- C:\Windows\Olodmg35.dll
    [2012/10/12 11:42:03 | 000,000,000 | ---- | C] () -- C:\Windows\iireport53.INI
    [2012/10/12 11:38:47 | 000,003,750 | ---- | C] () -- C:\Windows\ODBC.INI
    [2012/10/12 11:38:46 | 000,149,504 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE
    [2012/10/12 11:38:33 | 000,010,912 | ---- | C] () -- C:\Windows\SHARE.EXE
    [2012/10/12 11:38:22 | 000,022,776 | ---- | C] () -- C:\Windows\SysWow64\FDPTOOLS.DLL
    [2012/10/12 11:38:22 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\Implode.dll
    [2012/10/12 11:38:20 | 000,000,097 | ---- | C] () -- C:\Windows\fdpxld.ini
    [2012/10/12 11:38:20 | 000,000,000 | ---- | C] () -- C:\Windows\IIREPO~1.INI
    [2012/10/12 11:37:36 | 000,000,000 | ---- | C] () -- C:\Windows\efgtemp.ini
    [2012/10/10 12:30:17 | 000,000,017 | ---- | C] () -- C:\Users\JButler\AppData\Local\resmon.resmoncfg
    [2012/10/05 13:45:22 | 000,003,584 | ---- | C] () -- C:\Users\JButler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/13 13:40:37 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2012/05/30 11:56:55 | 000,000,029 | ---- | C] () -- C:\Windows\MLI.INI
    [2012/03/16 14:21:15 | 000,000,095 | ---- | C] () -- C:\Users\JButler\AppData\Local\fusioncache.dat
     
    ========== ZeroAccess Check ==========
     
    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== Custom Scans ==========
     
    ========== Drive Information ==========
     
    Physical Drives
    ---------------
     
    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: Hitachi HTS547575A9E384 SATA Disk Device
    Partitions: 4
    Status: OK
    Status Info: 0
     
    Partitions
    ---------------
     
    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 199.00MB
    Starting Offset: 1048576
    Hidden sectors: 0
     
     
    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 683.00GB
    Starting Offset: 209715200
    Hidden sectors: 0
     
     
    DeviceID: Disk #0, Partition #2
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 16.00GB
    Starting Offset: 733350985728
    Hidden sectors: 0
     
     
    DeviceID: Disk #0, Partition #3
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 103.00MB
    Starting Offset: 750047461376
    Hidden sectors: 0
     
     
    < %SYSTEMDRIVE%\*.exe >
     
    < %systemroot%\assembly\GAC_32\*.ini >
     
    < %systemroot%\assembly\GAC_64\*.ini >
     
    < %SYSTEMDRIVE%\*.exe >
     
    < %ALLUSERSPROFILE%\Application Data\*.exe >
     
    < %APPDATA%\*. >
    [2011/10/07 00:54:20 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Adobe
    [2012/01/08 14:16:39 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Apple Computer
    [2012/04/17 17:39:53 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\ArcSoft
    [2012/06/09 14:31:34 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Atheros
    [2011/10/06 16:08:34 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\ATI
    [2012/11/09 22:14:57 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\AVS4YOU
    [2012/12/27 17:02:52 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\calibre
    [2013/03/01 01:21:34 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Corel
    [2011/11/08 17:29:51 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\CyberLink
    [2014/04/22 10:16:01 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Dropbox
    [2012/03/09 04:10:57 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\DVD Flick
    [2011/12/15 00:32:37 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\EPSON
    [2012/03/25 20:30:23 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Foxit Software
    [2011/10/21 17:18:38 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Hewlett-Packard
    [2012/12/16 14:13:04 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Hewlett-Packard Company
    [2011/10/21 14:47:44 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\hpqlog
    [2011/10/06 16:07:09 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Identities
    [2012/04/17 17:33:32 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\InstallShield
    [2013/10/10 13:40:07 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\iolo
    [2013/12/14 15:41:40 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\ioloGovernor
    [2012/04/17 17:42:16 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Leadertech
    [2011/10/06 16:51:03 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Macromedia
    [2012/06/13 17:50:32 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Malwarebytes
    [2011/09/08 07:52:36 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Media Center Programs
    [2012/03/22 22:59:32 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\MetroTwit
    [2013/04/25 11:24:53 | 000,000,000 | --SD | M] -- C:\Users\JButler\AppData\Roaming\Microsoft
    [2011/12/01 01:11:02 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\mIRC
    [2012/02/13 00:08:26 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Mobile Action
    [2011/10/06 16:38:58 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Mozilla
    [2012/05/30 15:58:36 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\NCH Software
    [2013/01/07 14:20:37 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Opera
    [2013/04/04 10:35:57 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Postbox
    [2012/05/02 10:53:01 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\RBC Illustrations
    [2014/01/15 14:55:00 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\RBC Insurance
    [2012/10/22 13:34:33 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\SalesStrategies
    [2013/04/03 13:39:20 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Samsung
    [2013/11/25 09:56:01 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Sound ID
    [2011/10/06 16:07:32 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Synaptics
    [2013/10/10 13:00:45 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\TELUS
    [2012/04/15 12:47:37 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Temp
    [2011/10/07 14:47:32 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\Thunderbird
    [2012/04/15 14:27:15 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\TomTom
    [2011/10/06 17:31:21 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    [2013/09/26 18:40:45 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\uTorrent
    [2012/11/10 01:46:21 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\vlc
    [2012/11/09 20:46:05 | 000,000,000 | ---D | M] -- C:\Users\JButler\AppData\Roaming\WinRAR
     
    < MD5 for: ATAPI.SYS  >
    [2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
    [2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
    [2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
    [2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
    [2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
    [2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
     
    < MD5 for: CSRSS.EXE  >
    [2009/07/13 19:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
    [2009/07/13 19:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
     
    < MD5 for: EXPLORER.EXE  >
    [2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
    [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 21:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/11/20 21:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
     
    < MD5 for: MSWSOCK.DLL  >
    [2010/11/20 21:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\erdnt\cache64\mswsock.dll
    [2010/11/20 21:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
    [2013/09/06 20:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
    [2010/11/20 21:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\erdnt\cache86\mswsock.dll
    [2010/11/20 21:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
    [2013/09/07 20:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\SysNative\mswsock.dll
    [2013/09/07 20:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
    [2013/09/06 20:24:39 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
    [2013/09/07 20:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll
    [2013/09/07 20:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll
     
    < MD5 for: NAPINSP.DLL  >
    [2009/07/13 19:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
    [2009/07/13 19:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
    [2009/07/13 19:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
    [2009/07/13 19:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll
     
    < MD5 for: NLAAPI.DLL  >
    [2012/01/13 01:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
    [2012/01/13 01:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
    [2010/11/20 21:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
    [2012/10/03 10:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
    [2010/11/20 21:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
    [2012/10/03 11:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
    [2012/10/03 11:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
    [2012/10/03 11:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll
     
    < MD5 for: PNRPNSP.DLL  >
    [2009/07/13 19:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
    [2009/07/13 19:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
    [2009/07/13 19:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
    [2009/07/13 19:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll
     
    < MD5 for: PRINTISOLATIONHOST.EXE  >
    [2009/07/13 19:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
    [2009/07/13 19:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe
     
    < MD5 for: SERVICES.EXE  >
    [2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
    [2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
     
    < MD5 for: SVCHOST.EXE  >
    [2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
    [2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
    [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
     
    < MD5 for: USER32.DLL  >
    [2010/11/20 21:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
    [2010/11/20 21:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
    [2010/11/20 21:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    [2010/11/20 21:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
    [2010/11/20 21:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
    [2010/11/20 21:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
     
    < MD5 for: USERINIT.EXE  >
    [2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
    [2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
    [2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
     
    < MD5 for: WINLOGON.EXE  >
    [2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
    [2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
     
    < MD5 for: WINRNR.DLL  >
    [2009/07/13 19:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
    [2009/07/13 19:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
    [2009/07/13 19:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
    [2009/07/13 19:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll
     
    < MD5 for: WSHELPER.DLL  >
    [2009/07/13 19:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
    [2009/07/13 19:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
    [2009/07/13 19:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
    [2009/07/13 19:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll
     
    < C:\Windows\assembly\tmp\U\*.* /s >
     
    < %systemroot%\*. /mp /s >
     
    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2014/04/14 09:59:27 | 000,878,024 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2014/04/14 09:59:27 | 000,878,024 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2014/04/14 09:59:27 | 000,878,024 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2014/04/14 09:59:31 | 000,275,568 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2014/04/14 09:59:31 | 000,275,568 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2014/04/14 09:59:31 | 000,275,568 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/04/01 19:58:05 | 000,841,032 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2014/04/01 19:58:05 | 000,841,032 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2014/04/01 19:58:05 | 000,841,032 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2014/04/01 19:58:05 | 000,841,032 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/03/07 20:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files (x86)\Opera\Opera.exe"
     
    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2014/04/14 09:59:27 | 000,878,024 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2014/04/14 09:59:27 | 000,878,024 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2014/04/14 09:59:27 | 000,878,024 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2014/04/14 09:59:31 | 000,275,568 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2014/04/14 09:59:31 | 000,275,568 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2014/04/14 09:59:31 | 000,275,568 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2014/04/01 19:58:05 | 000,841,032 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2014/04/01 19:58:05 | 000,841,032 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2014/04/01 19:58:05 | 000,841,032 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2014/04/01 19:58:05 | 000,841,032 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2014/03/06 02:03:58 | 000,586,240 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2014/03/06 02:03:58 | 000,586,240 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2014/03/06 02:03:58 | 000,586,240 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2014/03/07 20:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: IEXPLORE.EXE
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE"
     
    < %systemroot%\system32\*.dll /lockedfiles >
     
    < %systemroot%\Tasks\*.job /lockedfiles >
     
    < %ProgramFiles%\WINDOWS NT\*.* /s >
    [2010/11/20 21:24:51 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
    [2009/07/13 19:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
    [2010/11/21 01:06:24 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
    [2009/07/13 19:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
    [2009/06/10 15:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
    [2009/06/10 15:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
    [2009/06/10 15:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
    [2009/06/10 15:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
    [2009/06/10 15:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
    [2009/06/10 15:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
    [2009/06/10 15:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
    [2010/11/21 01:06:18 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui
     
    < %systemroot%\system32\drivers\*.sys /lockedfiles >
     
    < End of report >
     
    Extra:
     
    OTL Extras logfile created on: 4/22/2014 10:34:12 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JButler\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17041)
    Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
     
    5.48 Gb Total Physical Memory | 3.74 Gb Available Physical Memory | 68.27% Memory free
    10.96 Gb Paging File | 8.97 Gb Available in Paging File | 81.86% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 682.79 Gb Total Space | 586.58 Gb Free Space | 85.91% Space Free | Partition Type: NTFS
    Drive D: | 15.55 Gb Total Space | 1.66 Gb Free Space | 10.68% Space Free | Partition Type: NTFS
    Drive F: | 98.87 Mb Total Space | 88.74 Mb Free Space | 89.76% Space Free | Partition Type: FAT32
     
    Computer Name: JBUTLER-HP | User Name: JButler | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (All) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
    .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
    .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- "%1" %*
    .html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
    .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== System Restore Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
     
    ========== Firewall Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{27F95574-36D9-4368-9D62-B516B052BED1}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{314C8D4C-E95F-4893-A5AC-79ACC17FBF91}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{34DBDA59-D424-4801-AECD-2752A53D1469}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{35FE13D5-F0DA-4560-A43A-07FAAC719F91}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{3EBC71AF-AA0E-4699-9D23-0121DB52CEA9}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{414976B0-DB07-4EE8-AAFA-1A4521F0FD30}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{590EA7A4-53A4-4690-B7A5-5751E901A152}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{62455673-1DF7-449C-BE50-C10F7B41748B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
    "{6CC84463-24D1-4E61-AFA8-9868E9DD7A2D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{7E193348-F26B-44EB-986E-4683745A6FEC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{9E62C99E-9E4D-4865-88FF-957AD1681510}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{9F521CFA-1191-420D-9F4A-7AABE8655703}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{9FD8FA64-48F4-44CF-8219-C7C46ACDE943}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{A916E216-C21C-4309-B669-8662B9016487}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{ACE18835-73DC-4A10-9A48-7889602F8C1D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
    "{B7A79ED3-FB8E-4D15-804C-0120404EA78E}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{B7B7944E-4658-4952-B1F1-6716EA2D444E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{C109EEDF-5F74-458C-831B-BBC26B88E770}" = rport=10243 | protocol=6 | dir=out | app=system | 
    "{D64DBD4F-33A1-4C48-9A8A-FD29233F4480}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{DA0EBE25-42FD-4AA2-8207-0292C672E940}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{E4180DAF-4965-4CE8-BD01-D18E735B18F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{EE4D36BB-3562-4770-94B1-81632031D88B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{EFD3A3CC-BDD0-4E04-8669-38642A6CCFC0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
    "{F04436D2-324E-4E71-946C-A56470E89A07}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{F10A9EA2-6A90-402B-86AA-48FC89FC9406}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
    "{F6392E85-C51F-4E16-AF44-F95AB1BD81F0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0C5FBA9D-F05D-466D-B0F3-252223ED0EDC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{10423B55-CF7D-4ED0-BBB3-0417C8311405}" = protocol=6 | dir=in | app=c:\program files (x86)\iolo\system mechanic professional\sysmech.exe | 
    "{10963935-58D3-4742-9289-5A5ECA5952D3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
    "{11D75E7B-0401-496B-8B47-0A3BA1F3204F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
    "{13A330DB-FEE4-4DE2-803B-84CF75C9A22D}" = protocol=6 | dir=in | app=c:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe | 
    "{18DDC92A-D9D3-40AE-9A99-AAD3B91472C6}" = protocol=6 | dir=in | app=c:\program files (x86)\telus\telus security advisor\servicepointservice.exe | 
    "{19839625-B537-4466-AD3E-582DBB3CADD3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
    "{1B8A1BDF-2EC2-4AD0-A946-0EC24859A42A}" = protocol=58 | dir=out | [email protected],-28546 | 
    "{1D1A38E2-2390-47B2-A906-430C23648210}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 
    "{2AC7D0BF-5FCC-42F0-9A83-6F3FE1B51A77}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
    "{32B170E7-3725-41C9-9D2E-7E61327E85E2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
    "{335B2DC3-5269-4607-9E4A-F00A04135725}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{40C8CF68-71F9-42CC-8B3E-8019A4DF677D}" = protocol=17 | dir=in | app=c:\program files (x86)\telus\telus security advisor\servicepointservice.exe | 
    "{42398C44-DB28-408F-8962-B24BBF31F10B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
    "{45659497-EE08-443E-9E84-C2A2C50E427E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{47010424-2FB5-4449-9674-97EB7A6BAC4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{549B0C91-E550-4FD9-95E2-6F5008518A06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{5692C443-FCEA-4E73-8F4C-87F2F5F621F0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
    "{75819433-776C-4B72-8FDB-BB6AF54C01FC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
    "{7F62F2C5-32B8-4D9C-83E8-DA20EED8D1D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{8234CB96-F0C9-4C33-B02D-F4754FD2B766}" = dir=in | app=c:\users\jbutler\appdata\roaming\allmyapps\allmyapps.exe | 
    "{8346C3D9-7894-4FDD-ADC7-C26DBA27BC25}" = protocol=1 | dir=out | [email protected],-28544 | 
    "{894A9A89-B5DF-40AE-A4DF-EA0BC58F04E2}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
    "{8AA10002-73B3-4339-9135-DBF827015AC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{8BCE1FCF-C6FF-4C59-88C9-C54590BC2BB8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{8C012308-1D0F-4406-8F1A-219DB8AB50E3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
    "{8D9F8E4B-3916-4960-8ED5-A4895B1E4C63}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
    "{95C9BEB6-BF2A-490E-B021-910CB2B91877}" = protocol=1 | dir=in | [email protected],-28543 | 
    "{A399BB5E-8A13-4C25-A1D6-F0B16A848FBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{A5F16D41-829C-46F0-A377-CD752DE2EE7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{AB553565-1E17-4D18-A7E7-EBEFAB565EC9}" = protocol=17 | dir=in | app=c:\program files (x86)\iolo\system mechanic professional\sysmech.exe | 
    "{B4CC2D76-74D3-4968-A7A4-35BD762A023C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
    "{B76EA94C-89E9-407E-887F-46C6D0648015}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{BCF43689-359B-4E7C-95D3-60963C9BF43C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
    "{BE086AEC-E2A4-4F5A-9194-EF7C25B158C9}" = protocol=17 | dir=in | app=c:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe | 
    "{C3F13D47-95DD-4123-A92E-460CAAFF8C95}" = protocol=58 | dir=in | [email protected],-28545 | 
    "{CC14D937-1CCB-4639-ADED-410CFC7EEAA4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
    "{D5A8E6DD-0F69-4695-AAB9-0F4038F5E2F9}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
    "{D858849A-1FF1-4876-8084-0B1B74703D91}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{D8B166D0-302F-43D9-9CAF-E002EF05514D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
    "{DF765507-946B-4DE8-BEA2-2BA562CBADD1}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 
    "{E1C88BCE-28AE-47BF-9A9C-42963EE545CE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
    "{E4BF9DC2-83C1-4157-A08E-A123D13C2DE8}" = protocol=6 | dir=out | app=system | 
    "{EAFDB806-2346-4832-B781-09A4190D3B64}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
    "{EDCF9443-1BBD-4478-AFBB-3B229F3FDA56}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | 
    "{EE25172D-EC22-464D-ADA2-F4DA89B9074D}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
    "{EE554F6D-1C4F-4EB4-B91F-62AC29094274}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{EFECAB1B-E275-4CDD-8991-7955C521E4DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "TCP Query User{B3F53259-CD56-48CB-A045-6A3137B7B660}C:\users\jbutler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\jbutler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe | 
    "TCP Query User{D664876B-8CA0-4640-9F0A-8AF767EEE013}C:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe | 
    "UDP Query User{805B0B07-CB10-4052-B1BE-5E17E4CB32A6}C:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe | 
    "UDP Query User{E207F3C7-5CE7-4B83-93E2-37AF0E22E576}C:\users\jbutler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\jbutler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{2CDF0D0A-C58C-4136-9978-F029B2723B0D}" = Corel Graphics - Windows Shell Extension
    "_{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 (64-Bit)
    "{10762393-1B90-4AC2-AF1A-4C0C04AE303F}" = CorelDRAW Graphics Suite X6 - VBA (x64)
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1967EF95-E00B-4669-8B1C-A589BE8BF24F}" = CorelDRAW Graphics Suite X6 - Capture (x64)
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1E3A578C-0A7D-4820-990F-B7545C0B2303}" = CorelDRAW Graphics Suite X6 - VSTA (x64)
    "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
    "{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center
    "{26A24AE4-039D-4CA4-87B4-2F86417051FF}" = Java 7 Update 51 (64-bit)
    "{26AF7BC7-DB35-B7C5-3169-29BC62835C48}" = AMD Fuel
    "{27AE72A4-B217-4CDC-B82B-3311E9D7460E}" = CorelDRAW Graphics Suite X6 - Draw (x64)
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
    "{2CDF0D0A-C58C-4136-9978-F029B2723B0D}" = Corel Graphics - Windows Shell Extension
    "{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}" = Foxit Phantom
    "{35869A6C-BA31-4F23-B52D-BC1B1E41EC1B}" = CorelDRAW Graphics Suite X6 - Common (x64)
    "{3933C06C-8239-432B-87FC-F2BDC5B49A10}" = CorelDRAW Graphics Suite X6 - FontNav (x64)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
    "{6099F026-0A98-4D40-9B3D-ED2123A8CBD0}" = CorelDRAW Graphics Suite X6 - Redist (x64)
    "{6153098B-60DB-6A9F-EA0F-B006A96B57D5}" = ATI Catalyst Install Manager
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{695E54E9-5B06-4FFD-8481-B09E5761B5D5}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64)
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{71F13BA8-96D0-F281-6473-196A5842C6CF}" = ccc-utility64
    "{7386B5FA-8715-481D-821F-7785110506DF}" = CorelDRAW Graphics Suite X6 - Custom Data (x64)
    "{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
    "{7B79AE44-9B76-4815-84E5-ACAC3F0F0278}" = CorelDRAW Graphics Suite X6 - VideoBrowser (x64)
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{80F776E8-B47B-4F23-835F-4464EA3E8BC6}" = Corel Graphics - Windows Shell Extension 32 Bit
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{839546C9-2E4E-4A42-B0D4-22E05E92E7AA}" = CorelDRAW Graphics Suite X6 - ES (x64)
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8EF2B1E1-4D7A-43FA-92C5-61DB6F0524C4}" = CorelDRAW Graphics Suite X6 - BR (x64)
    "{90120064-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x64)
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{90F60409-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) English
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96AAAB95-AEBE-437A-B7CA-37C7BE13FFE9}" = CorelDRAW Graphics Suite X6 - Connect (x64)
    "{A1CDB206-B8F1-41F0-9DAA-C7FC8664C737}" = CorelDRAW Graphics Suite X6 - FR (x64)
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6DF7031-2843-44FD-9CAB-DECAB4257456}" = CorelDRAW Graphics Suite X6 - IPM
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
    "{BB65D262-3EBC-4F10-89D9-67A320E94EAA}" = CorelDRAW Graphics Suite X6 - EN (x64)
    "{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 - Setup Files (x64)
    "{C0DA129B-1E45-494D-A362-5CD0109C306B}" = WOT for Internet Explorer
    "{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
    "{CB1A2FE6-2BDF-DECC-C91B-4E5FFD59C5D6}" = WMV9/VC-1 Video Playback
    "{CBC1BFA3-E641-4FCA-8EFA-77E2B7D7E552}" = CorelDRAW Graphics Suite X6 (x64)
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D4A6E342-907C-4CEF-96CC-FC2F4990DC9C}" = AVSDK5
    "{D7C2687D-924E-4485-B367-C7D95CBF8DDD}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64)
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
    "{DDE82E3D-20C4-48E1-AE1D-B1F10E42CA44}" = CorelDRAW Graphics Suite X6 - Writing Tools (x64)
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E699230D-4B5E-411E-9F45-FF50789B18DD}" = CorelDRAW Graphics Suite X6 - Filters (x64)
    "{FB8CF321-07A3-464C-B1D5-35CE28E474C3}" = CorelDRAW Graphics Suite X6 - IPM
    "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "EPSON Printer and Utilities" = EPSON Printer Software
    "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
    "SynTPDeinstKey" = Synaptics TouchPad Driver
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0867AFE1-3469-11D7-8193-0010B5BCE08C}" = ABF / FNA
    "{08B31070-171E-11D6-BECF-000629F77048}" = MenuFusion 
    "{09064D50-FF4A-407C-9B13-15B9D231EBA2}" = RegimeRetraiteIndividuel
    "{0AE17B00-31FA-11D6-BED9-000629F77048}" = Avantage d'Or / Golden Edge
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D1B9D71-7EB6-70DA-DB23-E14F59A14E1D}" = AMD VISION Engine Control Center
    "{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
    "{0DC33570-D9E6-9189-7143-612F34DC317B}" = CCC Help Danish
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F69006A-CD2F-4C12-A786-C659C8F98423}" = Catalyst Control Center - Branding
    "{10202EBB-A6E7-4BA2-9E38-8563DB84C28F}" = Manulife - Synergy / Manuvie - Synergie
    "{10895847-3460-11D7-8193-0010B5BCE08C}" = Zone retraite / Retirement zone
    "{11B97514-C022-420A-9FCB-4FD079E2DBBC}" = Equitable Sales Illustrations/ Système d’illustration des ventes
    "{13D946AF-DAD9-0200-0000-000000000000}" = Android Sync Manager WiFi
    "{14025FDE-2A98-4241-9DC5-FA9F5B7A488F}" = CIMS.Net
    "{15822027-43D3-C69F-40EF-2AF83AA781AA}" = CCC Help English
    "{192BFB6B-7E9C-4346-8ECB-2A42DABFF4DB}" = Manulife - Insure Right / Manuvie - Bien s'assurer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6
    "{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX680 Series Scanner Driver Update
    "{1D04A14D-6C97-19C1-CA9D-FDDE5EAE1026}" = CCC Help Chinese Standard
    "{1E5E7177-5156-4541-B8D5-B0C7E9064329}" = System Mechanic 12 Professional
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1F9D123D-2850-494B-AAA0-24492F70C4A4}" = RPS CRT
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{209255AF-E7F3-4FF3-86EE-575C35BA716D}" = Living Benefits 5.30
    "{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
    "{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
    "{27916B81-FEDB-43A0-B724-923784B3DAE7}" = Empire Life Envision
    "{27DDB75B-8483-4F0A-91DF-C57B6631F795}" = Concourse 1.5 - Content
    "{2893EE72-7BB9-41E8-9AE2-45DA92331A8D}" = Manulife - Performax Gold - Performax Or - MLPG
    "{28BF1FE2-8F54-4356-8404-26EA20E0C1BA}" = Manulife - Term
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{29248674-96FE-4C01-94C6-D82ECD06E916}" = Manulife - Concept slideshows
    "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2A9009E1-122C-4692-B442-A750C0DE7BA1}_is1" = VIO Player version 1.2
    "{2B37E43D-10AB-9D24-7234-31929A3A7D11}" = CCC Help German
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{30879FF8-1582-41CB-BCDB-B5DDFF93FD3C}" = GWL Illustrator Par
    "{32D3C724-3E32-11D9-8211-00B0D075DF5C}" = Diamond View Update
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33530062-0419-71CE-3BD3-13D7D5E4C7DE}" = CCC Help French
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{37BF8DE6-CB40-4F3C-8A24-6CE6BB1F6A55}" = Manulife - Concepts
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{388A15E4-7507-CD40-4DBA-F78B4BBEB56E}" = CCC Help Japanese
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3E35E63A-CC9D-45B8-B599-4DA774BFC74C}" = Transamerica - Five-for-Life 2.1
    "{4168E08D-3349-476F-9497-7891CB8153A6}" = LEApp - AppVers 5.4
    "{4210D645-9D71-419E-9002-BB1A0358A9B3}" = Independent Order of Foresters
    "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
    "{448B78CF-4A52-191D-1436-54D039B382DB}" = CCC Help Spanish
    "{47582F50-3974-4F89-AFEA-468DD33B2EA4}" = GWL Illustrator Par Config
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{521FA973-C4C9-249D-5CF6-0A6F7B18F7DC}" = CCC Help Greek
    "{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
    "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5905DC5D-00E7-4BEF-A1CD-FCAE05E20DA8}" = GWL Illustrator Term
    "{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
    "{5C069542-CA13-4f1b-B90C-28C6430F4992}" = HP LaserJet Professional CP1520 Series
    "{5ED3BAF3-DA06-038D-F21E-AB35404626D4}" = CCC Help Dutch
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{60C44315-A107-D3F6-B868-52AC0481ED6B}" = CCC Help Finnish
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{64B54493-BC68-4D6F-B9EB-214E74CC0647}" = Concourse 1.0
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{6522241B-09FE-B16D-0E23-9485424507EB}" = CCC Help Korean
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{698C92A9-66A7-11D6-8178-0010B5BCE08C}" = Presentations
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B075E9F-4D23-0883-F66C-C698E949CD90}" = Catalyst Control Center Graphics Previews Common
    "{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}" = HP Documentation
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{794A3AB9-DB12-1115-33B2-29C5DDD1DCD4}" = CCC Help Chinese Traditional
    "{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager
    "{7CF6604E-BCB8-4B5F-A1CC-1E6DA0C60151}" = MSXML
    "{803E2C5C-E39B-BEBA-4046-6C0CF7695DA4}" = CCC Help Hungarian
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{839B9B4C-7FC7-4F7F-BD31-99AEF07A49F1}" = GWL Illustrator
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{85184706-2E77-11D9-9BE0-000103E0519E}" = Investment Loan / Prêt Placement
    "{876FAEDD-8CA3-4729-A09F-4E582DB560F7}" = Manulife - Launcher
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{88EFE047-67E7-4194-92E6-9B79A563BAA0}" = Assumption-Online-Insurance-Solutions
    "{8B705ED7-A86B-4895-9955-BA80E0B3F40B}" = Calculatrice Financière / Invest
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9325A80A-C2B4-141E-952E-30589770A79B}" = CCC Help Turkish
    "{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
    "{93D90A5B-6694-4849-AD0F-3EB7E7E1B040}" = KeySource 1.0
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{962CB079-85E6-405F-8704-1C62365AE46F}" = HP Software Framework
    "{96EA5361-BF11-4518-A14A-8FCADEEA7820}" = GWL Illustrator Term Config
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B5088FA-8C09-439E-A515-E1957993303F}" = GWL Illustrator Config
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9F9C5C18-9665-41EC-A660-5A3BA213CA1D}" = Licensing Service (03000201)
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A1A9956A-56A2-4933-A4F0-CC236790CC29}" = Diamond View Launcher
    "{A5A8C157-A89D-4F7E-89A3-3C5519CEE18C}" = GarantieAvantage
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7393DB5-6CAB-70A7-4A5E-C96AF518858A}" = Catalyst Control Center Localization All
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AABE44D1-0B72-4C6B-9778-20B2317F8064}" = hpzTLBXFX
    "{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB5C39D3-7BF4-4897-8C97-35061FBECED2}" = Manulife - Limited Pay UL / Manuvie - Vu à prime temporaire
    "{AE75C941-3838-47F9-B372-281EE634516E}" = RoueDesRendements
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{B2E60EBE-35BC-41CA-BED6-EDBB9329C037}" = Concepts
    "{B48DC0B2-DBFD-41DB-992E-19EE9DA6EE96}" = Manulife - Universal Life
    "{B573B6E4-81AA-47E0-8BBB-2023B1906524}" = KeySource 2.1 - Content
    "{B6F2B585-D9F2-4D23-A176-B0AA1A5DD286}" = LEApp - Electronic Application for Life Insurance 5.5.0.1
    "{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
    "{BC4516DF-F14B-42FE-960C-A6EB1F279F73}" = Manulife - UltraVision
    "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
    "{BEEDEC2C-D33F-4FEF-8692-A5CCE6FF6835}" = hppTLBXFXCP1520
    "{BFBC2A94-C9C0-4E98-A58A-86295575B02A}" = Pyramide 3.1.0
    "{C007CFA1-FC3C-49B8-8D30-DB5BF3396632}" = ZoomExpressKeyView14.1
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C3579810-5AC8-545D-089D-6735792490B5}" = CCC Help Thai
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C3E2B404-EF69-4C60-A7C1-CF116D2C3267}" = YTD Toolbar v7.6
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{C915103C-F9E5-8989-233C-367DCFB07652}" = CCC Help Italian
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE8EF688-BD0E-29E2-3472-E23CC6AB0C98}" = CCC Help Polish
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF09D056-3FFA-11D6-8171-0010B5BCE08C}" = Solo
    "{D003CEFC-10B1-48E8-ACDA-4FF452BCE344}" = calibre
    "{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D2437C5C-2D8C-40D2-8059-689AD7239FA3}" = Intel® C++ Redistributables for Windows* on Intel® 64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D608C59B-424B-45D4-971C-5978F8564CEE}" = hppLaserJetService
    "{D73E2E92-C6A1-4850-B50D-7CCC9CF81C6E}" = Manulife - Personal Accident/Personal Accident
    "{D811186E-06BC-F7D3-E10B-4C7450F88611}" = CCC Help Swedish
    "{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
    "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
    "{DDAFC46A-90E2-11E2-B700-984BE15F174E}" = Evernote v. 4.6.4
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE723887-712F-499D-8B82-5A1EC8F46062}" = SetupCrystalReports
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DFE70D3F-C54C-4025-9344-9CBB7D0447C0}" = CorelDRAW Graphics Suite X6 - IPM Content
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E15C68A1-9CA5-44AC-A7F7-6C0673F196A8}" = HPLaserJetHelp_LearnCenter
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E45832B8-C3E6-C26B-A038-4599DCAC1F17}" = CCC Help Norwegian
    "{E5441D19-417C-8C34-3F31-CCBD563C946E}" = Catalyst Control Center InstallProxy
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
    "{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{ED5C76B7-0F52-4245-AF1B-E0DC08EFE283}" = Manulife Financial - Health and Dental
    "{EED3CC4B-40BD-11D6-8171-0010B5BCE08C}" = Sommum / Pace / Traditionnel
    "{F023440E-6D03-1AB2-1414-27A62074556C}" = CCC Help Portuguese
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F4E3A754-5569-4E1C-BF99-B3CC2BDFDEFB}" = Manulife - Living Benefits
    "{F7A9EFFB-F905-FA4D-A431-06B1E0A5EE5A}" = CCC Help Czech
    "{FA6381E9-96D2-4F6F-866C-4D16E5986FF6}" = TweetDeck
    "{FD8966E8-8227-9180-51D2-F1C75D3222B8}" = CCC Help Russian
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE6DB3B1-C754-405D-BCAB-F4F9C765BF35}" = hppCP1520LaserJetService
    "{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AVS Media Player_is1" = AVS Media Player 4.1.9.95
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "ContentExplorer" = ContentExplorer
    "CPP Illustration" = CPP Illustration
    "CPP V3" = CPP V3
    "DVD Flick_is1" = DVD Flick 1.3.0.7
    "EFR_is1" = EFR 3.14 (2013-11)
    "Eos" = Eos 6.0
    "EOS_6_0" = 
    "Foresters Life - V7.0" = Foresters Life - V7.0
    "Google Chrome" = Google Chrome
    "in sync 3.0" = in sync 3.0
    "Inforce Illustration 1.3" = Inforce Illustration 1.3
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "Kobo" = Kobo
    "LifeView - VisionVie 10.0" = LifeView - VisionVie 10.0
    "LifeView - VisionVie 10.1" = LifeView - VisionVie 10.1
    "LifeView - VisionVie 10.4" = LifeView - VisionVie 10.4
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "MozBackup" = MozBackup 1.5.1
    "Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
    "Mozilla Thunderbird 24.4.0 (x86 en-US)" = Mozilla Thunderbird 24.4.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MyTomTom" = MyTomTom 3.1.0.530
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "RBC Illustrations System 6.0" = RBC Illustrations System 6.0
    "Revo Uninstaller" = Revo Uninstaller 1.95
    "Silent Package Run-Time Sample" = EPSON RX680 User's Guide
    "Sky1.0" = Sky
    "Sky1.1.153" = Sky
    "SLF Sales Concepts" = Sun Life Financial - Sales Concepts
    "SSTChannel" = SST Channel - Canada Life (CL)
    "Trusted Software Assistant_is1" = File Type Assistant
    "VLC media player" = VLC media player 1.0.1
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WT087328" = Blackhawk Striker 2
    "WT087330" = Bounce Symphony
    "WT087335" = Build-a-lot 2
    "WT087343" = Dora's World Adventure
    "WT087393" = Mah Jong Medley
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "WT089307" = Virtual Villagers 4 - The Tree of Life
    "WT089308" = Blasterball 3
    "WT089328" = Farm Frenzy
    "WT089359" = Cake Mania
    "WT089362" = Agatha Christie - Peril at End House
    "WT089453" = Bejeweled 2 Deluxe
    "WT089454" = Chuzzle Deluxe
    "WT089455" = Zuma Deluxe
    "WT089457" = Slingo Supreme
    "WT089458" = Plants vs. Zombies - Game of the Year
    "WT089470" = FATE - The Traitor Soul
    "WT089484" = Namco All-Stars PAC-MAN
    "WT089496" = Mystery P.I. - Stolen in San Francisco
    "WT089498" = Bejeweled 3
    "WT089504" = Final Drive Nitro
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{2cdca571-9571-43bf-8129-ad453d9a55c8}" = Shopping Helper Smartbar Engine
    "121406415.www.c-vote.ca" = direcTORY Application
    "Dropbox" = Dropbox
    "GoToMeeting" = GoToMeeting 4.8.0.723
    "Kies Air Discovery Service" = Kies Air Discovery Service
     
    ========== Last 20 Event Log Errors ==========
     
    [ Hewlett-Packard Events ]
    Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
     
    Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
     
    Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
     
    Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
     
    Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
     
    Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
     
    Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
     
    Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
     
    Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
     
    Error - 11/17/2012 2:20:19 PM | Computer Name = JButler-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     5610  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean)  
     
    [ HP Connection Manager Events ]
    Error - 1/31/2013 5:50:31 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
    Description = 2013/01/31 02:50:31.840|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
     failed [hr:0x800706BA]
     
    Error - 1/31/2013 5:50:31 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
    Description = 2013/01/31 02:50:31.965|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
     failed [hr:0x800706BA]
     
    Error - 1/31/2013 5:50:31 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
    Description = 2013/01/31 02:50:31.980|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
     failed [hr:0x800706BA]
     
    Error - 1/31/2013 5:50:31 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
    Description = 2013/01/31 02:50:31.996|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
     failed [hr:0x800706BA]
     
    Error - 1/31/2013 5:50:38 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
    Description = 2013/01/31 02:50:38.844|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
     failed [hr:0x800706BA]
     
    Error - 1/31/2013 5:50:38 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
    Description = 2013/01/31 02:50:38.969|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
     failed [hr:0x800706BA]
     
    Error - 1/31/2013 5:50:38 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
    Description = 2013/01/31 02:50:38.985|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
     failed [hr:0x800706BA]
     
    Error - 1/31/2013 5:50:39 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
    Description = 2013/01/31 02:50:39.000|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
     failed [hr:0x800706BA]
     
    Error - 1/31/2013 5:51:04 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
    Description = 2013/01/31 02:51:04.803|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
     failed [hr:0x800706BA]
     
    Error - 1/31/2013 5:52:04 AM | Computer Name = JButler-HP | Source = hpCMSrv | ID = 5
    Description = 2013/01/31 02:52:04.800|000018C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
     failed [hr:0x800706BA]
     
    [ HP Software Framework Events ]
    Error - 5/12/2012 1:01:27 AM | Computer Name = JButler-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/11 23:01:27.409|00000A68|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
     0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
     
    Error - 5/12/2012 1:03:59 AM | Computer Name = JButler-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/11 23:03:59.181|0000124C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
     0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
     
    Error - 5/12/2012 1:04:07 AM | Computer Name = JButler-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/11 23:04:07.227|00000EB8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
     0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
     
    Error - 5/12/2012 1:04:15 AM | Computer Name = JButler-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/11 23:04:15.485|00000F3C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
     0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
     
    Error - 5/13/2012 11:22:54 PM | Computer Name = JButler-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/13 21:22:54.316|00001BDC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
     0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
     
    Error - 8/24/2012 7:51:36 PM | Computer Name = JButler-HP | Source = CaslSmBios | ID = 5
    Description = 2012/08/24 17:51:36.750|0000348C|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
     occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
     
    Error - 8/24/2012 7:52:59 PM | Computer Name = JButler-HP | Source = CaslSmBios | ID = 5
    Description = 2012/08/24 17:52:59.376|0000464C|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
     occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
     
    Error - 9/1/2012 11:09:20 PM | Computer Name = JButler-HP | Source = CaslSmBios | ID = 5
    Description = 2012/09/01 21:09:20.789|00001A80|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
     occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
     
    Error - 9/2/2012 1:40:42 PM | Computer Name = JButler-HP | Source = CaslSmBios | ID = 5
    Description = 2012/09/02 11:40:42.634|000019C8|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
     occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
     
    Error - 9/2/2012 1:40:48 PM | Computer Name = JButler-HP | Source = CaslSmBios | ID = 5
    Description = 2012/09/02 11:40:48.030|000023A4|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
     occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
     
    [ iolo Applications Events ]
    Error - 11/29/2013 12:06:09 PM | Computer Name = JButler-HP | Source = Service Manager | ID = 1
    Description = Exception occured on service shutdown   Error message: System Error. 
     Code: 1115.  A system shutdown is in progress
     
    Error - 1/14/2014 2:35:35 PM | Computer Name = JButler-HP | Source = System Shield | ID = 20
    Description = Failed to install DAT file C:\ProgramData\iolo\System Shield\antivir-c-201401131812.cab
     
    Error
     message: Unspecified error
     
    Error - 1/19/2014 3:09:23 PM | Computer Name = JButler-HP | Source = Service Manager | ID = 1
    Description = Exception occured on service shutdown   Error message: System Error. 
     Code: 1115.  A system shutdown is in progress
     
    Error - 2/18/2014 3:21:04 PM | Computer Name = JButler-HP | Source = Service Manager | ID = 1
    Description = Exception occured on service shutdown   Error message: System Error. 
     Code: 1115.  A system shutdown is in progress
     
     
    < End of report >
     
    I think I got them all, that you asked for. See you in a bit!
    -T

    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,024 posts
    • MVP
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
    Are you still having problems?

    • 0

    #7
    Triskelion

    Triskelion

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 652 posts

    Where is the attached file? Not seeing it.


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,024 posts
    • MVP

    Sorry.  The forum uses a stupid two step process and I must have forgotten to do the second step.


    • 0

    #9
    Triskelion

    Triskelion

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 652 posts

    Here is the log from the first fix.

    Doing additions now.

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014
    Ran by JButler at 2014-04-22 13:52:36 Run:1
    Running from C:\Users\JButler\Desktop
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    SearchScopes: HKLM - DefaultScope value is missing.
    BHO: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll No File
    S1 wStLib64; system32\drivers\wStLib64.sys [X]
    C:\Users\JButler\AppData\Local\Temp\BackupSetup.exe
    C:\Users\JButler\AppData\Local\Temp\FirewallAPI.dll
    C:\Users\JButler\AppData\Local\Temp\java-installer.exe
    C:\Users\JButler\AppData\Local\Temp\Quarantine.exe
    C:\Users\JButler\AppData\Local\Temp\ShoppinHelper2new2.exe
    Task: {5859E464-3C48-44C9-934B-3C42D5746F06} - System32\Tasks\AllmyappsUpdateTask => c:\users\jbutler\appdata\roaming\allmyapps\allmyappsupdater.exe
    Task: {59EFE770-EDDE-4690-ADE1-C9B624C4C495} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
    Task: {5E38EA3B-E033-4782-B48F-5984A6319E51} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
    Task: {916CA52F-7C48-4480-B607-073ED089122F} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core.job => C:\Users\JButler\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA.job => C:\Users\JButler\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: {87ACFC4A-6145-4869-B54C-AF6CDE3BB849} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA => C:\Users\JButler\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
     
     
     
     
    *****************
     
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146} => Key deleted successfully.
    HKCR\CLSID\{11111111-1111-1111-1111-110511421146} => Key deleted successfully.
    wStLib64 => Service deleted successfully.
    C:\Users\JButler\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
    C:\Users\JButler\AppData\Local\Temp\FirewallAPI.dll => Moved successfully.
    C:\Users\JButler\AppData\Local\Temp\java-installer.exe => Moved successfully.
    C:\Users\JButler\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\JButler\AppData\Local\Temp\ShoppinHelper2new2.exe => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5859E464-3C48-44C9-934B-3C42D5746F06} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5859E464-3C48-44C9-934B-3C42D5746F06} => Key deleted successfully.
    C:\Windows\System32\Tasks\AllmyappsUpdateTask => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AllmyappsUpdateTask => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59EFE770-EDDE-4690-ADE1-C9B624C4C495} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59EFE770-EDDE-4690-ADE1-C9B624C4C495} => Key deleted successfully.
    C:\Windows\System32\Tasks\Adobe Flash Player Updater => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5E38EA3B-E033-4782-B48F-5984A6319E51} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E38EA3B-E033-4782-B48F-5984A6319E51} => Key deleted successfully.
    C:\Windows\System32\Tasks\AdobeFlashPlayerUpdate 2 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{916CA52F-7C48-4480-B607-073ED089122F} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{916CA52F-7C48-4480-B607-073ED089122F} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully.
    C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core.job => Moved successfully.
    C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA.job => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87ACFC4A-6145-4869-B54C-AF6CDE3BB849} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87ACFC4A-6145-4869-B54C-AF6CDE3BB849} => Key deleted successfully.
    C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA => Key deleted successfully.
     
    ==== End of Fixlog ====

    • 0

    #10
    Triskelion

    Triskelion

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 652 posts

    Here is the scan...

     

    FRST:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
    Ran by JButler (administrator) on JBUTLER-HP on 22-04-2014 13:54:36
    Running from C:\Users\JButler\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
    (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    (Commtouch, Inc.) C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (Commtouch, Inc.) C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Manulife Financial) C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe
    (Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Dropbox, Inc.) C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (OldTimer Tools) C:\Users\JButler\Desktop\OTL.scr
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Foxit Software) C:\Program Files (x86)\Foxit Software\Foxit Phantom\Foxit Phantom.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [984736 2011-10-22] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-10-22] (Atheros Commnucations)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-02] (IDT, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
    HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *‮* <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
    HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
    HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [DiamondView] => C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe [949760 2012-01-06] (Manulife Financial)
    HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
    Startup: C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
     
    ==================== Internet (Whitelisted) ====================
     
    ProxyServer:
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM - {EDFBB4EE-982F-443F-9340-23CB4FD46E9A} URL = http://www.amazon.ca...s={searchTerms}
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
    Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    DPF: HKLM-x32 {E008A543-CEFB-4559-912F-C27C2B89F13B} https://www.avdlext.com/dwa7W.cab
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default
    FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
    FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\JButler\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF Extension: LavaFox V2-Blue - C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\Extensions\[email protected] [2014-01-17]
    FF Extension: WOT - C:\Users\JButler\AppData\Roaming\Mozilla\Firefox\Profiles\t4oi22eh.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-30]
     
    Chrome: 
    =======
    CHR Extension: (Google Drive) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-22]
    CHR Extension: (IE Tab Multi (Enhance)) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea [2014-04-22]
    CHR Extension: (TweetDeck Launcher) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmjdnkpkpnjblbgbnkeedepgnomafojk [2014-04-22]
    CHR Extension: (Google Wallet) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
    CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JButler\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-16]
     
    ==================== Services (Whitelisted) =================
     
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-02] (Advanced Micro Devices, Inc.)
    R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
    R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
    R2 vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [121696 2012-08-24] (Commtouch, Inc.)
    R2 vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [119136 2012-08-24] (Commtouch, Inc.)
    S3 vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [181600 2012-08-24] (Commtouch, Inc.)
    R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-22] (Atheros)
     
    ==================== Drivers (Whitelisted) ====================
     
    R2 AMP; C:\Windows\system32\Drivers\amp.sys [173408 2012-08-24] (Commtouch, Inc.)
    R2 AMPSE; C:\Windows\system32\Drivers\ampse.sys [1504608 2012-08-24] (Commtouch, Inc.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
    R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-09-18] (EldoS Corporation)
    S1 FileDisk; No ImagePath
    S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] ()
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-04-22 12:55 - 2014-04-22 12:55 - 01016754 _____ () C:\Users\JButler\Downloads\AdobeFlashPopupconstantlyonmyLaptoppageNumber-VirusSpywareMalwareRemoval.html
    2014-04-22 11:24 - 2014-04-22 12:14 - 00296094 _____ () C:\Users\JButler\Desktop\Post.txt
    2014-04-22 11:04 - 2014-04-22 13:55 - 00028752 _____ () C:\Users\JButler\Desktop\FRST.txt
    2014-04-22 11:04 - 2014-04-22 13:54 - 00000000 ____D () C:\FRST
    2014-04-22 11:04 - 2014-04-22 11:09 - 00058320 _____ () C:\Users\JButler\Desktop\Addition.txt
    2014-04-22 10:57 - 2014-04-22 10:57 - 00130512 _____ () C:\Users\JButler\Desktop\Extras.Txt
    2014-04-22 10:31 - 2014-04-22 10:31 - 00000773 _____ () C:\Users\JButler\Desktop\JRT.txt
    2014-04-22 10:20 - 2014-04-22 10:20 - 02061312 _____ (Farbar) C:\Users\JButler\Desktop\FRST64.exe
    2014-04-22 10:19 - 2014-04-22 10:57 - 00203230 _____ () C:\Users\JButler\Desktop\OTL.txt
    2014-04-22 10:19 - 2014-04-22 10:19 - 00006895 _____ () C:\Users\JButler\Desktop\AdwCleaner[S2].txt
    2014-04-22 10:01 - 2014-04-22 10:01 - 01016261 _____ (Thisisu) C:\Users\JButler\Desktop\JRT.exe
    2014-04-22 09:59 - 2014-04-22 09:59 - 01335637 _____ () C:\Users\JButler\Desktop\AdwCleaner.exe
    2014-04-22 09:42 - 2014-04-22 09:42 - 00000000 ____D () C:\_OTL
    2014-04-22 09:40 - 2014-04-22 09:47 - 00406486 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
    2014-04-21 11:54 - 2014-04-21 11:54 - 00602112 _____ (OldTimer Tools) C:\Users\JButler\Desktop\OTL.scr
    2014-04-21 11:17 - 2014-03-06 02:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-04-21 11:17 - 2014-03-06 02:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-04-21 11:17 - 2014-03-06 02:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-04-21 11:17 - 2014-03-06 01:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-04-21 11:16 - 2014-03-06 04:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-04-21 11:16 - 2014-03-06 03:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-04-21 11:16 - 2014-03-06 03:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-04-21 11:16 - 2014-03-06 03:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-04-21 11:16 - 2014-03-06 02:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-04-21 11:16 - 2014-03-06 02:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-04-21 11:16 - 2014-03-06 02:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-04-21 11:16 - 2014-03-06 02:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-04-21 11:16 - 2014-03-06 02:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-04-21 11:16 - 2014-03-06 02:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-04-21 11:16 - 2014-03-06 02:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-04-21 11:16 - 2014-03-06 02:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-04-21 11:16 - 2014-03-06 02:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-04-21 11:16 - 2014-03-06 02:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-04-21 11:16 - 2014-03-06 02:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-04-21 11:16 - 2014-03-06 02:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-04-21 11:16 - 2014-03-06 02:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-04-21 11:16 - 2014-03-06 02:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-04-21 11:16 - 2014-03-06 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-04-21 11:16 - 2014-03-06 01:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-04-21 11:16 - 2014-03-06 01:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-04-21 11:16 - 2014-03-06 01:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-04-21 11:16 - 2014-03-06 01:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-04-21 11:16 - 2014-03-06 01:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-04-21 11:16 - 2014-03-06 01:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-04-21 11:16 - 2014-03-06 01:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-04-21 11:16 - 2014-03-06 01:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-04-21 11:16 - 2014-03-06 01:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-04-21 11:16 - 2014-03-06 01:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-04-21 11:16 - 2014-03-06 01:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-04-21 11:16 - 2014-03-06 01:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-04-21 11:16 - 2014-03-06 01:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-04-21 11:16 - 2014-03-06 01:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-04-21 11:16 - 2014-03-06 01:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-04-21 11:16 - 2014-03-06 00:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-04-21 11:16 - 2014-03-06 00:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-04-21 11:16 - 2014-03-06 00:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-04-21 11:16 - 2014-03-06 00:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-04-21 11:16 - 2014-03-06 00:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-04-21 11:16 - 2014-03-05 23:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-04-21 11:16 - 2014-03-05 23:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-04-21 11:16 - 2014-03-05 23:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-04-21 11:16 - 2014-03-05 23:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-04-21 11:16 - 2014-03-05 23:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-04-17 13:05 - 2014-04-17 13:05 - 13656402 _____ (Macrovision Corporation) C:\Users\JButler\Downloads\Envision-9-3-update.exe
    2014-04-17 12:51 - 2014-04-17 12:51 - 00000460 _____ () C:\Users\JButler\Documents\AIBRIDGE.NIS
    2014-04-17 11:19 - 2014-04-17 11:19 - 00921512 _____ (Oracle Corporation) C:\Users\JButler\Downloads\chromeinstall-7u55 (1).exe
    2014-04-17 11:16 - 2014-04-17 11:15 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-04-17 11:15 - 2014-04-17 11:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-04-17 11:15 - 2014-04-17 11:15 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-04-17 11:15 - 2014-04-17 11:15 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-04-17 11:13 - 2014-04-17 11:13 - 00921512 _____ (Oracle Corporation) C:\Users\JButler\Downloads\chromeinstall-7u55.exe
    2014-04-14 09:59 - 2014-04-14 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-04-09 11:45 - 2014-04-09 11:45 - 00012415 _____ () C:\Users\JButler\Desktop\2013 Stampede Breakfast Expenses.xlsx
    2014-04-09 10:19 - 2014-03-04 03:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2014-04-09 10:19 - 2014-03-04 03:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2014-04-09 10:19 - 2014-03-04 03:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2014-04-09 10:19 - 2014-03-04 03:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2014-04-09 10:19 - 2014-03-04 03:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2014-04-09 10:19 - 2014-03-04 03:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2014-04-09 10:19 - 2014-03-04 03:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2014-04-09 10:19 - 2014-03-04 03:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2014-04-09 10:19 - 2014-03-04 03:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2014-04-09 10:19 - 2014-03-04 02:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2014-04-09 10:19 - 2014-03-04 02:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2014-04-09 10:18 - 2014-02-03 20:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
    2014-04-09 10:18 - 2014-02-03 20:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
    2014-04-09 10:18 - 2014-02-03 20:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
    2014-04-09 10:18 - 2014-02-03 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
    2014-04-09 10:18 - 2014-02-03 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
    2014-04-09 10:18 - 2014-01-23 20:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2014-03-26 10:52 - 2014-03-26 10:55 - 00011543 _____ () C:\Users\JButler\Desktop\2013 Expenses.xlsx
     
    ==================== One Month Modified Files and Folders =======
     
    2014-04-22 13:55 - 2014-04-22 11:04 - 00028752 _____ () C:\Users\JButler\Desktop\FRST.txt
    2014-04-22 13:54 - 2014-04-22 11:04 - 00000000 ____D () C:\FRST
    2014-04-22 13:12 - 2012-04-03 22:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-04-22 12:59 - 2012-09-28 14:01 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-04-22 12:55 - 2014-04-22 12:55 - 01016754 _____ () C:\Users\JButler\Downloads\AdobeFlashPopupconstantlyonmyLaptoppageNumber-VirusSpywareMalwareRemoval.html
    2014-04-22 12:14 - 2014-04-22 11:24 - 00296094 _____ () C:\Users\JButler\Desktop\Post.txt
    2014-04-22 11:09 - 2014-04-22 11:04 - 00058320 _____ () C:\Users\JButler\Desktop\Addition.txt
    2014-04-22 10:57 - 2014-04-22 10:57 - 00130512 _____ () C:\Users\JButler\Desktop\Extras.Txt
    2014-04-22 10:57 - 2014-04-22 10:19 - 00203230 _____ () C:\Users\JButler\Desktop\OTL.txt
    2014-04-22 10:33 - 2011-09-08 06:59 - 01220580 _____ () C:\Windows\WindowsUpdate.log
    2014-04-22 10:31 - 2014-04-22 10:31 - 00000773 _____ () C:\Users\JButler\Desktop\JRT.txt
    2014-04-22 10:23 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-04-22 10:23 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-04-22 10:20 - 2014-04-22 10:20 - 02061312 _____ (Farbar) C:\Users\JButler\Desktop\FRST64.exe
    2014-04-22 10:19 - 2014-04-22 10:19 - 00006895 _____ () C:\Users\JButler\Desktop\AdwCleaner[S2].txt
    2014-04-22 10:19 - 2009-07-13 23:13 - 00801138 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-04-22 10:16 - 2013-10-10 13:16 - 00000408 _____ () C:\Windows\SysWOW64\iolo.ini
    2014-04-22 10:16 - 2013-10-10 13:16 - 00000408 _____ () C:\Windows\system32\iolo.ini
    2014-04-22 10:16 - 2013-10-10 13:16 - 00000392 _____ () C:\Windows\SysWOW64\iolo.ini.txt
    2014-04-22 10:16 - 2012-06-22 15:59 - 00000000 ____D () C:\Users\JButler\AppData\Roaming\Dropbox
    2014-04-22 10:15 - 2012-09-28 14:01 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-04-22 10:15 - 2012-06-22 16:01 - 00000000 ___RD () C:\Users\JButler\Dropbox
    2014-04-22 10:15 - 2004-10-19 14:30 - 00000172 _____ () C:\Windows\Maritimelife.ini
    2014-04-22 10:14 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-04-22 10:14 - 2009-07-13 22:51 - 00145611 _____ () C:\Windows\setupact.log
    2014-04-22 10:13 - 2014-02-13 18:44 - 00000000 ____D () C:\AdwCleaner
    2014-04-22 10:01 - 2014-04-22 10:01 - 01016261 _____ (Thisisu) C:\Users\JButler\Desktop\JRT.exe
    2014-04-22 09:59 - 2014-04-22 09:59 - 01335637 _____ () C:\Users\JButler\Desktop\AdwCleaner.exe
    2014-04-22 09:47 - 2014-04-22 09:40 - 00406486 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
    2014-04-22 09:47 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-04-22 09:45 - 2011-10-24 12:00 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
    2014-04-22 09:44 - 2011-10-07 11:39 - 00000000 ____D () C:\Desjardins
    2014-04-22 09:43 - 2011-10-06 16:07 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{68809F62-1306-49BA-99C4-8BAF2943F43D}
    2014-04-22 09:42 - 2014-04-22 09:42 - 00000000 ____D () C:\_OTL
    2014-04-21 11:54 - 2014-04-21 11:54 - 00602112 _____ (OldTimer Tools) C:\Users\JButler\Desktop\OTL.scr
    2014-04-21 11:22 - 2012-09-03 15:10 - 00000000 ____D () C:\ProgramData\Leapfrog
    2014-04-21 11:21 - 2011-10-07 12:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-04-21 11:19 - 2012-09-03 15:10 - 00000000 ____D () C:\Program Files (x86)\LeapFrog
    2014-04-21 11:16 - 2011-11-04 17:38 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-04-21 11:16 - 2011-10-07 11:10 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-04-21 11:12 - 2013-08-21 10:21 - 00000000 ____D () C:\Windows\system32\MRT
    2014-04-21 11:07 - 2011-10-06 17:35 - 00000000 ___RD () C:\Users\JButler\Desktop\Utilities
    2014-04-21 11:06 - 2011-10-09 00:03 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-04-21 11:03 - 2013-08-24 13:27 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJButler
    2014-04-21 11:03 - 2013-08-24 13:27 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForJButler.job
    2014-04-17 15:11 - 2012-04-25 09:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-04-17 15:11 - 2010-11-20 21:47 - 00999352 _____ () C:\Windows\PFRO.log
    2014-04-17 15:10 - 2009-07-13 20:34 - 00000935 _____ () C:\Windows\win.ini
    2014-04-17 13:08 - 2012-12-17 11:36 - 00006006 _____ () C:\Users\JButler\Documents\MLTMTRA.DAT
    2014-04-17 13:06 - 2012-10-12 11:38 - 00000097 _____ () C:\Windows\fdpxld.ini
    2014-04-17 13:06 - 2012-10-12 11:37 - 00000000 ____D () C:\Program Files (x86)\illustrate inc
    2014-04-17 13:06 - 2012-10-12 11:37 - 00000000 ____D () C:\Program Files (x86)\Empire
    2014-04-17 13:05 - 2014-04-17 13:05 - 13656402 _____ (Macrovision Corporation) C:\Users\JButler\Downloads\Envision-9-3-update.exe
    2014-04-17 13:04 - 2012-12-17 11:36 - 00011719 _____ () C:\Users\JButler\Documents\MLTMTRA1.DAT
    2014-04-17 12:57 - 2012-10-22 12:36 - 00009654 _____ () C:\Users\JButler\Documents\GWSHTRA.DAT
    2014-04-17 12:57 - 2012-10-22 12:36 - 00008690 _____ () C:\Users\JButler\Documents\GWTMTRA.DAT
    2014-04-17 12:57 - 2012-10-22 12:36 - 00000000 ____D () C:\Users\JButler\Documents\SST
    2014-04-17 12:55 - 2012-05-30 12:00 - 00000000 ____D () C:\Windows\Downloaded Installations
    2014-04-17 12:54 - 2012-02-10 14:24 - 00000000 ____D () C:\Users\JButler\AppData\Local\Downloaded Installations
    2014-04-17 12:51 - 2014-04-17 12:51 - 00000460 _____ () C:\Users\JButler\Documents\AIBRIDGE.NIS
    2014-04-17 12:51 - 2013-01-24 10:28 - 00004273 _____ () C:\Users\JButler\Documents\AIWVTRA.DAT
    2014-04-17 12:51 - 2012-05-30 11:56 - 00000029 _____ () C:\Windows\MLI.INI
    2014-04-17 12:39 - 2011-10-07 11:39 - 00000914 _____ () C:\Windows\Partenai.log
    2014-04-17 12:35 - 2011-10-07 11:39 - 00000000 ____D () C:\repres
    2014-04-17 11:21 - 2011-10-10 00:26 - 00000000 ____D () C:\Users\JButler\AppData\Local\CrashDumps
    2014-04-17 11:19 - 2014-04-17 11:19 - 00921512 _____ (Oracle Corporation) C:\Users\JButler\Downloads\chromeinstall-7u55 (1).exe
    2014-04-17 11:17 - 2013-09-26 19:06 - 00000000 ____D () C:\ProgramData\Oracle
    2014-04-17 11:15 - 2014-04-17 11:16 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-04-17 11:15 - 2014-04-17 11:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-04-17 11:15 - 2014-04-17 11:15 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-04-17 11:15 - 2014-04-17 11:15 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-04-17 11:13 - 2014-04-17 11:13 - 00921512 _____ (Oracle Corporation) C:\Users\JButler\Downloads\chromeinstall-7u55.exe
    2014-04-15 13:55 - 2011-10-06 16:07 - 00000000 ___RD () C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-04-14 14:44 - 2011-11-18 16:20 - 00000000 ____D () C:\Program Files (x86)\Insync26
    2014-04-14 13:28 - 2014-03-03 13:23 - 00000000 ____D () C:\Users\JButler\Desktop\JavaRa-2.5
    2014-04-14 13:18 - 2013-04-22 13:37 - 00000000 ____D () C:\Users\JButler\Documents\Personal
    2014-04-14 13:16 - 2011-10-31 10:53 - 00000000 ____D () C:\Users\JButler\Documents\Google Talk Received Files
    2014-04-14 09:59 - 2014-04-14 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-04-14 09:59 - 2014-02-19 14:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
    2014-04-09 11:45 - 2014-04-09 11:45 - 00012415 _____ () C:\Users\JButler\Desktop\2013 Stampede Breakfast Expenses.xlsx
    2014-04-03 11:17 - 2009-07-13 22:45 - 00514944 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-04-03 11:16 - 2012-07-31 11:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-04-03 11:16 - 2012-07-31 11:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-04-02 14:09 - 2013-11-24 18:14 - 00000000 ____D () C:\Program Files (x86)\CIMS.Net
    2014-03-31 09:35 - 2010-11-20 21:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-03-27 07:54 - 2012-09-28 14:01 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-03-27 07:54 - 2012-09-28 14:01 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-03-26 10:55 - 2014-03-26 10:52 - 00011543 _____ () C:\Users\JButler\Desktop\2013 Expenses.xlsx
    2014-03-24 11:27 - 2014-03-13 19:56 - 00012377 _____ () C:\Users\JButler\Desktop\Larry Smith Retirement.xlsx
    2014-03-24 11:02 - 2014-03-19 13:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
    2014-03-24 09:27 - 2012-05-30 11:57 - 00000000 ____D () C:\Users\JButler\Desktop\SE EDA
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
     
     
    LastRegBack: 2014-04-06 19:41
     

     

    ==================== End Of Log ============================
     
    Additions:
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
    Ran by JButler at 2014-04-22 13:56:26
    Running from C:\Users\JButler\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    AV: System Shield (Enabled - Up to date) {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: System Shield (Enabled - Up to date) {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}
     
    ==================== Installed Programs ======================
     
    64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
    ABF / FNA (HKLM-x32\...\{0867AFE1-3469-11D7-8193-0010B5BCE08C}) (Version: 8.3.0.0 - Desjardins Assurances)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    AMD APP SDK Runtime (Version: 2.4.595.9 - Advanced Micro Devices Inc.) Hidden
    AMD Fuel (Version: 2011.0401.2259.39449 - AMD) Hidden
    AMD VISION Engine Control Center (x32 Version: 2011.0401.2259.39449 - ATI) Hidden
    Android Sync Manager WiFi (HKLM-x32\...\{13D946AF-DAD9-0200-0000-000000000000}) (Version: 11.10.2763 - Mobile Action)
    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft PhotoImpression 6 (HKLM-x32\...\{D03E7B00-CA85-4684-9321-1888873C34BD}) (Version: 6 - ArcSoft)
    ArcSoft Print Creations (HKLM-x32\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version:  - ArcSoft)
    Assumption-Online-Insurance-Solutions (HKLM-x32\...\{88EFE047-67E7-4194-92E6-9B79A563BAA0}) (Version: 9.5.0 - IIS)
    Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.102 - Atheros)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
    ATI Catalyst Install Manager (HKLM\...\{6153098B-60DB-6A9F-EA0F-B006A96B57D5}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
    Avantage d'Or / Golden Edge (HKLM-x32\...\{0AE17B00-31FA-11D6-BED9-000629F77048}) (Version:  - )
    AVS Media Player 4.1.9.95 (HKLM-x32\...\AVS Media Player_is1) (Version:  - Online Media Technologies Ltd.)
    AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
    AVSDK5 (Version: 5.3.20 - Commtouch, Inc.) Hidden
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Calculatrice Financière / Invest (HKLM-x32\...\{8B705ED7-A86B-4895-9955-BA80E0B3F40B}) (Version:  - )
    calibre (HKLM-x32\...\{D003CEFC-10B1-48E8-ACDA-4FF452BCE344}) (Version: 0.9.25 - Kovid Goyal)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0401.2259.39449 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2011.0705.1115.18310 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2011.0401.2259.39449 - ATI) Hidden
    CCC Help Chinese Standard (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Chinese Traditional (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Czech (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Danish (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Dutch (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help English (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Finnish (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help French (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help German (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Greek (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Hungarian (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Italian (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Japanese (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Korean (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Norwegian (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Polish (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Portuguese (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Russian (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Spanish (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Swedish (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Thai (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    CCC Help Turkish (x32 Version: 2011.0401.2258.39449 - ATI) Hidden
    ccc-utility64 (Version: 2011.0401.2259.39449 - ATI) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CIMS.Net (HKLM-x32\...\{14025FDE-2A98-4241-9DC5-FA9F5B7A488F}) (Version: 2.0.0 - Microworld)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
    Concepts (HKLM-x32\...\{B2E60EBE-35BC-41CA-BED6-EDBB9329C037}) (Version: 2.8.0.3 - Desjardins Assurances)
    Concourse 1.0 (HKLM-x32\...\{64B54493-BC68-4D6F-B9EB-214E74CC0647}) (Version: 1.0 - London Life)
    Concourse 1.5 - Content (HKLM-x32\...\{27DDB75B-8483-4F0A-91DF-C57B6631F795}) (Version: 1.5 - London Life)
    ContentExplorer (HKLM-x32\...\ContentExplorer) (Version: 6.5 - ContentExplorer.net)
    Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Corel Graphics - Windows Shell Extension (HKLM\...\_{2CDF0D0A-C58C-4136-9978-F029B2723B0D}) (Version: 16.4.0.1280 - Corel Corporation)
    Corel Graphics - Windows Shell Extension (Version: 16.4.1280 - Corel Corporation) Hidden
    Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.4.1280 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - BR (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - ES (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.2 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - FR (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - IPM (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - IPM Content (x32 Version: 16.1 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.6 -  Corel Corporation) Hidden
    CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.4.0.1280 - Corel Corporation)
    CorelDRAW Graphics Suite X6 (x64) (Version: 16.6 - Corel Corporation) Hidden
    CPP Illustration (HKLM-x32\...\CPP Illustration) (Version:  - )
    CPP V3 (HKLM-x32\...\CPP V3) (Version:  - )
    Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
    CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4305 - CyberLink Corp.)
    CyberLink YouCam (x32 Version: 3.5.1.4305 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
    Diamond View Launcher (HKLM-x32\...\{A1A9956A-56A2-4933-A4F0-CC236790CC29}) (Version: 4.9.0.0 - Manulife Financial)
    Diamond View Update (HKLM-x32\...\{32D3C724-3E32-11D9-8211-00B0D075DF5C}) (Version: 7.0.0.4 - Manulife Financial)
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    direcTORY Application (HKCU\...\121406415.www.c-vote.ca) (Version:  - www.c-vote.ca)
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
    DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
    EFR 3.14 (2013-11) (HKLM-x32\...\EFR_is1) (Version:  - Elections Canada)
    Empire Life Envision (HKLM-x32\...\{27916B81-FEDB-43A0-B724-923784B3DAE7}) (Version: 9.3.0000 - Empire Life)
    Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
    Eos 6.0 (HKLM-x32\...\Eos) (Version: 6.0 - Sun Life Financial)
    EPSON Print CD (HKLM-x32\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: 1.60.000 - )
    EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
    EPSON RX680 User's Guide (HKLM-x32\...\Silent Package Run-Time Sample) (Version:  - )
    EPSON Stylus Photo RX680 Series Scanner Driver Update (HKLM-x32\...\{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}) (Version:  - )
    Equitable Sales Illustrations/ Système d’illustration des ventes (HKLM-x32\...\{11B97514-C022-420A-9FCB-4FD079E2DBBC}) (Version: 3.0.3.39 - Equitable Life Of Canada)
    ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
    Evernote v. 4.6.4 (HKLM-x32\...\{DDAFC46A-90E2-11E2-B700-984BE15F174E}) (Version: 4.6.4.8136 - Evernote Corp.)
    Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
    File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version:  - Trusted Software) <==== ATTENTION
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Foresters Life - V7.0 (HKLM-x32\...\Foresters Life - V7.0) (Version:  - )
    Foxit Phantom (HKLM\...\{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}) (Version: 2.2.0225 - Foxit Software Company)
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    GarantieAvantage (HKLM-x32\...\{A5A8C157-A89D-4F7E-89A3-3C5519CEE18C}) (Version: 2.9 - Desjardins Assurances)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
    Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
    Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
    Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
    GoToMeeting 4.8.0.723 (HKCU\...\GoToMeeting) (Version: 4.8.0.723 - CitrixOnline)
    GWL Illustrator (HKLM-x32\...\{839B9B4C-7FC7-4F7F-BD31-99AEF07A49F1}) (Version: 2.2.0.0 - Novinsoft Inc.)
    GWL Illustrator Config (HKLM-x32\...\{9B5088FA-8C09-439E-A515-E1957993303F}) (Version: 2.2.0.0 - Novinsoft Inc.)
    GWL Illustrator Par (HKLM-x32\...\{30879FF8-1582-41CB-BCDB-B5DDFF93FD3C}) (Version: 2.2.0.0 - Novinsoft Inc.)
    GWL Illustrator Par Config (HKLM-x32\...\{47582F50-3974-4F89-AFEA-468DD33B2EA4}) (Version: 2.2.0.0 - Novinsoft Inc.)
    GWL Illustrator Term (HKLM-x32\...\{5905DC5D-00E7-4BEF-A1CD-FCAE05E20DA8}) (Version: 2.2.0.0 - Novinsoft Inc.)
    GWL Illustrator Term Config (HKLM-x32\...\{96EA5361-BF11-4518-A14A-8FCADEEA7820}) (Version: 2.2.0.0 - Novinsoft Inc.)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
    HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
    HP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)
    HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
    HP Documentation (HKLM-x32\...\{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
    HP LaserJet Professional CP1520 Series (HKLM-x32\...\{5C069542-CA13-4f1b-B90C-28C6430F4992}) (Version:  - Hewlett-Packard)
    HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
    HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
    HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
    HPLaserJetHelp_LearnCenter (HKLM-x32\...\{E15C68A1-9CA5-44AC-A7F7-6C0673F196A8}) (Version: 1.01.0000 - Hewlett-Packard)
    HPLJUT (HKLM-x32\...\{229D6185-BD7E-494B-A73B-C5215BE0690E}) (Version: 1.00.0008 - HP)
    hppCP1520LaserJetService (x32 Version: 001.007.00319 - Hewlett-Packard) Hidden
    hppLaserJetService (x32 Version: 002.007.00397 - Hewlett-Packard) Hidden
    hppTLBXFXCP1520 (x32 Version: 001.007.00647 - Hewlett-Packard) Hidden
    hpzTLBXFX (x32 Version: 006.007.00770 - Hewlett-Packard) Hidden
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6423.0 - IDT)
    in sync 3.0 (HKLM-x32\...\in sync 3.0) (Version:  - )
    Independent Order of Foresters (HKLM-x32\...\{4210D645-9D71-419E-9002-BB1A0358A9B3}) (Version: 6.0 - Novinsoft Inc.)
    Inforce Illustration 1.3 (HKLM-x32\...\Inforce Illustration 1.3) (Version:  - )
    Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
    Investment Loan / Prêt Placement (HKLM-x32\...\{85184706-2E77-11D9-9BE0-000103E0519E}) (Version: 5.0.3.0 - Manulife Financial)
    iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 12.5.0 - iolo technologies, LLC)
    iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
    Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
    Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    KeySource 1.0 (HKLM-x32\...\{93D90A5B-6694-4849-AD0F-3EB7E7E1B040}) (Version: 1.0 - London Life)
    KeySource 2.1 - Content (HKLM-x32\...\{B573B6E4-81AA-47E0-8BBB-2023B1906524}) (Version: 2.1 - London Life)
    Kies Air Discovery Service (HKCU\...\Kies Air Discovery Service) (Version:  - Samsung)
    Kobo (HKLM-x32\...\Kobo) (Version: 3.1.5 - Kobo Inc.)
    LEApp - AppVers 5.4 (HKLM-x32\...\{4168E08D-3349-476F-9497-7891CB8153A6}) (Version: 5.4.0 - GWL Software Distribution)
    LEApp - Electronic Application for Life Insurance 5.5.0.1 (HKLM-x32\...\{B6F2B585-D9F2-4D23-A176-B0AA1A5DD286}) (Version: 5.5.0.0 - GWL Software Distribution)
    Licensing Service (03000201) (x32 Version: 03.00.02.15 - Protexis Inc.) Hidden
    LifeView - VisionVie 10.0 (HKLM-x32\...\LifeView - VisionVie 10.0) (Version:  - )
    LifeView - VisionVie 10.1 (HKLM-x32\...\LifeView - VisionVie 10.1) (Version:  - )
    LifeView - VisionVie 10.4 (HKLM-x32\...\LifeView - VisionVie 10.4) (Version:  - )
    Living Benefits 5.30 (HKLM-x32\...\{209255AF-E7F3-4FF3-86EE-575C35BA716D}) (Version: 5.30 - GWL)
    Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Manulife - Concept slideshows (HKLM-x32\...\{29248674-96FE-4C01-94C6-D82ECD06E916}) (Version: 14.8.0.0 - Novinsoft Inc.)
    Manulife - Concepts (HKLM-x32\...\{37BF8DE6-CB40-4F3C-8A24-6CE6BB1F6A55}) (Version: 12.3.0.1 - Novinsoft Inc.)
    Manulife - Insure Right / Manuvie - Bien s'assurer (HKLM-x32\...\{192BFB6B-7E9C-4346-8ECB-2A42DABFF4DB}) (Version: 11.5.0.0 - Novinsoft Inc.)
    Manulife - Launcher (HKLM-x32\...\{876FAEDD-8CA3-4729-A09F-4E582DB560F7}) (Version: 14.15.0.1 - Novinsoft Inc.)
    Manulife - Limited Pay UL / Manuvie - Vu à prime temporaire (HKLM-x32\...\{AB5C39D3-7BF4-4897-8C97-35061FBECED2}) (Version: 14.13.0.0 - Novinsoft Inc.)
    Manulife - Living Benefits (HKLM-x32\...\{F4E3A754-5569-4E1C-BF99-B3CC2BDFDEFB}) (Version: 14.14.0.14 - Novinsoft Inc.)
    Manulife - Performax Gold - Performax Or - MLPG (HKLM-x32\...\{2893EE72-7BB9-41E8-9AE2-45DA92331A8D}) (Version: 14.15.0.4 - Novinsoft Inc.)
    Manulife - Personal Accident/Personal Accident (HKLM-x32\...\{D73E2E92-C6A1-4850-B50D-7CCC9CF81C6E}) (Version: 14.10.0.1 - Novinsoft Inc.)
    Manulife - Synergy / Manuvie - Synergie (HKLM-x32\...\{10202EBB-A6E7-4BA2-9E38-8563DB84C28F}) (Version: 14.15.0.3 -  Novinsoft Inc.)
    Manulife - Term (HKLM-x32\...\{28BF1FE2-8F54-4356-8404-26EA20E0C1BA}) (Version: 14.15.0.2 - Novinsoft Inc.)
    Manulife - UltraVision (HKLM-x32\...\{BC4516DF-F14B-42FE-960C-A6EB1F279F73}) (Version: 14.12.0.0 - Novinsoft Inc.)
    Manulife - Universal Life (HKLM-x32\...\{B48DC0B2-DBFD-41DB-992E-19EE9DA6EE96}) (Version: 14.15.0.2 - Novinsoft Inc.)
    Manulife Financial - Health and Dental (HKLM-x32\...\{ED5C76B7-0F52-4245-AF1B-E0DC08EFE283}) (Version: 3.31.0.0 - Manulife Financial)
    MenuFusion  (HKLM-x32\...\{08B31070-171E-11D6-BECF-000629F77048}) (Version: 6.1.0.0 - Desjardins Assurances)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
    Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
    MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
    Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
    Mozilla Thunderbird 24.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML (HKLM-x32\...\{7CF6604E-BCB8-4B5F-A1CC-1E6DA0C60151}) (Version: 4.20.9818 - London Life Insurance Company)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
    MyTomTom 3.1.0.530 (HKLM-x32\...\MyTomTom) (Version: 3.1.0.530 - TomTom)
    Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Presentations (HKLM-x32\...\{698C92A9-66A7-11D6-8178-0010B5BCE08C}) (Version: 3.4 - Desjardins Assurances)
    Pyramide 3.1.0 (HKLM-x32\...\{BFBC2A94-C9C0-4E98-A58A-86295575B02A}) (Version: 3.1.0000 - Your Company Name)
    QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
    RBC Illustrations System 6.0 (HKLM-x32\...\RBC Illustrations System 6.0) (Version: RBC Illustrations 6.0 - RBC Insurance)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
    RegimeRetraiteIndividuel (HKLM-x32\...\{09064D50-FF4A-407C-9B13-15B9D231EBA2}) (Version:  - )
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    RoueDesRendements (HKLM-x32\...\{AE75C941-3838-47F9-B372-281EE634516E}) (Version: 9.0 - Desjardins Assurances)
    RPS CRT (x32 Version: 9.0.48 - TELUS) Hidden
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
    SetupCrystalReports (HKLM-x32\...\{DE723887-712F-499D-8B82-5A1EC8F46062}) (Version: 1.0.0 - DSF)
    Shopping Helper Smartbar Engine (HKCU\...\{2cdca571-9571-43bf-8129-ad453d9a55c8}) (Version: 10.215.63.15249 - ReSoft Ltd.) <==== ATTENTION
    Sky (HKLM-x32\...\Sky1.0) (Version: 1.0 - Foresters)
    Sky (HKLM-x32\...\Sky1.1.153) (Version: 1.1.153 - Foresters)
    Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Solo (HKLM-x32\...\{CF09D056-3FFA-11D6-8171-0010B5BCE08C}) (Version: 5.1.0.0 - Desjardins Assurances)
    Sommum / Pace / Traditionnel (HKLM-x32\...\{EED3CC4B-40BD-11D6-8171-0010B5BCE08C}) (Version: 15.3.1.0 - Desjardins Assurances)
    SST Channel - Canada Life (CL) (HKLM-x32\...\SSTChannel) (Version:  - )
    Sun Life Financial - Sales Concepts (HKLM-x32\...\SLF Sales Concepts) (Version:  - )
    Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
    System Mechanic 12 Professional (x32 Version: 12.5.0 - ) Hidden
    Transamerica - Five-for-Life 2.1 (HKLM-x32\...\{3E35E63A-CC9D-45B8-B599-4DA774BFC74C}) (Version: 2.1.4 - Transamerica Life Canada )
    TweetDeck (HKLM-x32\...\{FA6381E9-96D2-4F6F-866C-4D16E5986FF6}) (Version: 2.7.1 - Twitter, Inc.)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
    Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    VIO Player version 1.2 (HKLM-x32\...\{2A9009E1-122C-4692-B442-A750C0DE7BA1}_is1) (Version: 1.2 - VIO Player)
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
    VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
    WildTangent Games App (HP Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
    Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
    WOT for Internet Explorer (HKLM\...\{C0DA129B-1E45-494D-A362-5CD0109C306B}) (Version: 11.11.7.0 - WOT Services Oy)
    YTD Toolbar v7.6 (HKLM-x32\...\{C3E2B404-EF69-4C60-A7C1-CF116D2C3267}) (Version: 7.6 - Spigot, Inc.)
    YTD YouTube Downloader & Converter 3.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - GreenTree Applications SRL)
    Zone retraite / Retirement zone (HKLM-x32\...\{10895847-3460-11D7-8193-0010B5BCE08C}) (Version: 3.8.0.0 - Desjardins Assurances)
    ZoomExpressKeyView14.1 (HKLM-x32\...\{C007CFA1-FC3C-49B8-8D30-DB5BF3396632}) (Version: 14.1.04 - ...)
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
     
    ==================== Restore Points  =========================
     
    18-03-2014 18:08:31 Windows Update
    21-03-2014 20:25:19 Windows Update
    24-03-2014 15:28:50 Windows Update
    29-03-2014 15:51:57 Windows Update
    01-04-2014 17:54:23 Windows Update
    06-04-2014 03:14:41 Windows Update
    09-04-2014 16:16:06 Windows Update
    15-04-2014 17:14:07 Windows Update
    15-04-2014 19:48:36 Uniblue SpeedUpMyPC installation
    15-04-2014 19:56:21 Revo Uninstaller's restore point - SpeedUpMyPC
    17-04-2014 17:14:16 Installed Java 7 Update 55
    21-04-2014 03:38:10 Windows Update
    21-04-2014 17:04:56 Windows Modules Installer
    21-04-2014 17:24:12 Removed Brand Thunder Theme Manager for Internet Explorer
    22-04-2014 15:38:09 Windows Update
    22-04-2014 16:36:41 OTL Restore Point - 4/22/2014 10:36:35 AM
     
    ==================== Hosts content: ==========================
     
    2009-07-13 20:34 - 2014-04-14 11:29 - 00793927 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost #[IPv6]
    0.0.0.0 banners.weselltraffic.com
    0.0.0.0 adsatt.abcnews.starwave.com
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    Task: {0672D3D5-C923-4E23-90AD-04E329E73C4F} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
    Task: {1B5C2A26-AA64-4688-A4D4-A630F7020BC2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
    Task: {1E73C201-016C-4AD1-950B-8677238A833E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {218F1E4C-A15B-4C7F-A40B-CA86BDFA00D6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
    Task: {2F8C5DD5-1E73-45C3-91AB-1DDCA9FC685B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
    Task: {3168ADC7-7138-4622-81F6-10922003E183} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-28] (Google Inc.)
    Task: {36175958-14CD-4048-9AEE-B81160984C9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-28] (Google Inc.)
    Task: {3A82BBE0-C3B3-42F9-A9A4-1D23C8696413} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
    Task: {3B252575-1635-4CB4-8B0C-118C4D408CB3} - System32\Tasks\HPCeeScheduleForJButler => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {3FDA38DA-37F2-4FF3-B53C-25B907C62F74} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
    Task: {504D6BD9-9F53-4AB1-B022-333FB258B369} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
    Task: {62436556-5011-41F3-B3E9-D96B2586E6F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
    Task: {64B15A2A-3692-47EC-9E1F-EE9982DA2529} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
    Task: {6B0AC538-663D-4BF8-9ABB-1CF2C92923ED} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-02] (Synaptics Incorporated)
    Task: {7BA8BEB9-3702-485F-B143-E2B0150FEBB9} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe [2013-12-03] (iolo technologies, LLC)
    Task: {87876009-4FE2-4836-9988-5BA63F63FA54} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
    Task: {C89DD698-504F-4039-86FF-601D66E3760E} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-05-02] (Hewlett Packard)
    Task: {CC7958DA-564A-477A-A073-C944A9B2495C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
    Task: {D2F270C6-BD35-4FB4-AAB0-F86CC297540A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core => C:\Users\JButler\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
    Task: {D80BD92A-0111-4D59-8B52-D189288580E0} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe
    Task: {D81CD8DD-8D71-4725-9E2D-F5E5433643A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {DFBEF069-17B6-487D-9747-5049CF4E23A0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-07-06] (CyberLink)
    Task: {E55B3DDE-12F3-4A38-B93D-64D1A99866BA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForJButler.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2012-05-02 14:29 - 2012-03-11 14:56 - 00086608 _____ () C:\Windows\System32\cpwmon64.dll
    2011-04-02 00:06 - 2011-04-02 00:06 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2011-03-04 13:49 - 2011-03-04 13:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
    2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2013-10-18 17:55 - 2013-10-18 17:55 - 25100288 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\libcef.dll
    2014-04-11 11:53 - 2014-04-01 19:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
    2014-04-11 11:53 - 2014-04-01 19:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
    2014-04-11 11:53 - 2014-04-01 19:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
    2014-04-11 11:53 - 2014-04-01 19:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
    2014-04-11 11:53 - 2014-04-01 19:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
    2014-04-11 11:53 - 2014-04-01 19:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
    2014-04-11 11:53 - 2014-04-01 19:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
    2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
    2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMP => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMPSE => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"
     
    ==================== Disabled items from MSCONFIG ==============
     
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
     
    Name: wStLib64
    Description: wStLib64
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer: 
    Service: wStLib64
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
     
    Name: Cisco Systems VPN Adapter for 64-bit Windows
    Description: Cisco Systems VPN Adapter for 64-bit Windows
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: CVirtA
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
     
    System errors:
    =============
     
    Microsoft Office Sessions:
    =========================
     
    CodeIntegrity Errors:
    ===================================
      Date: 2013-09-26 11:31:23.125
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-09-26 11:31:22.969
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-09-26 11:31:22.829
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-09-26 11:31:22.688
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-09-25 20:10:21.336
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-09-25 20:10:21.195
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-04-03 13:51:24.725
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-04-03 13:51:24.615
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-04-03 13:51:22.109
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-04-03 13:51:21.996
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 63%
    Total physical RAM: 5610.91 MB
    Available physical RAM: 2055.34 MB
    Total Pagefile: 11219.99 MB
    Available Pagefile: 7115.35 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.86 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:682.79 GB) (Free:585.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:15.55 GB) (Free:1.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: A626DF5C)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=683 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
     
    ==================== End Of Log ============================

    • 0

    Advertisements


    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,024 posts
    • MVP
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
    Ron

    • 0

    #12
    Triskelion

    Triskelion

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 652 posts

    Thanks Ron.

     

    Junk.exe log:

     

    2014-04-23 08:28:18, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:28:18, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
    2014-04-23 08:28:25, Info                  CSI    0000000e [SR] Verify complete
    2014-04-23 08:28:26, Info                  CSI    0000000f [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:28:26, Info                  CSI    00000010 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:28:33, Info                  CSI    00000012 [SR] Verify complete
    2014-04-23 08:28:34, Info                  CSI    00000013 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:28:34, Info                  CSI    00000014 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:28:41, Info                  CSI    00000016 [SR] Verify complete
    2014-04-23 08:28:43, Info                  CSI    00000017 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:28:43, Info                  CSI    00000018 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:28:51, Info                  CSI    0000001a [SR] Verify complete
    2014-04-23 08:28:52, Info                  CSI    0000001b [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:28:52, Info                  CSI    0000001c [SR] Beginning Verify and Repair transaction
    2014-04-23 08:29:01, Info                  CSI    0000001e [SR] Verify complete
    2014-04-23 08:29:02, Info                  CSI    0000001f [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:29:02, Info                  CSI    00000020 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:29:09, Info                  CSI    00000022 [SR] Verify complete
    2014-04-23 08:29:10, Info                  CSI    00000023 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:29:10, Info                  CSI    00000024 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:29:27, Info                  CSI    00000026 [SR] Verify complete
    2014-04-23 08:29:28, Info                  CSI    00000027 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:29:28, Info                  CSI    00000028 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:29:39, Info                  CSI    0000002a [SR] Verify complete
    2014-04-23 08:29:40, Info                  CSI    0000002b [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:29:40, Info                  CSI    0000002c [SR] Beginning Verify and Repair transaction
    2014-04-23 08:29:52, Info                  CSI    0000002e [SR] Verify complete
    2014-04-23 08:29:54, Info                  CSI    0000002f [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:29:54, Info                  CSI    00000030 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:30:12, Info                  CSI    00000032 [SR] Verify complete
    2014-04-23 08:30:13, Info                  CSI    00000033 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:30:13, Info                  CSI    00000034 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:30:21, Info                  CSI    00000036 [SR] Verify complete
    2014-04-23 08:30:22, Info                  CSI    00000037 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:30:22, Info                  CSI    00000038 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:30:40, Info                  CSI    0000003a [SR] Verify complete
    2014-04-23 08:30:40, Info                  CSI    0000003b [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:30:40, Info                  CSI    0000003c [SR] Beginning Verify and Repair transaction
    2014-04-23 08:30:52, Info                  CSI    0000003e [SR] Verify complete
    2014-04-23 08:30:53, Info                  CSI    0000003f [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:30:53, Info                  CSI    00000040 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:31:03, Info                  CSI    00000042 [SR] Verify complete
    2014-04-23 08:31:04, Info                  CSI    00000043 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:31:04, Info                  CSI    00000044 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:31:13, Info                  CSI    00000046 [SR] Verify complete
    2014-04-23 08:31:13, Info                  CSI    00000047 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:31:13, Info                  CSI    00000048 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:31:36, Info                  CSI    0000004b [SR] Verify complete
    2014-04-23 08:31:37, Info                  CSI    0000004c [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:31:37, Info                  CSI    0000004d [SR] Beginning Verify and Repair transaction
    2014-04-23 08:31:55, Info                  CSI    00000052 [SR] Verify complete
    2014-04-23 08:31:56, Info                  CSI    00000053 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:31:56, Info                  CSI    00000054 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:32:07, Info                  CSI    00000057 [SR] Verify complete
    2014-04-23 08:32:07, Info                  CSI    00000058 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:32:07, Info                  CSI    00000059 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:32:19, Info                  CSI    0000005b [SR] Verify complete
    2014-04-23 08:32:20, Info                  CSI    0000005c [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:32:20, Info                  CSI    0000005d [SR] Beginning Verify and Repair transaction
    2014-04-23 08:32:34, Info                  CSI    0000007f [SR] Verify complete
    2014-04-23 08:32:34, Info                  CSI    00000080 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:32:34, Info                  CSI    00000081 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:32:45, Info                  CSI    00000086 [SR] Verify complete
    2014-04-23 08:32:46, Info                  CSI    00000087 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:32:46, Info                  CSI    00000088 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:33:00, Info                  CSI    0000008a [SR] Verify complete
    2014-04-23 08:33:00, Info                  CSI    0000008b [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:33:00, Info                  CSI    0000008c [SR] Beginning Verify and Repair transaction
    2014-04-23 08:33:12, Info                  CSI    0000008e [SR] Verify complete
    2014-04-23 08:33:12, Info                  CSI    0000008f [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:33:12, Info                  CSI    00000090 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:33:23, Info                  CSI    00000092 [SR] Verify complete
    2014-04-23 08:33:24, Info                  CSI    00000093 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:33:24, Info                  CSI    00000094 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:33:34, Info                  CSI    00000096 [SR] Verify complete
    2014-04-23 08:33:34, Info                  CSI    00000097 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:33:34, Info                  CSI    00000098 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:33:49, Info                  CSI    0000009a [SR] Verify complete
    2014-04-23 08:33:50, Info                  CSI    0000009b [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:33:50, Info                  CSI    0000009c [SR] Beginning Verify and Repair transaction
    2014-04-23 08:34:04, Info                  CSI    000000bf [SR] Verify complete
    2014-04-23 08:34:04, Info                  CSI    000000c0 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:34:04, Info                  CSI    000000c1 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:34:19, Info                  CSI    000000c3 [SR] Verify complete
    2014-04-23 08:34:20, Info                  CSI    000000c4 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:34:20, Info                  CSI    000000c5 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:34:49, Info                  CSI    000000c7 [SR] Verify complete
    2014-04-23 08:34:50, Info                  CSI    000000c8 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:34:50, Info                  CSI    000000c9 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:34:57, Info                  CSI    000000cd [SR] Verify complete
    2014-04-23 08:34:57, Info                  CSI    000000ce [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:34:57, Info                  CSI    000000cf [SR] Beginning Verify and Repair transaction
    2014-04-23 08:35:02, Info                  CSI    000000d1 [SR] Verify complete
    2014-04-23 08:35:03, Info                  CSI    000000d2 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:35:03, Info                  CSI    000000d3 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:35:07, Info                  CSI    000000d5 [SR] Verify complete
    2014-04-23 08:35:08, Info                  CSI    000000d6 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:35:08, Info                  CSI    000000d7 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:35:23, Info                  CSI    000000e9 [SR] Verify complete
    2014-04-23 08:35:24, Info                  CSI    000000ea [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:35:24, Info                  CSI    000000eb [SR] Beginning Verify and Repair transaction
    2014-04-23 08:35:32, Info                  CSI    000000ee [SR] Verify complete
    2014-04-23 08:35:32, Info                  CSI    000000ef [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:35:32, Info                  CSI    000000f0 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:35:37, Info                  CSI    000000f2 [SR] Verify complete
    2014-04-23 08:35:37, Info                  CSI    000000f3 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:35:37, Info                  CSI    000000f4 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:35:48, Info                  CSI    000000f6 [SR] Verify complete
    2014-04-23 08:35:49, Info                  CSI    000000f7 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:35:49, Info                  CSI    000000f8 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:35:58, Info                  CSI    000000fa [SR] Verify complete
    2014-04-23 08:35:59, Info                  CSI    000000fb [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:35:59, Info                  CSI    000000fc [SR] Beginning Verify and Repair transaction
    2014-04-23 08:36:15, Info                  CSI    000000ff [SR] Verify complete
    2014-04-23 08:36:15, Info                  CSI    00000100 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:36:15, Info                  CSI    00000101 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:36:28, Info                  CSI    00000104 [SR] Verify complete
    2014-04-23 08:36:28, Info                  CSI    00000105 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:36:28, Info                  CSI    00000106 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:36:34, Info                  CSI    00000108 [SR] Verify complete
    2014-04-23 08:36:34, Info                  CSI    00000109 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:36:34, Info                  CSI    0000010a [SR] Beginning Verify and Repair transaction
    2014-04-23 08:36:52, Info                  CSI    0000010c [SR] Verify complete
    2014-04-23 08:36:53, Info                  CSI    0000010d [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:36:53, Info                  CSI    0000010e [SR] Beginning Verify and Repair transaction
    2014-04-23 08:37:07, Info                  CSI    00000110 [SR] Verify complete
    2014-04-23 08:37:08, Info                  CSI    00000111 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:37:08, Info                  CSI    00000112 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:37:19, Info                  CSI    00000114 [SR] Verify complete
    2014-04-23 08:37:20, Info                  CSI    00000115 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:37:20, Info                  CSI    00000116 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:37:43, Info                  CSI    0000011d [SR] Verify complete
    2014-04-23 08:37:43, Info                  CSI    0000011e [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:37:43, Info                  CSI    0000011f [SR] Beginning Verify and Repair transaction
    2014-04-23 08:37:59, Info                  CSI    00000132 [SR] Verify complete
    2014-04-23 08:37:59, Info                  CSI    00000133 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:37:59, Info                  CSI    00000134 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:38:11, Info                  CSI    00000136 [SR] Verify complete
    2014-04-23 08:38:11, Info                  CSI    00000137 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:38:11, Info                  CSI    00000138 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:38:49, Info                  CSI    0000013a [SR] Verify complete
    2014-04-23 08:38:49, Info                  CSI    0000013b [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:38:49, Info                  CSI    0000013c [SR] Beginning Verify and Repair transaction
    2014-04-23 08:39:11, Info                  CSI    0000013f [SR] Verify complete
    2014-04-23 08:39:11, Info                  CSI    00000140 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:39:11, Info                  CSI    00000141 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:39:34, Info                  CSI    00000143 [SR] Verify complete
    2014-04-23 08:39:34, Info                  CSI    00000144 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:39:34, Info                  CSI    00000145 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:39:47, Info                  CSI    00000147 [SR] Verify complete
    2014-04-23 08:39:48, Info                  CSI    00000148 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:39:48, Info                  CSI    00000149 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:39:59, Info                  CSI    0000014b [SR] Verify complete
    2014-04-23 08:39:59, Info                  CSI    0000014c [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:39:59, Info                  CSI    0000014d [SR] Beginning Verify and Repair transaction
    2014-04-23 08:40:11, Info                  CSI    00000151 [SR] Verify complete
    2014-04-23 08:40:11, Info                  CSI    00000152 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:40:11, Info                  CSI    00000153 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:40:23, Info                  CSI    00000155 [SR] Verify complete
    2014-04-23 08:40:23, Info                  CSI    00000156 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:40:23, Info                  CSI    00000157 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:40:53, Info                  CSI    00000159 [SR] Verify complete
    2014-04-23 08:40:53, Info                  CSI    0000015a [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:40:53, Info                  CSI    0000015b [SR] Beginning Verify and Repair transaction
    2014-04-23 08:41:08, Info                  CSI    0000015e [SR] Verify complete
    2014-04-23 08:41:09, Info                  CSI    0000015f [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:41:09, Info                  CSI    00000160 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:41:23, Info                  CSI    00000163 [SR] Verify complete
    2014-04-23 08:41:23, Info                  CSI    00000164 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:41:23, Info                  CSI    00000165 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:41:38, Info                  CSI    00000167 [SR] Verify complete
    2014-04-23 08:41:38, Info                  CSI    00000168 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:41:38, Info                  CSI    00000169 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:41:56, Info                  CSI    0000016c [SR] Verify complete
    2014-04-23 08:41:57, Info                  CSI    0000016d [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:41:57, Info                  CSI    0000016e [SR] Beginning Verify and Repair transaction
    2014-04-23 08:42:07, Info                  CSI    00000170 [SR] Verify complete
    2014-04-23 08:42:08, Info                  CSI    00000171 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:42:08, Info                  CSI    00000172 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:42:19, Info                  CSI    00000174 [SR] Verify complete
    2014-04-23 08:42:19, Info                  CSI    00000175 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:42:19, Info                  CSI    00000176 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:42:31, Info                  CSI    00000179 [SR] Verify complete
    2014-04-23 08:42:32, Info                  CSI    0000017a [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:42:32, Info                  CSI    0000017b [SR] Beginning Verify and Repair transaction
    2014-04-23 08:42:45, Info                  CSI    0000017d [SR] Verify complete
    2014-04-23 08:42:45, Info                  CSI    0000017e [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:42:45, Info                  CSI    0000017f [SR] Beginning Verify and Repair transaction
    2014-04-23 08:42:53, Info                  CSI    00000181 [SR] Verify complete
    2014-04-23 08:42:54, Info                  CSI    00000182 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:42:54, Info                  CSI    00000183 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:43:07, Info                  CSI    00000186 [SR] Verify complete
    2014-04-23 08:43:08, Info                  CSI    00000187 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:43:08, Info                  CSI    00000188 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:43:21, Info                  CSI    0000018b [SR] Verify complete
    2014-04-23 08:43:22, Info                  CSI    0000018c [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:43:22, Info                  CSI    0000018d [SR] Beginning Verify and Repair transaction
    2014-04-23 08:43:42, Info                  CSI    00000190 [SR] Verify complete
    2014-04-23 08:43:42, Info                  CSI    00000191 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:43:42, Info                  CSI    00000192 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:43:59, Info                  CSI    00000195 [SR] Verify complete
    2014-04-23 08:43:59, Info                  CSI    00000196 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:43:59, Info                  CSI    00000197 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:44:13, Info                  CSI    00000199 [SR] Verify complete
    2014-04-23 08:44:14, Info                  CSI    0000019a [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:44:14, Info                  CSI    0000019b [SR] Beginning Verify and Repair transaction
    2014-04-23 08:44:19, Info                  CSI    0000019d [SR] Verify complete
    2014-04-23 08:44:20, Info                  CSI    0000019e [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:44:20, Info                  CSI    0000019f [SR] Beginning Verify and Repair transaction
    2014-04-23 08:44:29, Info                  CSI    000001a1 [SR] Verify complete
    2014-04-23 08:44:29, Info                  CSI    000001a2 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:44:29, Info                  CSI    000001a3 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:44:38, Info                  CSI    000001a5 [SR] Verify complete
    2014-04-23 08:44:39, Info                  CSI    000001a6 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:44:39, Info                  CSI    000001a7 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:44:51, Info                  CSI    000001a9 [SR] Verify complete
    2014-04-23 08:44:51, Info                  CSI    000001aa [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:44:51, Info                  CSI    000001ab [SR] Beginning Verify and Repair transaction
    2014-04-23 08:45:08, Info                  CSI    000001ad [SR] Verify complete
    2014-04-23 08:45:09, Info                  CSI    000001ae [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:45:09, Info                  CSI    000001af [SR] Beginning Verify and Repair transaction
    2014-04-23 08:45:17, Info                  CSI    000001b1 [SR] Verify complete
    2014-04-23 08:45:18, Info                  CSI    000001b2 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:45:18, Info                  CSI    000001b3 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:45:35, Info                  CSI    000001b5 [SR] Verify complete
    2014-04-23 08:45:35, Info                  CSI    000001b6 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:45:35, Info                  CSI    000001b7 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:46:28, Info                  CSI    000001b9 [SR] Verify complete
    2014-04-23 08:46:28, Info                  CSI    000001ba [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:46:28, Info                  CSI    000001bb [SR] Beginning Verify and Repair transaction
    2014-04-23 08:46:44, Info                  CSI    000001bd [SR] Verify complete
    2014-04-23 08:46:44, Info                  CSI    000001be [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:46:44, Info                  CSI    000001bf [SR] Beginning Verify and Repair transaction
    2014-04-23 08:47:02, Info                  CSI    000001c1 [SR] Verify complete
    2014-04-23 08:47:03, Info                  CSI    000001c2 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:47:03, Info                  CSI    000001c3 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:47:14, Info                  CSI    000001c5 [SR] Verify complete
    2014-04-23 08:47:14, Info                  CSI    000001c6 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:47:14, Info                  CSI    000001c7 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:47:22, Info                  CSI    000001c9 [SR] Verify complete
    2014-04-23 08:47:23, Info                  CSI    000001ca [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:47:23, Info                  CSI    000001cb [SR] Beginning Verify and Repair transaction
    2014-04-23 08:47:34, Info                  CSI    000001cd [SR] Verify complete
    2014-04-23 08:47:34, Info                  CSI    000001ce [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:47:34, Info                  CSI    000001cf [SR] Beginning Verify and Repair transaction
    2014-04-23 08:47:44, Info                  CSI    000001d1 [SR] Verify complete
    2014-04-23 08:47:44, Info                  CSI    000001d2 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:47:44, Info                  CSI    000001d3 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:47:46, Info                  CSI    000001d5 [SR] Verify complete
    2014-04-23 08:47:47, Info                  CSI    000001d6 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:47:47, Info                  CSI    000001d7 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:47:55, Info                  CSI    000001d9 [SR] Verify complete
    2014-04-23 08:47:55, Info                  CSI    000001da [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:47:55, Info                  CSI    000001db [SR] Beginning Verify and Repair transaction
    2014-04-23 08:48:08, Info                  CSI    000001e3 [SR] Verify complete
    2014-04-23 08:48:08, Info                  CSI    000001e4 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:48:08, Info                  CSI    000001e5 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:48:20, Info                  CSI    000001e7 [SR] Verify complete
    2014-04-23 08:48:20, Info                  CSI    000001e8 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:48:20, Info                  CSI    000001e9 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:48:31, Info                  CSI    000001eb [SR] Verify complete
    2014-04-23 08:48:31, Info                  CSI    000001ec [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:48:31, Info                  CSI    000001ed [SR] Beginning Verify and Repair transaction
    2014-04-23 08:48:44, Info                  CSI    000001ef [SR] Verify complete
    2014-04-23 08:48:45, Info                  CSI    000001f0 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:48:45, Info                  CSI    000001f1 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:49:06, Info                  CSI    000001f4 [SR] Verify complete
    2014-04-23 08:49:07, Info                  CSI    000001f5 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:49:07, Info                  CSI    000001f6 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:49:23, Info                  CSI    000001f8 [SR] Verify complete
    2014-04-23 08:49:23, Info                  CSI    000001f9 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:49:23, Info                  CSI    000001fa [SR] Beginning Verify and Repair transaction
    2014-04-23 08:49:29, Info                  CSI    000001fc [SR] Verify complete
    2014-04-23 08:49:29, Info                  CSI    000001fd [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:49:29, Info                  CSI    000001fe [SR] Beginning Verify and Repair transaction
    2014-04-23 08:49:50, Info                  CSI    00000200 [SR] Verify complete
    2014-04-23 08:49:50, Info                  CSI    00000201 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:49:50, Info                  CSI    00000202 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:50:25, Info                  CSI    00000207 [SR] Verify complete
    2014-04-23 08:50:26, Info                  CSI    00000208 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:50:26, Info                  CSI    00000209 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:50:55, Info                  CSI    0000020e [SR] Verify complete
    2014-04-23 08:50:56, Info                  CSI    0000020f [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:50:56, Info                  CSI    00000210 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:51:17, Info                  CSI    00000218 [SR] Verify complete
    2014-04-23 08:51:18, Info                  CSI    00000219 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:51:18, Info                  CSI    0000021a [SR] Beginning Verify and Repair transaction
    2014-04-23 08:51:40, Info                  CSI    00000221 [SR] Verify complete
    2014-04-23 08:51:41, Info                  CSI    00000222 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:51:41, Info                  CSI    00000223 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:51:57, Info                  CSI    00000228 [SR] Verify complete
    2014-04-23 08:51:57, Info                  CSI    00000229 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:51:57, Info                  CSI    0000022a [SR] Beginning Verify and Repair transaction
    2014-04-23 08:52:10, Info                  CSI    0000022e [SR] Verify complete
    2014-04-23 08:52:11, Info                  CSI    0000022f [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:52:11, Info                  CSI    00000230 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:52:23, Info                  CSI    00000232 [SR] Verify complete
    2014-04-23 08:52:24, Info                  CSI    00000233 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:52:24, Info                  CSI    00000234 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:52:42, Info                  CSI    00000257 [SR] Verify complete
    2014-04-23 08:52:43, Info                  CSI    00000258 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:52:43, Info                  CSI    00000259 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:52:58, Info                  CSI    0000025d [SR] Verify complete
    2014-04-23 08:52:58, Info                  CSI    0000025e [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:52:58, Info                  CSI    0000025f [SR] Beginning Verify and Repair transaction
    2014-04-23 08:53:10, Info                  CSI    00000261 [SR] Verify complete
    2014-04-23 08:53:11, Info                  CSI    00000262 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:53:11, Info                  CSI    00000263 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:53:27, Info                  CSI    00000265 [SR] Verify complete
    2014-04-23 08:53:27, Info                  CSI    00000266 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:53:27, Info                  CSI    00000267 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:53:41, Info                  CSI    00000274 [SR] Verify complete
    2014-04-23 08:53:41, Info                  CSI    00000275 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:53:41, Info                  CSI    00000276 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:53:56, Info                  CSI    00000279 [SR] Verify complete
    2014-04-23 08:53:56, Info                  CSI    0000027a [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:53:56, Info                  CSI    0000027b [SR] Beginning Verify and Repair transaction
    2014-04-23 08:54:14, Info                  CSI    00000283 [SR] Verify complete
    2014-04-23 08:54:14, Info                  CSI    00000284 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:54:14, Info                  CSI    00000285 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:54:27, Info                  CSI    0000028d [SR] Verify complete
    2014-04-23 08:54:27, Info                  CSI    0000028e [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:54:27, Info                  CSI    0000028f [SR] Beginning Verify and Repair transaction
    2014-04-23 08:54:34, Info                  CSI    00000291 [SR] Verify complete
    2014-04-23 08:54:35, Info                  CSI    00000292 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:54:35, Info                  CSI    00000293 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:55:02, Info                  CSI    00000296 [SR] Verify complete
    2014-04-23 08:55:03, Info                  CSI    00000297 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:55:03, Info                  CSI    00000298 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:55:12, Info                  CSI    0000029a [SR] Verify complete
    2014-04-23 08:55:12, Info                  CSI    0000029b [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:55:12, Info                  CSI    0000029c [SR] Beginning Verify and Repair transaction
    2014-04-23 08:55:40, Info                  CSI    0000029e [SR] Verify complete
    2014-04-23 08:55:40, Info                  CSI    0000029f [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:55:40, Info                  CSI    000002a0 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:56:04, Info                  CSI    000002a2 [SR] Verify complete
    2014-04-23 08:56:05, Info                  CSI    000002a3 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:56:05, Info                  CSI    000002a4 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:56:28, Info                  CSI    000002a6 [SR] Verify complete
    2014-04-23 08:56:29, Info                  CSI    000002a7 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:56:29, Info                  CSI    000002a8 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:56:52, Info                  CSI    000002c2 [SR] Verify complete
    2014-04-23 08:56:52, Info                  CSI    000002c3 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:56:52, Info                  CSI    000002c4 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:57:57, Info                  CSI    000002c6 [SR] Verify complete
    2014-04-23 08:57:58, Info                  CSI    000002c7 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:57:58, Info                  CSI    000002c8 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:58:13, Info                  CSI    000002ca [SR] Verify complete
    2014-04-23 08:58:13, Info                  CSI    000002cb [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:58:13, Info                  CSI    000002cc [SR] Beginning Verify and Repair transaction
    2014-04-23 08:58:26, Info                  CSI    000002ce [SR] Verify complete
    2014-04-23 08:58:26, Info                  CSI    000002cf [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:58:26, Info                  CSI    000002d0 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:58:37, Info                  CSI    000002d4 [SR] Verify complete
    2014-04-23 08:58:38, Info                  CSI    000002d5 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:58:38, Info                  CSI    000002d6 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:58:49, Info                  CSI    000002d8 [SR] Verify complete
    2014-04-23 08:58:50, Info                  CSI    000002d9 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:58:50, Info                  CSI    000002da [SR] Beginning Verify and Repair transaction
    2014-04-23 08:59:02, Info                  CSI    000002dc [SR] Verify complete
    2014-04-23 08:59:03, Info                  CSI    000002dd [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:59:03, Info                  CSI    000002de [SR] Beginning Verify and Repair transaction
    2014-04-23 08:59:15, Info                  CSI    000002e0 [SR] Verify complete
    2014-04-23 08:59:16, Info                  CSI    000002e1 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:59:16, Info                  CSI    000002e2 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:59:28, Info                  CSI    000002e5 [SR] Verify complete
    2014-04-23 08:59:29, Info                  CSI    000002e6 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:59:29, Info                  CSI    000002e7 [SR] Beginning Verify and Repair transaction
    2014-04-23 08:59:40, Info                  CSI    000002e9 [SR] Verify complete
    2014-04-23 08:59:41, Info                  CSI    000002ea [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:59:41, Info                  CSI    000002eb [SR] Beginning Verify and Repair transaction
    2014-04-23 08:59:53, Info                  CSI    000002ed [SR] Verify complete
    2014-04-23 08:59:53, Info                  CSI    000002ee [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 08:59:53, Info                  CSI    000002ef [SR] Beginning Verify and Repair transaction
    2014-04-23 09:00:07, Info                  CSI    000002f1 [SR] Verify complete
    2014-04-23 09:00:08, Info                  CSI    000002f2 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 09:00:08, Info                  CSI    000002f3 [SR] Beginning Verify and Repair transaction
    2014-04-23 09:00:22, Info                  CSI    000002f6 [SR] Verify complete
    2014-04-23 09:00:23, Info                  CSI    000002f7 [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 09:00:23, Info                  CSI    000002f8 [SR] Beginning Verify and Repair transaction
    2014-04-23 09:00:36, Info                  CSI    000002fa [SR] Verify complete
    2014-04-23 09:00:36, Info                  CSI    000002fb [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 09:00:36, Info                  CSI    000002fc [SR] Beginning Verify and Repair transaction
    2014-04-23 09:00:59, Info                  CSI    000002fe [SR] Verify complete
    2014-04-23 09:01:00, Info                  CSI    000002ff [SR] Verifying 100 (0x0000000000000064) components
    2014-04-23 09:01:00, Info                  CSI    00000300 [SR] Beginning Verify and Repair transaction
    2014-04-23 09:01:19, Info                  CSI    00000302 [SR] Verify complete
    2014-04-23 09:01:20, Info                  CSI    00000303 [SR] Verifying 92 (0x000000000000005c) components
    2014-04-23 09:01:20, Info                  CSI    00000304 [SR] Beginning Verify and Repair transaction
    2014-04-23 09:01:37, Info                  CSI    00000306 [SR] Verify complete
    2014-04-23 09:01:37, Info                  CSI    00000307 [SR] Repairing 0 components
    2014-04-23 09:01:37, Info                  CSI    00000308 [SR] Beginning Verify and Repair transaction
    2014-04-23 09:01:37, Info                  CSI    0000030a [SR] Repair complete
     
    View System:
     
    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 23/04/2014 9:05:42 AM
     
    Note: All dates below are in the format dd/mm/yyyy
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 22/04/2014 8:59:18 PM
    Type: Error Category: 0
    Event: 7026 Source: Service Control Manager
    The following boot-start or system-start driver(s) failed to load:  FileDisk
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 22/04/2014 8:58:57 PM
    Type: Warning Category: 0
    Event: 11 Source: Microsoft-Windows-Wininit
    Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
     
    Log: 'System' Date/Time: 22/04/2014 8:58:06 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped. 
     
    View Application:
     
    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 23/04/2014 9:07:03 AM
     
    Note: All dates below are in the format dd/mm/yyyy
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 22/04/2014 9:01:49 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledSPRetry 6053
     
    Log: 'Application' Date/Time: 22/04/2014 9:01:49 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledEvent 6053
     
    Log: 'Application' Date/Time: 22/04/2014 9:01:49 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: Continuously busy for more than a second
     
    Log: 'Application' Date/Time: 22/04/2014 9:01:48 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledSPRetry 5055
     
    Log: 'Application' Date/Time: 22/04/2014 9:01:48 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledEvent 5055
     
    Log: 'Application' Date/Time: 22/04/2014 9:01:48 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: Continuously busy for more than a second
     
    Log: 'Application' Date/Time: 22/04/2014 9:01:47 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledSPRetry 4041
     
    Log: 'Application' Date/Time: 22/04/2014 9:01:47 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledEvent 4041
     
    Log: 'Application' Date/Time: 22/04/2014 9:01:47 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: Continuously busy for more than a second
     
    Log: 'Application' Date/Time: 22/04/2014 9:01:46 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledSPRetry 3042
     
    Log: 'Application' Date/Time: 22/04/2014 9:01:46 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledEvent 3042
     
    Log: 'Application' Date/Time: 22/04/2014 9:01:46 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: Continuously busy for more than a second
     
    Log: 'Application' Date/Time: 22/04/2014 9:01:45 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledSPRetry 2044
     
    Log: 'Application' Date/Time: 22/04/2014 9:01:45 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledEvent 2044
     
    Log: 'Application' Date/Time: 22/04/2014 9:01:45 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: Continuously busy for more than a second
     
    Log: 'Application' Date/Time: 22/04/2014 9:01:44 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledSPRetry 1046
     
    Log: 'Application' Date/Time: 22/04/2014 9:01:44 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledEvent 1046
     
    Log: 'Application' Date/Time: 22/04/2014 9:01:44 PM
    Type: Error Category: 0
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: Continuously busy for more than a second
     
    Log: 'Application' Date/Time: 22/04/2014 9:00:31 PM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 22/04/2014 8:57:59 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2255940260-1588004598-2344460268-1001:
    Process 1268 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2255940260-1588004598-2344460268-1001
     
     

    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,024 posts
    • MVP

    Uninstall Bonjour.  It's causing errors.  You will get a new version next time you download or upgrade an apple product.

     

    While in uninstalling let's also uninstall Adobe Flash.  There are probably two.  One for IE and one for other browsers.  Then go to Adobe.com and download the latest version of Flash.  Be sure to uncheck the offered optional foistware like the ask toolbar or McAfee Security Scan.  Do this twice if you use both IE and another browser.  Use IE one time and the other browser the second time.

     

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, and then Scan.  You will get one log.  Please post it.
     
    That should take care of the errors we just saw.
     
    How is it running now?  Any more popups?

    • 0

    #14
    Triskelion

    Triskelion

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 652 posts

    Should I also uninstall Adobe Air and Shockwave player 11.5?


    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,024 posts
    • MVP

    No they are more or less separate programs.


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP