Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC runs slow

slow malware spyware cleanup

  • Please log in to reply

#1
fletch11

fletch11

    Member

  • Member
  • PipPip
  • 52 posts

I have had my laptop for a few years now.  I try to keep it as clean as possible but it has gotten slower and slower.  I now have applications that routinely stop working - just hang.  Sometimes I can shut them down, other times I need to re-boot.  Hoping you can walk me through a good cleaning to make sure I don't have anything suspicious or something unnecessary that is slowing my computer down.  I tried cleaning and checking myself but I have done everything I can think of to do.  Any assistance would be much appreciated!  Thanks in advance!  Jill

 

Laptop - Toshiba Satellite

Windows 7 Home Premium

 

 

Here is my OTL log:

OTL Extras logfile created on: 4/24/2014 12:47:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Espinola\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16866)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 45.58% Memory free
7.60 Gb Paging File | 5.54 Gb Available in Paging File | 72.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.67 Gb Total Space | 237.27 Gb Free Space | 40.72% Space Free | Partition Type: NTFS
 
Computer Name: ESPINOLA-PC | User Name: Espinola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{043E1FB7-7DCF-47DB-909C-F683E7F34DC0}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{06C77730-240E-44B8-B09C-962BA50C17D6}" = lport=139 | protocol=6 | dir=in | app=system |
"{0D51337D-70C7-4CE4-B29B-E607A362B5E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0EB4D3CE-6D9D-4182-8079-6CC0B407D166}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{157EFBA9-2B1B-49D1-A3BF-FC8C45F87354}" = lport=137 | protocol=17 | dir=in | app=system |
"{191155E7-7206-40AD-8063-EF9946BC78FE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{1CFA8F35-FE06-482E-8DDA-FEABD48ECDFC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{22073A84-2657-44D8-9942-8BB687AC0937}" = rport=138 | protocol=17 | dir=out | app=system |
"{2733ABD6-B46F-49F1-905C-EEAE43DC9A72}" = lport=138 | protocol=17 | dir=in | app=system |
"{27957518-ACD5-4934-B5EF-08FB711ACB67}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3927D299-0EE9-4485-A086-FF94F6DE88B6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4C32B208-DB54-4AE7-972C-874560F9EF16}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4FCB5E00-597C-48CF-A595-5C29D0EC5432}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C045E52-C044-4021-AF11-B4104B8412C9}" = rport=139 | protocol=6 | dir=out | app=system |
"{6AFD1BDD-8276-4E2E-8D9F-58F754801A3A}" = lport=445 | protocol=6 | dir=in | app=system |
"{6C4C0A05-03AF-40FB-B373-49D902FE1A69}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7B4D1C50-BF9E-46FB-8571-46F8A3EE887F}" = lport=10255 | protocol=6 | dir=in | name=tmc_plugin_port |
"{89A5E90E-7C52-4B4E-9567-C883CA1600DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89D536F4-6FF2-4B73-8FCC-DF089D0F9DD0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB120CFC-6FB7-41CB-AC58-D6DF35808AAA}" = rport=445 | protocol=6 | dir=out | app=system |
"{B67AC5C2-E45A-486A-AAA0-9BE0D1010A84}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF0BDF42-6003-4BDC-B307-B0B1478131AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C997BB24-E4D5-430F-89FA-760F3098DE4E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D119173A-94C1-42D3-A2D4-99B7BE2C1C2B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D43B3071-A30F-4739-AD47-B6E4D81D8AEA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4750081-2CD1-4258-A671-BB81D08DF898}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D64D5788-F0D5-449C-AF3E-02592B3667BC}" = rport=137 | protocol=17 | dir=out | app=system |
"{DF125488-F7EC-4DA6-BC78-E96AC7D6B8A5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EAED2F2C-50C3-4BD8-963C-FD28973A15FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027433D4-623C-4DC0-B0A4-5B6D96D30A0C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{06C75A54-DA17-455C-B451-47D71D6FEA01}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07E182A7-762E-41D3-A2CC-07F77CDB9125}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{0C6C7084-54D5-4764-9AD3-80F81914566B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{0D83A39A-EB5E-40C5-8BDC-235DB517765B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1126A179-9BF4-40C6-BEDE-F605B7BAB29F}" = protocol=58 | dir=in | [email protected],-28545 |
"{169B4AD6-EE43-4304-B5BC-D164DA14BD46}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{1AE6E4C9-38DB-4D16-808F-C5BCD0D37927}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{266CDD2E-3274-427C-B823-3B519773FE02}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{27829300-9DE5-434C-BFD6-11A7B590822D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{2AE71396-32BD-45A9-B797-635E160436AA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{2E81F690-6F6D-4415-BB75-CEC961549432}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{33BD1037-CE68-423B-A86E-1CD64047915D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{345F0876-647B-478C-ACFF-6E97E0795115}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{396794DF-93A4-4FD4-90BF-F16D1A4A54BF}" = protocol=17 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"{39F5CA89-BAB2-4F7C-83D5-A0C344583B58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3DD27F10-BAA0-40CC-8650-10CAB2F194E3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{4502FBD0-4AA2-47AD-803F-DF0EB752BE8B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{50FE1F07-4F9E-4928-97AE-291CF2C747C1}" = protocol=6 | dir=in | app=c:\users\espinola\appdata\roaming\dropbox\bin\dropbox.exe |
"{55F03252-A186-45FC-83A3-C0A557783BAA}" = protocol=6 | dir=in | app=c:\users\espinola\appdata\local\temp\7zs6185.tmp\symnrt.exe |
"{5AFBEE35-3C56-41F2-BE77-5C372F6310DE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66B668C6-E22C-42FC-ABFF-4A3B81FE9A7F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{73A15B5C-62BE-4E33-87A2-FECD81965183}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{89198910-9889-462A-951E-FFD27BD4F17E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8EF52E28-E139-4486-976E-7709B6DA7C94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9318CAD8-DC2C-4FF7-9B60-FA3CAF80080D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{98F5F2AE-45C2-4C9E-84BF-8AEB3529B524}" = protocol=1 | dir=out | [email protected],-28544 |
"{A4DF1FDC-98CD-4526-8E52-3903519FB405}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{A68B4F69-3889-44F3-94A9-C3B4B0D0872F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B02DA483-25B7-4A28-A99A-AA9EA817D5E4}" = protocol=6 | dir=out | app=system |
"{B1BF20F7-CAF8-4FCE-8BA6-0A61237FD971}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B448EFC0-ECED-41D7-A797-BAF09D603160}" = protocol=17 | dir=in | app=c:\users\espinola\appdata\roaming\dropbox\bin\dropbox.exe |
"{B8CE88E2-FFCF-4614-BA4B-2904F01A74B6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{B908D962-A932-4DCD-8E97-42F55E6FEF10}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{BE849B79-E0D2-457B-8513-49EEC29ECBB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C345C165-B0DE-49A7-A157-A71AC0BFFD0A}" = protocol=6 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"{C4529C98-DA9A-4FDE-A49E-0FC3C9F045C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C4C70778-AD46-4A67-80AF-18937CDBAFA6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{C84E42E4-83E7-46DF-9843-464D74D9ED89}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{CC85FE8A-100D-4248-B333-15067E433E4F}" = protocol=17 | dir=in | app=c:\users\espinola\appdata\local\temp\7zs6185.tmp\symnrt.exe |
"{CD0BFBF3-A479-4FEA-818E-5BB55C255EB4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE2740D9-9EC6-491E-828B-3F14193C2ACC}" = dir=in | app=d:\setup\hpznui40.exe |
"{DD170A59-5C0C-4B9B-9247-8F17CE4962CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE016067-4FE9-47DB-B315-2170BB412B71}" = protocol=58 | dir=out | [email protected],-28546 |
"{E3810413-1705-4A1C-88BB-9D1AE997174F}" = protocol=1 | dir=in | [email protected],-28543 |
"{E7F8805C-703B-481A-AE7D-58C4FB1B5283}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{EA962BB3-ECD5-4762-8C92-825178DACF56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE829392-E63F-41F8-BE79-0A39D3371977}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{EF55BF4A-4860-4FEB-B256-EA46C36F3B9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F2C49491-AD9B-493E-93C1-73056B5533BC}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{F484E01F-2A54-4298-826F-E38A14020EF2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F4E82317-ABC7-4313-B8E9-D6E40B6A4A5F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F4F21322-671B-4C89-945E-AF2D5A5007CB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{F839BC8E-00C7-4BBC-8D19-26478B4C4032}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{1A16053C-466B-4FFB-B127-4E7ECE372F74}C:\users\espinola\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\espinola\appdata\local\akamai\netsession_win.exe |
"TCP Query User{3EBB88BA-AB35-40DF-9396-36B089450040}C:\users\espinola\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\espinola\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{46BFA6FC-5146-4DD5-A5B0-7530D6822381}C:\users\espinola\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\espinola\appdata\local\akamai\netsession_win.exe |
"TCP Query User{4CF757F0-A3B4-4D1D-BDDB-9FD308050B17}C:\program files (x86)\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"UDP Query User{04916A37-7090-40B5-92CE-4C6FA98F6788}C:\program files (x86)\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"UDP Query User{3EB4FB5E-92F1-48D8-9934-AEEEEF536508}C:\users\espinola\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\espinola\appdata\local\akamai\netsession_win.exe |
"UDP Query User{63789DA2-B5B1-4E02-A0A3-70EDF080A215}C:\users\espinola\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\espinola\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{C306A44F-0405-4785-BC28-D94686DE5DD1}C:\users\espinola\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\espinola\appdata\local\akamai\netsession_win.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX710_series" = Canon MX710 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel® PROSet/Wireless WiFi Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel® Wireless Display
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{308C9F09-B104-4E15-AD41-6CB69604E8BE}" = QuickBooks Premier: Retail Edition 2013
"{3167CC62-C775-4E47-92C1-73EBB845751A}" = QuickBooks
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PUBLISHERR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PUBLISHERR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010
"{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Aimersoft DVD to iPad Converter_is1" = Aimersoft DVD to iPad Converter(Build 2.5.0.0)
"AudibleDownloadManager" = Audible Download Manager
"Canon MX710 series On-screen Manual" = Canon MX710 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Foxit Reader_is1" = Foxit Reader 5.0
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.1" = Canon MP Navigator EX 5.1
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.7.2
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.PUBLISHERR" = Microsoft Publisher 2010
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PDF reDirect" = PDF reDirect (remove only)
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Digital Sites" = Update for Zip Opener
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/11/2014 6:49:44 PM | Computer Name = ESPINOLA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 98531448
 
Error - 4/11/2014 6:49:44 PM | Computer Name = ESPINOLA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 98531448
 
Error - 4/11/2014 10:25:55 PM | Computer Name = Espinola-PC | Source = Windows Search Service | ID = 7040
Description =
 
Error - 4/11/2014 10:25:55 PM | Computer Name = Espinola-PC | Source = Windows Search Service | ID = 7042
Description =
 
Error - 4/21/2014 10:07:19 AM | Computer Name = Espinola-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 4/21/2014 10:07:20 AM | Computer Name = Espinola-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998
 
Error - 4/21/2014 10:07:20 AM | Computer Name = Espinola-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998
 
Error - 4/21/2014 11:06:14 AM | Computer Name = Espinola-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_p2pimsvc, version: 6.1.7600.16385,
 time stamp: 0x4a5bc3c1  Faulting module name: ntdll.dll, version: 6.1.7601.18247,
 time stamp: 0x521eaf24  Exception code: 0xc0000005  Fault offset: 0x000000000004e4e4
Faulting
 process id: 0x1554  Faulting application start time: 0x01cf5d731e467df9  Faulting application
 path: C:\windows\System32\svchost.exe  Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
 Id: 7aec108a-c966-11e3-952d-1c7508850c44
 
Error - 4/24/2014 11:33:22 AM | Computer Name = Espinola-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WINWORD.EXE, version: 14.0.6129.5000, time
 stamp: 0x5082f354  Faulting module name: ole32.dll, version: 6.1.7601.17514, time
 stamp: 0x4ce7b96f  Exception code: 0xc0000005  Fault offset: 0x0004866a  Faulting process
 id: 0xa5c  Faulting application start time: 0x01cf5f55f518dae3  Faulting application
 path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE  Faulting module
 path: C:\windows\syswow64\ole32.dll  Report Id: c45a38aa-cbc5-11e3-becb-1c7508850c44
 
Error - 4/24/2014 12:07:09 PM | Computer Name = Espinola-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WINWORD.EXE, version: 14.0.6129.5000, time
 stamp: 0x5082f354  Faulting module name: ole32.dll, version: 6.1.7601.17514, time
 stamp: 0x4ce7b96f  Exception code: 0xc0000005  Fault offset: 0x0004866a  Faulting process
 id: 0x1424  Faulting application start time: 0x01cf5fd43c33ac4a  Faulting application
 path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE  Faulting module
 path: C:\windows\syswow64\ole32.dll  Report Id: 7c4c2a9e-cbca-11e3-becb-1c7508850c44
 
[ System Events ]
Error - 4/11/2014 8:23:32 PM | Computer Name = Espinola-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.169.2273.0     Update Source: %%859     Update Stage:
 %%852     Source Path: Signature Type: %%800     Update Type: %%803

    User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10401.0

    Error
 code: 0x8024001e     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support.
 
Error - 4/12/2014 10:47:08 AM | Computer Name = Espinola-PC | Source = DCOM | ID = 10010
Description =
 
Error - 4/21/2014 11:06:26 AM | Computer Name = Espinola-PC | Source = Service Control Manager | ID = 7031
Description = The Peer Networking Identity Manager service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in
300000 milliseconds: Restart the service.
 
Error - 4/21/2014 11:06:26 AM | Computer Name = Espinola-PC | Source = Service Control Manager | ID = 7031
Description = The Peer Networking Grouping service terminated unexpectedly.  It
has done this 1 time(s).  The following corrective action will be taken in 300000
 milliseconds: Restart the service.
 
Error - 4/21/2014 11:06:26 AM | Computer Name = Espinola-PC | Source = Service Control Manager | ID = 7031
Description = The Peer Name Resolution Protocol service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in
300000 milliseconds: Restart the service.
 
Error - 4/21/2014 11:11:26 AM | Computer Name = Espinola-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Peer Name Resolution Protocol
 service, but this action failed with the following error:   %%1056
 
Error - 4/21/2014 11:11:26 AM | Computer Name = Espinola-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Peer Networking Identity Manager
 service, but this action failed with the following error:   %%1056
 
Error - 4/23/2014 4:54:38 PM | Computer Name = Espinola-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.173.334.0     Update Source: %%859     Update Stage:
 %%852     Source Path: Signature Type: %%800     Update Type: %%803

    User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10502.0

    Error
 code: 0x80072ee2     Error description: The operation timed out
 
Error - 4/23/2014 5:42:37 PM | Computer Name = Espinola-PC | Source = DCOM | ID = 10010
Description =
 
Error - 4/23/2014 8:49:34 PM | Computer Name = Espinola-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.173.334.0     Update Source: %%859     Update Stage:
 %%852     Source Path: Signature Type: %%800     Update Type: %%803

    User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10502.0

    Error
 code: 0x8024402c     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support.
 
 
< End of report >
 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
     
    Download OTL from
    and Save it to your desktop.
     
    Copy the text in the code box:
     
    DRIVES
    nnetsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    rsvpsp.dll
    pnrpnsp.dll 
    nwprovau.dll
    nlaapi.dll
    napinsp.dll
    mswsock.dll
    winrnr.dll
    wshelper.dll
    services.exe
    atapi.sys
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    csrss.exe
    PrintIsolationHost.exe
    consrv.dll
    user32.dll
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %ProgramFiles%\WINDOWS NT\*.* /s
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
    
     
    Run OTL (Vista or Win 7 => right click and Run As Administrator)
     
    Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
     
    Select the All option in the Extra Registry group then Run Scan.
     
    You should get two logs.  Please copy and paste both of them.
     
    Ron

    • 0

    #3
    fletch11

    fletch11

      Member

    • Topic Starter
    • Member
    • PipPip
    • 52 posts

    Thank you so very much for helping me.  I ran adwcleaner and there were a few things to be removed (log is below).  I will run Junkware, Farbar and OTL right now.

     

    One note.....After I ran adwclearner, I started Firefox.  There was an error message about Shockwave. The message asked me if I should disable it.  When I said "yes", Firefox frooze and had to be restarted.  Tried this a couple of times. I then said "continue" and all seems well.  I'm sorry but did not write down the text of the error message - I think I can re-create it if I reboot so please let me know if it is needed.  Is this an issue?

     

    ADWCLEANER LOG:

    # AdwCleaner v3.205 - Report created 29/04/2014 at 08:08:02
    # Updated 28/04/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Espinola - ESPINOLA-PC
    # Running from : C:\Users\Espinola\Downloads\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files (x86)\FindRight
    Folder Deleted : C:\Program Files (x86)\Mysearchdial
    Folder Deleted : C:\Users\Espinola\AppData\LocalLow\Mysearchdial
    Folder Deleted : C:\Users\Espinola\AppData\Roaming\DigitalSites
    Folder Deleted : C:\Users\Espinola\AppData\Roaming\Mysearchdial
    File Deleted : C:\END
    File Deleted : C:\Users\Espinola\AppData\Local\Temp\Uninstall.exe
    File Deleted : C:\Users\Espinola\AppData\Roaming\Mozilla\Firefox\Profiles\cq9wok0x.default\user.js
    File Deleted : C:\windows\Tasks\Digital Sites.job
    File Deleted : C:\windows\System32\Tasks\Digital Sites

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\mysearchdial
    Key Deleted : HKLM\Software\InstallCore
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16866

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
    Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v28.0 (en-US)

    [ File : C:\Users\Espinola\AppData\Roaming\Mozilla\Firefox\Profiles\cq9wok0x.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [8401 octets] - [29/04/2014 08:06:44]
    AdwCleaner[S0].txt - [7441 octets] - [29/04/2014 08:08:02]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7501 octets] ##########

     


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    Probably your home page has something on it (probably an ad) that wants shockwave.  I wouldn't worry about it right now.


    • 0

    #5
    fletch11

    fletch11

      Member

    • Topic Starter
    • Member
    • PipPip
    • 52 posts

    Thanks for the quick response.

     

    Here is the Junkware log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Espinola on Tue 04/29/2014 at  8:54:47.00
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A077AC96-B770-4B30-A230-0E4F07E263A5}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{00D9B2AB-0622-4514-AB68-BEDEF9F1E545}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{0A465A75-36AC-4699-BB94-CE20F7846937}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{0BC7EBF3-9E41-4ACD-A7BE-7D4931EA2706}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{0EB45CD5-8429-45EA-9D21-C166ED1CA67A}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{0EDCB311-8843-4CA1-B6EE-373ABEFE3CA4}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{117DB53B-1C3F-4B85-A4FD-F1D5E69594FC}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{143C8BAC-D468-4D33-8CD0-7F5055EB3BB8}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{16A18344-6951-47DE-8009-E67F87280F81}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{24F2B9CE-1CF5-44FD-B3B5-A4A9104CC91D}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{2847F8DB-FD56-4BA6-8C9B-D8B1DE45E6B4}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{2CDEF880-8C4F-4628-8595-EC1625F3E09E}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{3199C3C5-486F-479A-8B82-896C4F8B4F05}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{338F3C2B-9136-408F-87E0-9B84332744D9}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{34BDC947-E8B2-4E99-A381-CF9874D91703}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{34BE6ACE-C3D4-4C6C-B4E3-1EB0B11F1A11}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{37478FAE-BAD4-4085-AE61-444D7FA7FED8}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{3AC7E967-72B6-413B-8EAD-703C2BAB5DEA}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{3BC1F460-2411-462C-A886-D9827A55DEF6}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{3F978DCA-4C6B-4583-B530-13A035F38B82}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{44962A4C-1B31-4FC9-833C-FEBE73432410}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{44D7D502-C859-4594-931C-0B72EEBF0093}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{491C47B4-A3F7-4453-9EAB-1DF53DEC2D80}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{6047DDB6-28B7-40B8-BAD6-D8BA53863BE0}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{634AEE14-A27E-4AE8-82D6-EAD7D7901BAC}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{639E5434-FF7A-45E6-9AA4-2A44B773C99A}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{67C79966-51CA-4CB3-BE75-741AF2636AB5}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{724B40DD-2A0F-4194-AE02-F32342C5EBE6}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{7CAC84B9-122B-4B77-AE79-1F53D7CC07A8}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{80E19417-62CD-4938-B9E9-D6D61E2DF815}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{8573162B-2D06-464A-BB8B-159D96ADEEFB}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{883F8786-2F89-4D5C-AE5F-CB5EC1CA6983}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{8A394756-DED1-49C7-9C42-EF12E2C851FD}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{8D523FB7-9F41-498E-A9C3-2262845F9460}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{97286EC1-556C-46D0-965C-15A92E39A4D7}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{98995851-6777-4EB2-A676-55AC3FD9950F}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{9AA4D00C-A328-4651-AAB5-08C17EE90383}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{9BB13F77-8D81-4FC1-9FA6-B96123B46839}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{9BBBB825-212D-4135-8E1C-52208DE1349E}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{9F08686F-DD97-409C-8E1D-A390385452F8}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{A1982A8F-7FDB-44FC-B9B4-5C1F8848F523}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{A61637B6-8209-4738-9BA5-6664F701869B}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{A6BFF91F-EF19-4E7A-AF06-508E785C9C36}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{ABF7222C-BA66-41B7-8CD9-33CB4570EB5B}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{AD4C004C-1030-41B2-8B21-2F156CE1199C}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{AF29985E-1467-41E9-B6D0-247EE2AA99F4}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{B23E7F1E-DDE7-4FC4-A7B2-CC4E34837D11}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{B8A1004F-07AA-4470-9D67-7940A30A3EAB}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{B98C30DB-E463-4CF3-B096-FBD41C27AE30}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{BAB4788F-8EA7-4FDB-B51F-F20EAB4CEB4A}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{BD325886-2881-47D6-90B7-8CA21023E0D7}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{C216DEC8-9CC8-4029-A88B-6DEA4B25F493}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{C2E00D1E-D989-44E2-A57A-537C67BA18A9}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{C5B0C4F1-7B89-42A4-B739-0810D8764F21}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{C724A3B2-5721-4931-AAFD-CEAB56AEF5FE}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{CCBF5338-750C-44EB-A671-EC158D7BB4A3}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{CF61EFE0-8590-453D-8516-01A18F355371}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{D25C13FB-E97C-4C29-8973-2297FDA01828}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{D3CF08B4-23FD-454A-BA45-05C9A0D00C7E}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{D913B305-FA10-4C46-9C83-B3D9BAB87A63}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{DF439371-4739-4A51-B2BC-F660CDA7DB65}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{E78CD0BB-DF13-400D-B70C-994AE2C4FF44}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{E7961BCB-AD25-4153-B2D4-7BA0329CA260}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{E7BDC390-8B14-4D99-A2CB-B78A19F55B75}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{EE98D877-C67F-4309-ABBB-87376BB019A7}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{EE9C9E90-EE56-4E74-8DD1-6B2C444DBC30}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{F1EF1E92-941C-4210-B7BA-F70FA40745F9}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{F2D2138D-B36A-4E27-9E44-74ADD9C17F3E}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{F6BF3990-16EB-4F92-9EBE-EAA194927241}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{FAB833CE-07CD-42E6-AF4D-DB83149E89D8}
    Successfully deleted: [Empty Folder] C:\Users\Espinola\appdata\local\{FF0E467A-07BC-46F4-9BBB-A9E07980BB06}



    ~~~ FireFox

    Emptied folder: C:\Users\Espinola\AppData\Roaming\mozilla\firefox\profiles\cq9wok0x.default\minidumps [70 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 04/29/2014 at  9:00:26.36
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    • 0

    #6
    fletch11

    fletch11

      Member

    • Topic Starter
    • Member
    • PipPip
    • 52 posts

    Here is the Farbar Log Frst (1 of 2):

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014
    Ran by Espinola (administrator) on ESPINOLA-PC on 29-04-2014 09:09:35
    Running from C:\Users\Espinola\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\windows\system32\WLANExt.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
    (TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Intel Corporation) C:\windows\system32\igfxsrvc.exe
    () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Intel Corporation) C:\windows\system32\igfxext.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    () C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
    (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
    HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation)
    HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-19] (Intel® Corporation)
    HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
    HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
    HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
    HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.)
    HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-04-01] (TOSHIBA)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
    HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-17] (Intuit Inc. All rights reserved.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1128360627-1436904473-556086094-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Espinola\AppData\Local\Akamai\netsession_win.exe"
    HKU\S-1-5-21-1128360627-1436904473-556086094-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
    HKU\S-1-5-21-1128360627-1436904473-556086094-1001\...\MountPoints2: {39ccc1cd-58f9-11e3-a649-1c7508850c44} - E:\DTVP_Launcher.exe

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
    SearchScopes: HKLM - DefaultScope {248E6208-0BDD-4325-8D8B-E0FF65FE8994} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {248E6208-0BDD-4325-8D8B-E0FF65FE8994} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKLM-x32 - {1F3373B8-2047-47F3-BFE4-31649C8ACE4D} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKCU - {1F3373B8-2047-47F3-BFE4-31649C8ACE4D} URL =
    SearchScopes: HKCU - {248E6208-0BDD-4325-8D8B-E0FF65FE8994} URL =
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: No Name - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} -  No File
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
    Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{EEB04055-85B2-408F-8648-4B47FA8AEE33}: [NameServer]0.0.0.0

    FireFox:
    ========
    FF ProfilePath: C:\Users\Espinola\AppData\Roaming\Mozilla\Firefox\Profiles\cq9wok0x.default
    FF Homepage: hxxp://www.bbc.com/news/
    FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
    FF Plugin-x32: @Sibelius.com/Scorch Plugin - C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
    FF Extension: Pin It button - C:\Users\Espinola\AppData\Roaming\Mozilla\Firefox\Profiles\cq9wok0x.default\Extensions\[email protected] [2014-04-21]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-04-02]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-04-02]

    ==================== Services (Whitelisted) =================

    S3 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
    R3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
    R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [115056 2010-10-20] (Symantec Corporation)
    R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)

    ==================== Drivers (Whitelisted) ====================

    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
    S3 EraserUtilDrv11113; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-04-29 09:09 - 2014-04-29 09:09 - 00016063 _____ () C:\Users\Espinola\Downloads\FRST.txt
    2014-04-29 09:08 - 2014-04-29 09:09 - 00000000 ____D () C:\FRST
    2014-04-29 09:08 - 2014-04-29 09:08 - 02061824 _____ (Farbar) C:\Users\Espinola\Downloads\FRST64.exe
    2014-04-29 09:00 - 2014-04-29 09:00 - 00008550 _____ () C:\Users\Espinola\Desktop\JRT.txt
    2014-04-29 08:54 - 2014-04-29 08:54 - 00000000 ____D () C:\windows\ERUNT
    2014-04-29 08:23 - 2014-04-29 08:23 - 01016261 _____ (Thisisu) C:\Users\Espinola\Downloads\JRT(1).exe
    2014-04-29 08:02 - 2014-04-29 08:08 - 00000000 ____D () C:\AdwCleaner
    2014-04-29 08:02 - 2014-04-29 08:02 - 01310621 _____ () C:\Users\Espinola\Downloads\adwcleaner.exe
    2014-04-24 13:00 - 2014-04-24 13:00 - 00084780 _____ () C:\Users\Espinola\Downloads\Extras.Txt
    2014-04-24 12:59 - 2014-04-24 12:59 - 00082622 _____ () C:\Users\Espinola\Downloads\OTL.Txt
    2014-04-24 12:56 - 2014-04-24 12:56 - 01016261 _____ (Thisisu) C:\Users\Espinola\Downloads\JRT.exe
    2014-04-24 12:47 - 2014-04-24 12:47 - 00602112 _____ (OldTimer Tools) C:\Users\Espinola\Downloads\OTL.exe
    2014-04-22 14:51 - 2014-04-22 14:51 - 00000000 ____D () C:\Users\Espinola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-04-22 14:51 - 2014-04-22 14:51 - 00000000 ____D () C:\Users\Espinola\AppData\Roaming\DropboxMaster
    2014-04-22 09:06 - 2014-04-22 09:06 - 00316160 _____ (Dropbox, Inc.) C:\Users\Espinola\Downloads\DropboxInstaller.exe
    2014-04-10 12:02 - 2013-05-09 22:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
    2014-04-10 12:02 - 2013-05-09 22:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
    2014-04-10 12:02 - 2013-05-09 21:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
    2014-04-10 12:02 - 2013-05-09 21:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
    2014-04-10 10:45 - 2013-12-21 02:39 - 00600064 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-04-10 10:45 - 2013-12-21 00:56 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-04-10 10:26 - 2012-07-25 20:08 - 00744448 _____ (Microsoft Corporation) C:\windows\system32\WUDFx.dll
    2014-04-10 10:26 - 2012-07-25 20:08 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe
    2014-04-10 10:26 - 2012-07-25 20:08 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll
    2014-04-10 10:26 - 2012-07-25 20:08 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll
    2014-04-10 10:26 - 2012-07-25 20:08 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\WUDFCoinstaller.dll
    2014-04-10 10:26 - 2012-07-25 19:26 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys
    2014-04-10 10:26 - 2012-07-25 19:26 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys
    2014-04-10 10:26 - 2012-06-02 07:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2014-04-10 10:19 - 2014-04-10 10:22 - 00000000 ____D () C:\windows\system32\MRT
    2014-04-10 09:53 - 2013-08-01 19:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
    2014-04-10 09:53 - 2013-08-01 19:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
    2014-04-10 09:53 - 2013-08-01 18:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
    2014-04-10 09:53 - 2013-08-01 17:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
    2014-04-10 09:53 - 2012-10-09 11:17 - 00226816 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll
    2014-04-10 09:53 - 2012-10-09 11:17 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll
    2014-04-10 09:53 - 2012-10-09 10:40 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore6.dll
    2014-04-10 09:53 - 2012-10-09 10:40 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc6.dll
    2014-04-10 09:51 - 2013-12-05 19:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
    2014-04-10 09:51 - 2013-12-05 19:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
    2014-04-10 09:51 - 2013-12-05 19:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
    2014-04-10 09:51 - 2013-12-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
    2014-04-10 09:51 - 2013-10-05 13:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
    2014-04-10 09:51 - 2013-10-05 12:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
    2014-04-10 09:51 - 2013-10-03 19:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
    2014-04-10 09:51 - 2013-10-03 19:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
    2014-04-10 09:51 - 2013-10-03 19:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
    2014-04-10 09:51 - 2013-10-03 18:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
    2014-04-10 09:51 - 2013-10-03 18:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
    2014-04-10 09:51 - 2013-10-03 18:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
    2014-04-10 09:51 - 2013-07-08 22:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
    2014-04-10 09:51 - 2013-07-08 22:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
    2014-04-10 09:51 - 2013-07-08 22:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
    2014-04-10 09:51 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
    2014-04-10 09:51 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
    2014-04-10 09:51 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
    2014-04-10 09:51 - 2013-05-09 22:49 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
    2014-04-10 09:51 - 2013-05-09 20:20 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
    2014-04-10 09:50 - 2014-03-12 23:33 - 02238976 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-04-10 09:50 - 2014-03-12 23:33 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-04-10 09:50 - 2014-03-12 23:33 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-04-10 09:50 - 2014-03-12 23:32 - 19273728 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-04-10 09:50 - 2014-03-12 23:32 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-04-10 09:50 - 2014-03-12 23:32 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2014-04-10 09:50 - 2014-03-12 23:32 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-04-10 09:50 - 2014-03-12 23:32 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-04-10 09:50 - 2014-03-12 23:32 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-04-10 09:50 - 2014-03-12 23:31 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-04-10 09:50 - 2014-03-12 23:31 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-04-10 09:50 - 2014-03-12 23:31 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-04-10 09:50 - 2014-03-12 23:31 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
    2014-04-10 09:50 - 2014-03-12 23:31 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-04-10 09:50 - 2014-03-12 23:31 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-04-10 09:50 - 2014-03-12 22:10 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-04-10 09:50 - 2014-03-12 22:10 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 14358016 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 02049536 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-04-10 09:50 - 2014-03-12 21:57 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-04-10 09:50 - 2014-03-12 21:47 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-04-10 09:50 - 2014-03-12 20:59 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
    2014-04-10 09:50 - 2014-03-12 20:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
    2014-04-10 09:50 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-04-10 09:50 - 2013-12-24 16:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
    2014-04-10 09:50 - 2013-12-24 15:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
    2014-04-10 09:50 - 2013-12-03 19:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
    2014-04-10 09:50 - 2013-12-03 19:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
    2014-04-10 09:50 - 2013-12-03 19:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
    2014-04-10 09:50 - 2013-12-03 19:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
    2014-04-10 09:50 - 2013-12-03 19:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
    2014-04-10 09:50 - 2013-12-03 19:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
    2014-04-10 09:50 - 2013-12-03 19:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
    2014-04-10 09:50 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
    2014-04-10 09:50 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
    2014-04-10 09:50 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
    2014-04-10 09:50 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
    2014-04-10 09:50 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
    2014-04-10 09:50 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
    2014-04-10 09:50 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
    2014-04-10 09:50 - 2013-11-26 01:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
    2014-04-10 09:50 - 2013-11-22 15:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
    2014-04-10 09:49 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
    2014-04-10 09:49 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
    2014-04-10 09:49 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
    2014-04-10 09:49 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
    2014-04-10 09:49 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
    2014-04-10 09:49 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
    2014-04-10 09:49 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
    2014-04-10 09:49 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
    2014-04-10 09:49 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
    2014-04-10 09:49 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
    2014-04-10 09:49 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
    2014-04-10 09:49 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
    2014-04-10 09:49 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
    2014-04-10 09:49 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
    2014-04-10 09:49 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
    2014-04-10 09:49 - 2013-09-24 19:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2014-04-10 09:49 - 2013-09-24 19:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
    2014-04-10 09:49 - 2013-09-24 19:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
    2014-04-10 09:49 - 2013-09-24 19:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
    2014-04-10 09:49 - 2013-09-24 19:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
    2014-04-10 09:49 - 2013-09-24 19:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2014-04-10 09:49 - 2013-09-24 19:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-04-10 09:49 - 2013-09-24 19:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2014-04-10 09:49 - 2013-09-24 18:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
    2014-04-10 09:49 - 2013-09-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2014-04-10 09:49 - 2013-09-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
    2014-04-10 09:49 - 2013-09-24 18:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
    2014-04-10 09:49 - 2013-09-24 18:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
    2014-04-10 09:49 - 2013-08-28 19:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2014-04-10 09:49 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2014-04-10 09:49 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
    2014-04-10 09:49 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
    2014-04-10 09:49 - 2013-08-28 18:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
    2014-04-10 09:49 - 2013-08-28 18:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
    2014-04-10 09:49 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
    2014-04-10 09:49 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
    2014-04-10 09:49 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
    2014-04-10 09:49 - 2013-08-01 19:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
    2014-04-10 09:49 - 2013-08-01 19:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
    2014-04-10 09:49 - 2013-08-01 17:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 17:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 17:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 17:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2014-04-10 09:49 - 2013-07-04 05:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
    2014-04-10 09:49 - 2012-12-07 06:20 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\Wpc.dll
    2014-04-10 09:49 - 2012-12-07 06:15 - 02746368 _____ (Microsoft Corporation) C:\windows\system32\gameux.dll
    2014-04-10 09:49 - 2012-12-07 05:26 - 00308736 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wpc.dll
    2014-04-10 09:49 - 2012-12-07 05:20 - 02576384 _____ (Microsoft Corporation) C:\windows\SysWOW64\gameux.dll
    2014-04-10 09:49 - 2012-12-07 04:20 - 00045568 _____ (Microsoft) C:\windows\system32\oflc-nz.rs
    2014-04-10 09:49 - 2012-12-07 04:20 - 00044544 _____ (Microsoft) C:\windows\system32\pegibbfc.rs
    2014-04-10 09:49 - 2012-12-07 04:20 - 00043520 _____ (Microsoft) C:\windows\system32\csrr.rs
    2014-04-10 09:49 - 2012-12-07 04:20 - 00030720 _____ (Microsoft) C:\windows\system32\usk.rs
    2014-04-10 09:49 - 2012-12-07 04:20 - 00023552 _____ (Microsoft) C:\windows\system32\oflc.rs
    2014-04-10 09:49 - 2012-12-07 04:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-pt.rs
    2014-04-10 09:49 - 2012-12-07 04:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-fi.rs
    2014-04-10 09:49 - 2012-12-07 04:19 - 00055296 _____ (Microsoft) C:\windows\system32\cero.rs
    2014-04-10 09:49 - 2012-12-07 04:19 - 00051712 _____ (Microsoft) C:\windows\system32\esrb.rs
    2014-04-10 09:49 - 2012-12-07 04:19 - 00046592 _____ (Microsoft) C:\windows\system32\fpb.rs
    2014-04-10 09:49 - 2012-12-07 04:19 - 00040960 _____ (Microsoft) C:\windows\system32\cob-au.rs
    2014-04-10 09:49 - 2012-12-07 04:19 - 00021504 _____ (Microsoft) C:\windows\system32\grb.rs
    2014-04-10 09:49 - 2012-12-07 04:19 - 00020480 _____ (Microsoft) C:\windows\system32\pegi.rs
    2014-04-10 09:49 - 2012-12-07 04:19 - 00015360 _____ (Microsoft) C:\windows\system32\djctq.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00055296 _____ (Microsoft) C:\windows\SysWOW64\cero.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00051712 _____ (Microsoft) C:\windows\SysWOW64\esrb.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00046592 _____ (Microsoft) C:\windows\SysWOW64\fpb.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00045568 _____ (Microsoft) C:\windows\SysWOW64\oflc-nz.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00044544 _____ (Microsoft) C:\windows\SysWOW64\pegibbfc.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00043520 _____ (Microsoft) C:\windows\SysWOW64\csrr.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00040960 _____ (Microsoft) C:\windows\SysWOW64\cob-au.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00030720 _____ (Microsoft) C:\windows\SysWOW64\usk.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00023552 _____ (Microsoft) C:\windows\SysWOW64\oflc.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00021504 _____ (Microsoft) C:\windows\SysWOW64\grb.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-pt.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-fi.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00015360 _____ (Microsoft) C:\windows\SysWOW64\djctq.rs
    2014-04-10 09:48 - 2013-11-23 11:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
    2014-04-10 09:48 - 2013-11-23 10:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
    2014-04-10 09:48 - 2013-04-25 16:30 - 01505280 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
    2014-04-10 09:48 - 2013-03-31 15:52 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
    2014-04-10 09:48 - 2012-10-03 10:44 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
    2014-04-10 09:48 - 2012-10-03 10:44 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll
    2014-04-10 09:48 - 2012-10-03 10:44 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
    2014-04-10 09:48 - 2012-10-03 10:44 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
    2014-04-10 09:48 - 2012-10-03 10:44 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\netevent.dll
    2014-04-10 09:48 - 2012-10-03 10:42 - 00569344 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
    2014-04-10 09:48 - 2012-10-03 09:42 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcorehc.dll
    2014-04-10 09:48 - 2012-10-03 09:42 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
    2014-04-10 09:48 - 2012-10-03 09:42 - 00018944 _____ (Microsoft Corporation) C:\windows\SysWOW64\netevent.dll
    2014-04-10 09:48 - 2012-10-03 09:07 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
    2014-04-10 09:48 - 2012-01-13 00:12 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
    2014-04-10 09:48 - 2011-05-03 22:25 - 02315776 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
    2014-04-10 09:48 - 2011-05-03 22:22 - 02223616 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
    2014-04-10 09:48 - 2011-05-03 22:22 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
    2014-04-10 09:48 - 2011-05-03 22:22 - 00491520 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
    2014-04-10 09:48 - 2011-05-03 22:22 - 00288256 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
    2014-04-10 09:48 - 2011-05-03 22:22 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
    2014-04-10 09:48 - 2011-05-03 22:19 - 00591872 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
    2014-04-10 09:48 - 2011-05-03 22:19 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
    2014-04-10 09:48 - 2011-05-03 22:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
    2014-04-10 09:48 - 2011-05-03 21:34 - 01549312 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
    2014-04-10 09:48 - 2011-05-03 21:32 - 01401344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
    2014-04-10 09:48 - 2011-05-03 21:32 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
    2014-04-10 09:48 - 2011-05-03 21:32 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
    2014-04-10 09:48 - 2011-05-03 21:32 - 00197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
    2014-04-10 09:48 - 2011-05-03 21:32 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll
    2014-04-10 09:48 - 2011-05-03 21:28 - 00427520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
    2014-04-10 09:48 - 2011-05-03 21:28 - 00164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
    2014-04-10 09:48 - 2011-05-03 21:28 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
    2014-04-10 09:48 - 2011-03-10 23:33 - 02565632 _____ (Microsoft Corporation) C:\windows\system32\esent.dll
    2014-04-10 09:48 - 2011-03-10 23:30 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\fsutil.exe
    2014-04-10 09:48 - 2011-03-10 22:33 - 01699328 _____ (Microsoft Corporation) C:\windows\SysWOW64\esent.dll
    2014-04-10 09:47 - 2013-11-26 04:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
    2014-04-10 09:47 - 2013-10-18 19:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
    2014-04-10 09:47 - 2013-10-18 18:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
    2014-04-10 09:47 - 2013-09-07 19:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
    2014-04-10 09:47 - 2013-09-07 19:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
    2014-04-10 09:47 - 2013-09-07 19:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
    2014-04-10 09:47 - 2013-07-25 19:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
    2014-04-10 09:47 - 2013-07-25 19:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
    2014-04-10 09:47 - 2013-07-25 18:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
    2014-04-10 09:47 - 2013-07-25 18:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
    2014-04-10 09:47 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2014-04-10 09:47 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2014-04-10 09:47 - 2013-07-08 22:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
    2014-04-10 09:47 - 2013-07-08 21:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
    2014-04-10 09:47 - 2013-06-25 15:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
    2014-04-10 09:47 - 2012-11-28 15:56 - 00054376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
    2014-04-10 09:47 - 2012-11-28 15:56 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\Wdfres.dll
    2014-04-10 09:47 - 2012-11-28 15:56 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    2014-04-10 09:47 - 2012-01-04 03:44 - 00509952 _____ (Microsoft Corporation) C:\windows\system32\ntshrui.dll
    2014-04-10 09:47 - 2012-01-04 01:58 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntshrui.dll
    2014-04-10 09:47 - 2011-03-10 23:41 - 00410496 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStorV.sys
    2014-04-10 09:47 - 2011-03-10 23:41 - 00166272 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvstor.sys
    2014-04-10 09:47 - 2011-03-10 23:41 - 00148352 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvraid.sys
    2014-04-10 09:47 - 2011-03-10 23:41 - 00107904 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdsata.sys
    2014-04-10 09:47 - 2011-03-10 23:41 - 00027008 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdxata.sys
    2014-04-10 09:47 - 2011-03-10 22:31 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\fsutil.exe
    2014-04-10 09:47 - 2011-03-10 21:37 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
    2014-04-10 09:46 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
    2014-04-10 09:46 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
    2014-04-10 09:46 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
    2014-04-10 09:46 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
    2014-04-10 09:46 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
    2014-04-10 09:46 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
    2014-04-10 09:46 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
    2014-04-10 09:46 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
    2014-04-10 09:46 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
    2014-04-10 09:46 - 2013-11-26 18:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
    2014-04-10 09:46 - 2013-11-26 18:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
    2014-04-10 09:46 - 2013-11-26 18:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
    2014-04-10 09:46 - 2013-11-26 18:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
    2014-04-10 09:46 - 2013-11-26 18:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
    2014-04-10 09:46 - 2013-11-26 18:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
    2014-04-10 09:46 - 2013-11-26 18:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
    2014-04-10 09:46 - 2013-11-11 19:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
    2014-04-10 09:46 - 2013-11-11 19:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
    2014-04-10 09:46 - 2013-10-29 19:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
    2014-04-10 09:46 - 2013-10-29 19:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
    2014-04-10 09:46 - 2013-10-11 19:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
    2014-04-10 09:46 - 2013-10-11 19:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
    2014-04-10 09:46 - 2013-10-11 19:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
    2014-04-10 09:46 - 2013-10-11 19:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
    2014-04-10 09:46 - 2013-10-11 18:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
    2014-04-10 09:46 - 2013-10-11 18:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
    2014-04-10 09:46 - 2013-10-11 18:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
    2014-04-10 09:46 - 2013-10-11 18:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
    2014-04-10 09:46 - 2013-10-03 19:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
    2014-04-10 09:46 - 2013-10-03 18:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
    2014-04-10 09:46 - 2013-10-02 19:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
    2014-04-10 09:46 - 2013-10-02 19:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
    2014-04-10 09:46 - 2013-09-27 18:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
    2014-04-10 09:46 - 2013-07-12 03:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
    2014-04-10 09:46 - 2013-07-12 03:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
    2014-04-10 09:46 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
    2014-04-10 09:46 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
    2014-04-10 09:46 - 2013-06-14 21:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
    2014-04-10 09:46 - 2013-06-05 22:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
    2014-04-10 09:46 - 2013-06-05 22:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
    2014-04-10 09:46 - 2013-06-05 22:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
    2014-04-10 09:46 - 2013-06-05 22:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
    2014-04-10 09:46 - 2013-06-05 21:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
    2014-04-10 09:46 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
    2014-04-10 09:46 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
    2014-04-10 09:46 - 2013-06-05 20:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
    2014-04-10 09:46 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
    2014-04-10 09:46 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
    2014-04-10 09:46 - 2013-03-18 22:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll
    2014-04-10 09:46 - 2013-01-23 23:01 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
    2014-04-10 09:46 - 2012-11-21 22:44 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
    2014-04-10 09:46 - 2012-11-21 21:45 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
    2014-04-10 09:46 - 2012-08-22 11:12 - 00950128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
    2014-04-10 09:46 - 2012-07-04 13:26 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys
    2014-04-10 09:46 - 2012-05-05 01:36 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
    2014-04-10 09:46 - 2012-05-05 00:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
    2014-04-10 09:46 - 2012-04-07 05:31 - 03216384 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-04-10 09:46 - 2012-04-07 04:26 - 02342400 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2014-04-10 09:46 - 2011-02-18 03:51 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\prevhost.exe
    2014-04-10 09:46 - 2011-02-17 22:39 - 00031232 _____ (Microsoft Corporation) C:\windows\SysWOW64\prevhost.exe
    2014-04-10 09:45 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
    2014-04-10 09:45 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
    2014-04-10 09:45 - 2013-12-31 16:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
    2014-04-10 09:45 - 2013-12-31 16:04 - 00420008 _____ () C:\windows\system32\locale.nls
    2014-04-10 09:45 - 2013-08-04 19:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
    2014-04-10 09:45 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
    2014-04-10 09:45 - 2013-07-25 02:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
    2014-04-10 09:45 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
    2014-04-10 09:45 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
    2014-04-10 09:45 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
    2014-04-10 09:45 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
    2014-04-10 09:45 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
    2014-04-10 09:45 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
    2014-04-10 09:45 - 2013-07-02 21:40 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
    2014-04-10 09:45 - 2013-07-02 21:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
    2014-04-10 09:45 - 2013-07-02 21:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
    2014-04-10 09:45 - 2012-08-21 14:01 - 00245760 _____ (Microsoft Corporation) C:\windows\system32\OxpsConverter.exe
    2014-04-10 09:45 - 2012-04-30 22:40 - 00209920 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
    2014-04-10 09:45 - 2011-12-29 23:26 - 00515584 _____ (Microsoft Corporation) C:\windows\system32\timedate.cpl
    2014-04-10 09:45 - 2011-12-29 22:27 - 00478720 _____ (Microsoft Corporation) C:\windows\SysWOW64\timedate.cpl
    2014-04-10 09:45 - 2011-06-15 22:49 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\xmllite.dll
    2014-04-10 09:45 - 2011-06-15 21:33 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\xmllite.dll
    2014-04-10 09:22 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
    2014-04-10 09:22 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
    2014-04-10 09:21 - 2013-10-11 19:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
    2014-04-10 09:21 - 2013-10-11 19:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
    2014-04-10 09:21 - 2013-10-11 19:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
    2014-04-10 09:21 - 2013-10-11 19:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
    2014-04-10 09:21 - 2013-10-11 19:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
    2014-04-10 09:21 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
    2014-04-10 09:21 - 2013-04-09 16:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
    2014-04-10 09:21 - 2013-04-02 15:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
    2014-04-08 16:02 - 2014-04-08 16:02 - 00031777 _____ () C:\Users\Espinola\Documents\Tessa surf camp receipt.htm
    2014-04-08 16:02 - 2014-04-08 16:02 - 00000000 ____D () C:\Users\Espinola\Documents\Tessa surf camp receipt_files
    2014-04-02 19:47 - 2014-04-02 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

    ==================== One Month Modified Files and Folders =======

    2014-04-29 09:09 - 2014-04-29 09:09 - 00016063 _____ () C:\Users\Espinola\Downloads\FRST.txt
    2014-04-29 09:09 - 2014-04-29 09:08 - 00000000 ____D () C:\FRST
    2014-04-29 09:08 - 2014-04-29 09:08 - 02061824 _____ (Farbar) C:\Users\Espinola\Downloads\FRST64.exe
    2014-04-29 09:00 - 2014-04-29 09:00 - 00008550 _____ () C:\Users\Espinola\Desktop\JRT.txt
    2014-04-29 08:54 - 2014-04-29 08:54 - 00000000 ____D () C:\windows\ERUNT
    2014-04-29 08:53 - 2011-09-30 17:39 - 01642051 _____ () C:\windows\WindowsUpdate.log
    2014-04-29 08:23 - 2014-04-29 08:23 - 01016261 _____ (Thisisu) C:\Users\Espinola\Downloads\JRT(1).exe
    2014-04-29 08:18 - 2009-07-13 21:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-04-29 08:18 - 2009-07-13 21:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-04-29 08:16 - 2009-07-13 22:13 - 00783270 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-04-29 08:10 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-04-29 08:10 - 2009-07-13 21:51 - 00055998 _____ () C:\windows\setupact.log
    2014-04-29 08:09 - 2010-10-28 21:10 - 00118692 _____ () C:\windows\PFRO.log
    2014-04-29 08:08 - 2014-04-29 08:02 - 00000000 ____D () C:\AdwCleaner
    2014-04-29 08:06 - 2013-06-22 09:34 - 00000000 ____D () C:\Users\Espinola\Documents\Outlook Files
    2014-04-29 08:06 - 2011-10-03 15:54 - 00000000 ____D () C:\Users\Espinola\Documents\Outlook
    2014-04-29 08:04 - 2013-08-30 10:16 - 00000000 ____D () C:\Users\Espinola\AppData\Local\D5943476-2141-4FBF-B56A-4DB1D637F073.aplzod
    2014-04-29 08:02 - 2014-04-29 08:02 - 01310621 _____ () C:\Users\Espinola\Downloads\adwcleaner.exe
    2014-04-29 07:57 - 2014-02-27 19:55 - 00000048 _____ () C:\Users\Espinola\AppData\Roaming\WB.CFG
    2014-04-26 17:29 - 2013-01-16 18:47 - 00000000 ____D () C:\Users\Espinola\Documents\Musicnotes
    2014-04-24 13:00 - 2014-04-24 13:00 - 00084780 _____ () C:\Users\Espinola\Downloads\Extras.Txt
    2014-04-24 12:59 - 2014-04-24 12:59 - 00082622 _____ () C:\Users\Espinola\Downloads\OTL.Txt
    2014-04-24 12:56 - 2014-04-24 12:56 - 01016261 _____ (Thisisu) C:\Users\Espinola\Downloads\JRT.exe
    2014-04-24 12:47 - 2014-04-24 12:47 - 00602112 _____ (OldTimer Tools) C:\Users\Espinola\Downloads\OTL.exe
    2014-04-22 15:23 - 2013-08-01 00:41 - 00000000 ___RD () C:\Users\Espinola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-04-22 15:23 - 2013-06-27 13:25 - 00000000 ___RD () C:\Users\Espinola\Dropbox
    2014-04-22 15:23 - 2013-06-27 13:22 - 00000000 ____D () C:\Users\Espinola\AppData\Roaming\Dropbox
    2014-04-22 14:51 - 2014-04-22 14:51 - 00000000 ____D () C:\Users\Espinola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-04-22 14:51 - 2014-04-22 14:51 - 00000000 ____D () C:\Users\Espinola\AppData\Roaming\DropboxMaster
    2014-04-22 09:06 - 2014-04-22 09:06 - 00316160 _____ (Dropbox, Inc.) C:\Users\Espinola\Downloads\DropboxInstaller.exe
    2014-04-21 07:54 - 2013-11-25 13:35 - 00000000 ____D () C:\Program Files (x86)\Citrix
    2014-04-21 07:52 - 2013-11-25 13:35 - 00000000 ____D () C:\Users\Espinola\AppData\Local\Citrix
    2014-04-21 07:44 - 2011-10-07 21:18 - 00000000 ____D () C:\Users\Espinola\Documents\1Jill
    2014-04-17 20:41 - 2011-11-02 22:16 - 00000000 ____D () C:\ProgramData\xml_param
    2014-04-11 17:30 - 2013-09-16 14:31 - 00000000 ___RD () C:\Users\Espinola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-04-11 17:30 - 2011-09-30 18:25 - 00133256 _____ () C:\Users\Espinola\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-04-11 17:30 - 2009-07-13 22:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
    2014-04-11 17:27 - 2009-07-13 21:45 - 00466784 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-04-11 17:14 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-04-11 17:14 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-04-11 17:08 - 2009-07-14 00:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-04-11 16:35 - 2012-05-05 11:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-04-10 12:11 - 2011-10-03 07:57 - 00777486 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
    2014-04-10 10:22 - 2014-04-10 10:19 - 00000000 ____D () C:\windows\system32\MRT
    2014-04-08 16:02 - 2014-04-08 16:02 - 00031777 _____ () C:\Users\Espinola\Documents\Tessa surf camp receipt.htm
    2014-04-08 16:02 - 2014-04-08 16:02 - 00000000 ____D () C:\Users\Espinola\Documents\Tessa surf camp receipt_files
    2014-04-02 19:47 - 2014-04-02 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-03-31 03:51 - 2012-02-07 16:03 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

    Some content of TEMP:
    ====================
    C:\Users\Espinola\AppData\Local\Temp\Abspdf.exe
    C:\Users\Espinola\AppData\Local\Temp\acfpdfu.dll
    C:\Users\Espinola\AppData\Local\Temp\acfpdfuamd64.dll
    C:\Users\Espinola\AppData\Local\Temp\acfpdfui.dll
    C:\Users\Espinola\AppData\Local\Temp\acfpdfuia64.dll
    C:\Users\Espinola\AppData\Local\Temp\acfpdfuiamd64.dll
    C:\Users\Espinola\AppData\Local\Temp\acfpdfuiia64.dll
    C:\Users\Espinola\AppData\Local\Temp\AskSLib.dll
    C:\Users\Espinola\AppData\Local\Temp\cdintf.dll
    C:\Users\Espinola\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxyrpl2.dll
    C:\Users\Espinola\AppData\Local\Temp\helper.exe
    C:\Users\Espinola\AppData\Local\Temp\InstallAX.exe
    C:\Users\Espinola\AppData\Local\Temp\mpegc.dll
    C:\Users\Espinola\AppData\Local\Temp\MSETUP4.EXE
    C:\Users\Espinola\AppData\Local\Temp\MySearchDial.exe
    C:\Users\Espinola\AppData\Local\Temp\PDFPRT400.exe
    C:\Users\Espinola\AppData\Local\Temp\Quarantine.exe
    C:\Users\Espinola\AppData\Local\Temp\readSTILog.dll
    C:\Users\Espinola\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Espinola\AppData\Local\Temp\sqlite3.exe
    C:\Users\Espinola\AppData\Local\Temp\xmllite.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-04-02 14:32

    ==================== End Of Log ============================


    • 0

    #7
    fletch11

    fletch11

      Member

    • Topic Starter
    • Member
    • PipPip
    • 52 posts

    Here is the Farbar ADDITION LOG (2 of 2):

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014
    Ran by Espinola at 2014-04-29 09:10:11
    Running from C:\Users\Espinola\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Microsoft Security Essentials (Disabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Disabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

    ==================== Installed Programs ======================

    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    Acronis True Image Home (HKLM-x32\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7160 - Acronis)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
    Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
    Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Aimersoft DVD to iPad Converter(Build 2.5.0.0) (HKLM-x32\...\Aimersoft DVD to iPad Converter_is1) (Version:  - Aimersoft Software)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
    Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
    Canon MX710 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX710_series) (Version:  - )
    Canon MX710 series On-screen Manual (HKLM-x32\...\Canon MX710 series On-screen Manual) (Version:  - )
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
    Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A3AD381D-848C-4478-80DC-228E37309308}) (Version:  - Microsoft)
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{A3AD381D-848C-4478-80DC-228E37309308}) (Version:  - Microsoft)
    Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
    Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Foxit Reader 5.0 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.0.2.718 - Foxit Corporation)
    iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
    Intel PROSet Wireless (Version:  - ) Hidden
    Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
    Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
    iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
    Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.)
    [email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
    Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
    Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
    Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
    Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
    Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Publisher 2010 (HKLM-x32\...\Office14.PUBLISHERR) (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Security Client (Version: 4.2.0223.1 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31010 - Microsoft Corporation) Hidden
    Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Musicnotes Software Suite 1.7.2 (HKLM-x32\...\Musicnotes Combined Installer_is1) (Version: 1.7.2 - Musicnotes Inc.)
    PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    QuickBooks (x32 Version: 23.0.4003.2305 - Intuit Inc.) Hidden
    QuickBooks Premier: Retail Edition 2013 (HKLM-x32\...\{308C9F09-B104-4E15-AD41-6CB69604E8BE}) (Version: 23.0.4003.2305 - Intuit Inc.)
    Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.20.503.2010 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
    Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
    Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
    Skype™ 6.6 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
    TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
    TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
    TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.18.64 - TOSHIBA Corporation)
    TOSHIBA eco Utility (Version: 1.2.18.64 - TOSHIBA Corporation) Hidden
    TOSHIBA eco Utility (x32 Version: 1.2.18.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
    TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
    TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.26C - TOSHIBA CORPORATION)
    TOSHIBA Hardware Setup (x32 Version: 1.63.0.26C - TOSHIBA CORPORATION) Hidden
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
    TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
    TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
    TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
    Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.6.22 - Symantec Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.1.64 - TOSHIBA Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (Version: 1.7.16.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
    TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
    TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION) Hidden
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
    TOSHIBA Value Added Package (Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Value Added Package (x32 Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
    ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
    Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PUBLISHERR_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PUBLISHERR_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version:  - Microsoft)
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version:  - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
    Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
    Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

    ==================== Restore Points  =========================

    18-03-2014 16:51:32 Windows Update
    21-03-2014 21:00:20 Windows Update
    26-03-2014 00:22:41 Windows Update
    29-03-2014 01:11:36 Windows Update
    02-04-2014 15:00:10 Windows Update
    08-04-2014 22:57:44 Windows Update
    10-04-2014 16:53:42 Windows Update
    14-04-2014 17:43:15 Windows Update
    17-04-2014 20:33:15 Windows Update
    21-04-2014 14:18:30 Windows Update
    21-04-2014 14:54:55 Removed Java™ 6 Update 20
    25-04-2014 19:11:38 Windows Update
    28-04-2014 20:35:56 Windows Update

    ==================== Hosts content: ==========================

    2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {81E1D550-CFEC-4CAB-9D33-D8B7AE5B21F5} - \Digital Sites No Task File <==== ATTENTION

    ==================== Loaded Modules (whitelisted) =============

    2010-07-19 16:48 - 2010-07-19 16:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2010-06-06 07:20 - 2010-06-06 07:20 - 00065344 _____ () C:\windows\System32\PDFreDirectMon64.dll
    2010-04-07 16:07 - 2010-04-07 16:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
    2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
    2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
    2010-10-28 20:59 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
    2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
    2009-07-25 17:38 - 2009-07-25 17:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
    2010-07-19 16:48 - 2010-07-19 16:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
    2010-03-12 15:41 - 2010-03-12 15:41 - 00417080 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
    2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
    2010-07-19 17:48 - 2010-07-19 17:48 - 00340240 _____ () C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
    2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
    2014-04-02 19:47 - 2014-04-02 19:47 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2013-07-05 15:40 - 2013-07-05 15:40 - 16033160 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== Disabled items from MSCONFIG ==============

    MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
    MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (04/29/2014 09:09:50 AM) (Source: DCOM) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Percentage of memory in use: 47%
    Total physical RAM: 3890.67 MB
    Available physical RAM: 2025.36 MB
    Total Pagefile: 7779.52 MB
    Available Pagefile: 5886.04 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (TI106045W0C) (Fixed) (Total:582.67 GB) (Free:237.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 7BEC2C48)
    Partition 1: (Active) - (Size=1 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=583 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=12 GB) - (Type=17)

    ==================== End Of Log ============================


    • 0

    #8
    fletch11

    fletch11

      Member

    • Topic Starter
    • Member
    • PipPip
    • 52 posts

    OTL Log:

    OTL logfile created on: 4/29/2014 9:15:17 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Espinola\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16866)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    3.80 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 51.69% Memory free
    7.60 Gb Paging File | 5.72 Gb Available in Paging File | 75.31% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 582.67 Gb Total Space | 237.64 Gb Free Space | 40.78% Space Free | Partition Type: NTFS
     
    Computer Name: ESPINOLA-PC | User Name: Espinola | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2014/04/24 12:47:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Espinola\Downloads\OTL.exe
    PRC - [2014/04/02 19:47:54 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2013/09/14 04:38:54 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    PRC - [2013/07/05 15:40:06 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
    PRC - [2012/10/17 04:05:08 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    PRC - [2011/07/25 12:10:34 | 000,468,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    PRC - [2010/10/20 12:37:28 | 000,115,056 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
    PRC - [2010/03/03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    PRC - [2009/12/25 15:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    PRC - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2014/04/02 19:47:36 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2013/09/14 02:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
    MOD - [2013/09/14 02:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
    MOD - [2013/07/05 15:40:05 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/09/28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2010/07/28 10:27:16 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2010/07/22 16:36:16 | 000,822,192 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV:64bit: - [2010/07/19 18:08:30 | 001,429,776 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2010/07/19 17:48:36 | 000,340,240 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2010/07/19 17:46:54 | 000,838,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2009/10/21 09:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
    SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV - [2014/04/02 19:47:53 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/06/21 00:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/10/17 06:42:24 | 000,045,056 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2012/10/17 04:05:08 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
    SRV - [2012/10/17 04:04:40 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2011/10/07 21:31:42 | 003,246,040 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
    SRV - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
    SRV - [2011/01/28 18:02:34 | 001,063,848 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2010/10/20 12:37:28 | 000,115,056 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/03/03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/10/06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe -- (PCCUJobMgr)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/12/13 15:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/07 21:31:44 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
    DRV:64bit: - [2011/10/07 21:31:39 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)
    DRV:64bit: - [2011/10/07 21:31:32 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
    DRV:64bit: - [2011/10/07 21:31:18 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/07/29 05:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/07/28 11:46:18 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2010/06/21 17:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/06/18 10:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/05/18 16:02:48 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
    DRV:64bit: - [2010/05/08 18:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
    DRV:64bit: - [2010/05/03 14:44:02 | 000,331,880 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/03/10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/02/27 07:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/01/15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
    DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/13 17:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
    DRV:64bit: - [2009/06/29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
    DRV:64bit: - [2009/06/29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
    DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {248E6208-0BDD-4325-8D8B-E0FF65FE8994}
    IE:64bit: - HKLM\..\SearchScopes\{248E6208-0BDD-4325-8D8B-E0FF65FE8994}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{1F3373B8-2047-47F3-BFE4-31649C8ACE4D}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.startup.homepage: "http://www.bbc.com/news/"
    FF - prefs.js..extensions.enabledAddons: pinterest%40robertnyman.com:1.1
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
    FF - user.js - File not found
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/04/02 19:47:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/04/02 19:47:24 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
     
    [2011/10/07 21:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Espinola\AppData\Roaming\Mozilla\Extensions
    [2014/04/21 07:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Espinola\AppData\Roaming\Mozilla\Firefox\Profiles\cq9wok0x.default\extensions
    [2014/04/21 07:43:14 | 000,018,590 | ---- | M] () (No name found) -- C:\Users\Espinola\AppData\Roaming\Mozilla\Firefox\Profiles\cq9wok0x.default\extensions\[email protected]
    [2014/04/02 19:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2014/04/02 19:47:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2014/04/02 19:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/04/02 19:47:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2014/04/02 19:47:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
     
    O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (no name) - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - No CLSID value found.
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: []  File not found
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
    O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
    O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
    O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
    O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Espinola\AppData\Local\Akamai\netsession_win.exe" File not found
    O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: jonesday.com ([]* in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7C41BF7-0BB2-4A5F-BEA8-550E7A3E99F9}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEB04055-85B2-408F-8648-4B47FA8AEE33}: NameServer = 0.0.0.0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0000752-8B75-41C3-B8FE-F7E0595C8BC5}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\intu-help-qb6 - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{39ccc1cd-58f9-11e3-a649-1c7508850c44}\Shell - "" = AutoRun
    O33 - MountPoints2\{39ccc1cd-58f9-11e3-a649-1c7508850c44}\Shell\AutoRun\command - "" = E:\DTVP_Launcher.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
     
    MsConfig:64bit - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    MsConfig:64bit - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    MsConfig:64bit - State: "startup" - Reg Error: Key error.
     
    SafeBootMin:64bit: AppMgmt - Service
    SafeBootMin:64bit: Base - Driver Group
    SafeBootMin:64bit: Boot Bus Extender - Driver Group
    SafeBootMin:64bit: Boot file system - Driver Group
    SafeBootMin:64bit: File system - Driver Group
    SafeBootMin:64bit: Filter - Driver Group
    SafeBootMin:64bit: HelpSvc - Service
    SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SafeBootMin:64bit: PCI Configuration - Driver Group
    SafeBootMin:64bit: PNP Filter - Driver Group
    SafeBootMin:64bit: Primary disk - Driver Group
    SafeBootMin:64bit: sacsvr - Service
    SafeBootMin:64bit: SCSI Class - Driver Group
    SafeBootMin:64bit: System Bus Extender - Driver Group
    SafeBootMin:64bit: vmms - Service
    SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootMin: AppMgmt - Service
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
     
    SafeBootNet:64bit: AppMgmt - Service
    SafeBootNet:64bit: Base - Driver Group
    SafeBootNet:64bit: Boot Bus Extender - Driver Group
    SafeBootNet:64bit: Boot file system - Driver Group
    SafeBootNet:64bit: File system - Driver Group
    SafeBootNet:64bit: Filter - Driver Group
    SafeBootNet:64bit: HelpSvc - Service
    SafeBootNet:64bit: Messenger - Service
    SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SafeBootNet:64bit: NDIS Wrapper - Driver Group
    SafeBootNet:64bit: NetBIOSGroup - Driver Group
    SafeBootNet:64bit: NetDDEGroup - Driver Group
    SafeBootNet:64bit: Network - Driver Group
    SafeBootNet:64bit: NetworkProvider - Driver Group
    SafeBootNet:64bit: PCI Configuration - Driver Group
    SafeBootNet:64bit: PNP Filter - Driver Group
    SafeBootNet:64bit: PNP_TDI - Driver Group
    SafeBootNet:64bit: Primary disk - Driver Group
    SafeBootNet:64bit: rdsessmgr - Service
    SafeBootNet:64bit: sacsvr - Service
    SafeBootNet:64bit: SCSI Class - Driver Group
    SafeBootNet:64bit: Streams Drivers - Driver Group
    SafeBootNet:64bit: System Bus Extender - Driver Group
    SafeBootNet:64bit: TDI - Driver Group
    SafeBootNet:64bit: vmms - Service
    SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet:64bit: WudfUsbccidDriver - Driver
    SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootNet: AppMgmt - Service
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vmms - Service
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
     
    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\System32\ie4uinit.exe -UserConfig
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX:64bit: >{4260FD8B-EB85-4A91-93B1-7EFD1CB5204D} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
     
    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
     
    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2014/04/29 09:08:45 | 000,000,000 | ---D | C] -- C:\FRST
    [2014/04/29 08:54:42 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
    [2014/04/29 08:02:24 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/04/22 14:51:37 | 000,000,000 | ---D | C] -- C:\Users\Espinola\AppData\Roaming\DropboxMaster
    [2014/04/22 14:51:32 | 000,000,000 | ---D | C] -- C:\Users\Espinola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    [2014/04/10 12:02:49 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmploc.DLL
    [2014/04/10 12:02:48 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmploc.DLL
    [2014/04/10 12:02:48 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
    [2014/04/10 12:02:46 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll
    [2014/04/10 10:45:59 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
    [2014/04/10 10:26:27 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
    [2014/04/10 10:26:26 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
    [2014/04/10 10:26:26 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
    [2014/04/10 10:26:26 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
    [2014/04/10 10:19:13 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
    [2014/04/10 09:53:15 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe
    [2014/04/10 09:53:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
    [2014/04/10 09:53:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll
    [2014/04/10 09:53:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\apisetschema.dll
    [2014/04/10 09:53:01 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
    [2014/04/10 09:53:01 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
    [2014/04/10 09:53:00 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
    [2014/04/10 09:51:45 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
    [2014/04/10 09:51:32 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
    [2014/04/10 09:51:32 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
    [2014/04/10 09:51:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\credui.dll
    [2014/04/10 09:51:32 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SmartcardCredentialProvider.dll
    [2014/04/10 09:51:32 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SmartcardCredentialProvider.dll
    [2014/04/10 09:51:21 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
    [2014/04/10 09:51:20 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
    [2014/04/10 09:51:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
    [2014/04/10 09:51:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
    [2014/04/10 09:51:11 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll
    [2014/04/10 09:51:11 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll
    [2014/04/10 09:50:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
    [2014/04/10 09:50:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
    [2014/04/10 09:50:44 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
    [2014/04/10 09:50:43 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
    [2014/04/10 09:50:43 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
    [2014/04/10 09:50:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
    [2014/04/10 09:50:39 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
    [2014/04/10 09:50:36 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
    [2014/04/10 09:50:35 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
    [2014/04/10 09:50:34 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
    [2014/04/10 09:50:32 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
    [2014/04/10 09:50:32 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
    [2014/04/10 09:50:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
    [2014/04/10 09:50:31 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
    [2014/04/10 09:50:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
    [2014/04/10 09:50:31 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
    [2014/04/10 09:50:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
    [2014/04/10 09:50:28 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
    [2014/04/10 09:50:28 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
    [2014/04/10 09:50:02 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate_isv.exe
    [2014/04/10 09:50:02 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate.exe
    [2014/04/10 09:50:02 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate_isv.exe
    [2014/04/10 09:50:01 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate.exe
    [2014/04/10 09:50:01 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate_ssp.exe
    [2014/04/10 09:50:01 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate_ssp_isv.exe
    [2014/04/10 09:50:01 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate_ssp.exe
    [2014/04/10 09:50:01 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate_ssp_isv.exe
    [2014/04/10 09:50:00 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msdrm.dll
    [2014/04/10 09:50:00 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc.dll
    [2014/04/10 09:50:00 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc_isv.dll
    [2014/04/10 09:50:00 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc.dll
    [2014/04/10 09:50:00 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc_isv.dll
    [2014/04/10 09:49:59 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc_ssp_isv.dll
    [2014/04/10 09:49:59 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc_ssp.dll
    [2014/04/10 09:49:59 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc_ssp_isv.dll
    [2014/04/10 09:49:59 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc_ssp.dll
    [2014/04/10 09:49:55 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
    [2014/04/10 09:49:55 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
    [2014/04/10 09:49:55 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
    [2014/04/10 09:49:55 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
    [2014/04/10 09:49:54 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
    [2014/04/10 09:49:54 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
    [2014/04/10 09:49:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
    [2014/04/10 09:49:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
    [2014/04/10 09:49:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
    [2014/04/10 09:49:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
    [2014/04/10 09:49:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
    [2014/04/10 09:49:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
    [2014/04/10 09:49:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2014/04/10 09:49:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2014/04/10 09:49:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
    [2014/04/10 09:49:50 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
    [2014/04/10 09:49:49 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
    [2014/04/10 09:49:49 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
    [2014/04/10 09:49:49 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\advapi32.dll
    [2014/04/10 09:49:48 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
    [2014/04/10 09:49:48 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdh.dll
    [2014/04/10 09:49:47 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdh.dll
    [2014/04/10 09:49:38 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
    [2014/04/10 09:49:38 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
    [2014/04/10 09:49:38 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
    [2014/04/10 09:49:38 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
    [2014/04/10 09:49:38 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
    [2014/04/10 09:49:19 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs
    [2014/04/10 09:49:19 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs
    [2014/04/10 09:49:19 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
    [2014/04/10 09:49:19 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
    [2014/04/10 09:49:19 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs
    [2014/04/10 09:49:19 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs
    [2014/04/10 09:49:18 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
    [2014/04/10 09:49:18 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
    [2014/04/10 09:49:18 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
    [2014/04/10 09:49:18 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs
    [2014/04/10 09:49:18 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs
    [2014/04/10 09:49:18 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs
    [2014/04/10 09:49:18 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs
    [2014/04/10 09:49:18 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs
    [2014/04/10 09:49:17 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
    [2014/04/10 09:49:17 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs
    [2014/04/10 09:49:17 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs
    [2014/04/10 09:49:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
    [2014/04/10 09:49:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
    [2014/04/10 09:49:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs
    [2014/04/10 09:49:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs
    [2014/04/10 09:49:16 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
    [2014/04/10 09:49:16 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
    [2014/04/10 09:49:15 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
    [2014/04/10 09:49:13 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs
    [2014/04/10 09:49:13 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs
    [2014/04/10 09:49:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs
    [2014/04/10 09:49:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs
    [2014/04/10 09:49:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs
    [2014/04/10 09:49:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs
    [2014/04/10 09:49:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
    [2014/04/10 09:49:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
    [2014/04/10 09:48:46 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
    [2014/04/10 09:48:46 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
    [2014/04/10 09:48:45 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll
    [2014/04/10 09:48:44 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll
    [2014/04/10 09:48:44 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll
    [2014/04/10 09:48:44 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll
    [2014/04/10 09:48:18 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
    [2014/04/10 09:48:18 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
    [2014/04/10 09:48:17 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
    [2014/04/10 09:48:17 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
    [2014/04/10 09:48:14 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll
    [2014/04/10 09:48:14 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll
    [2014/04/10 09:48:14 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll
    [2014/04/10 09:48:13 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll
    [2014/04/10 09:48:13 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe
    [2014/04/10 09:48:12 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll
    [2014/04/10 09:48:12 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll
    [2014/04/10 09:48:12 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll
    [2014/04/10 09:48:12 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssphtb.dll
    [2014/04/10 09:48:12 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe
    [2014/04/10 09:48:11 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll
    [2014/04/10 09:48:10 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll
    [2014/04/10 09:48:09 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msscntrs.dll
    [2014/04/10 09:48:01 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\esent.dll
    [2014/04/10 09:48:00 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\esent.dll
    [2014/04/10 09:48:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fsutil.exe
    [2014/04/10 09:47:59 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdsata.sys
    [2014/04/10 09:47:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fsutil.exe
    [2014/04/10 09:47:59 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdxata.sys
    [2014/04/10 09:47:34 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntshrui.dll
    [2014/04/10 09:47:30 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
    [2014/04/10 09:47:29 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
    [2014/04/10 09:47:24 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
    [2014/04/10 09:47:23 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
    [2014/04/10 09:47:07 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
    [2014/04/10 09:47:02 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
    [2014/04/10 09:47:02 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    [2014/04/10 09:47:01 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
    [2014/04/10 09:46:58 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\RNDISMP.sys
    [2014/04/10 09:46:53 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
    [2014/04/10 09:46:41 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys
    [2014/04/10 09:46:40 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys
    [2014/04/10 09:46:35 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
    [2014/04/10 09:46:34 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
    [2014/04/10 09:46:34 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
    [2014/04/10 09:46:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dciman32.dll
    [2014/04/10 09:46:33 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fontsub.dll
    [2014/04/10 09:46:33 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fontsub.dll
    [2014/04/10 09:46:33 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
    [2014/04/10 09:46:33 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lpk.dll
    [2014/04/10 09:46:33 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
    [2014/04/10 09:46:31 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscript.exe
    [2014/04/10 09:46:31 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wshom.ocx
    [2014/04/10 09:46:31 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wshom.ocx
    [2014/04/10 09:46:30 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scrrun.dll
    [2014/04/10 09:46:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\scrrun.dll
    [2014/04/10 09:46:30 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cscript.exe
    [2014/04/10 09:46:23 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
    [2014/04/10 09:46:23 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys
    [2014/04/10 09:46:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iologmsg.dll
    [2014/04/10 09:46:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iologmsg.dll
    [2014/04/10 09:46:16 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
    [2014/04/10 09:46:10 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\comctl32.dll
    [2014/04/10 09:46:09 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\prevhost.exe
    [2014/04/10 09:46:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\prevhost.exe
    [2014/04/10 09:46:07 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys
    [2014/04/10 09:46:07 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\drmk.sys
    [2014/04/10 09:46:05 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
    [2014/04/10 09:46:03 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wer.dll
    [2014/04/10 09:46:03 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wer.dll
    [2014/04/10 09:46:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll
    [2014/04/10 09:46:01 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msieftp.dll
    [2014/04/10 09:46:01 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msieftp.dll
    [2014/04/10 09:45:54 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe
    [2014/04/10 09:45:44 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xmllite.dll
    [2014/04/10 09:45:43 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
    [2014/04/10 09:45:42 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
    [2014/04/10 09:45:39 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
    [2014/04/10 09:45:39 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidparse.sys
    [2014/04/10 09:45:38 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\timedate.cpl
    [2014/04/10 09:45:38 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\timedate.cpl
    [2014/04/10 09:45:36 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\davclnt.dll
    [2014/04/10 09:45:33 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
    [2014/04/10 09:45:32 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
    [2014/04/10 09:45:31 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\ataport.sys
    [2014/04/10 09:22:03 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
    [2014/04/10 09:21:43 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
    [2014/04/10 09:21:38 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
    [2014/04/10 09:21:38 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
    [2014/04/10 09:21:38 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
    [2014/04/10 09:21:37 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
    [2014/04/10 09:21:25 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scavengeui.dll
    [2014/04/08 16:02:51 | 000,000,000 | ---D | C] -- C:\Users\Espinola\Documents\Tessa surf camp receipt_files
    [2014/04/02 19:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/07/08 14:28:18 | 001,736,704 | ---- | C] (Don HO [email protected]) -- C:\Program Files\notepad++.exe
    [2013/01/31 14:51:14 | 000,921,600 | ---- | C] (Neil Hodgson [email protected]) -- C:\Program Files\SciLexer.dll
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2014/04/29 09:12:00 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/04/29 09:12:00 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/04/29 08:53:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2014/04/29 08:16:21 | 000,783,270 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2014/04/29 08:16:21 | 000,663,434 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2014/04/29 08:16:21 | 000,122,270 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2014/04/29 08:09:59 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
    [2014/04/29 07:57:21 | 000,000,048 | ---- | M] () -- C:\Users\Espinola\AppData\Roaming\WB.CFG
    [2014/04/11 17:27:00 | 000,466,784 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2014/04/10 12:11:00 | 000,777,486 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2014/04/08 16:02:54 | 000,031,777 | ---- | M] () -- C:\Users\Espinola\Documents\Tessa surf camp receipt.htm
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2014/04/10 10:26:26 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2014/04/10 09:47:29 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2014/04/08 16:02:51 | 000,031,777 | ---- | C] () -- C:\Users\Espinola\Documents\Tessa surf camp receipt.htm
    [2014/02/27 19:55:01 | 000,000,048 | ---- | C] () -- C:\Users\Espinola\AppData\Roaming\WB.CFG
    [2013/07/09 04:21:56 | 000,000,095 | ---- | C] () -- C:\windows\QBChanUtil_Trigger.ini
    [2013/07/03 16:17:06 | 000,004,981 | ---- | C] () -- C:\Program Files\functionList.xml
    [2013/06/09 01:42:56 | 000,003,375 | ---- | C] () -- C:\Program Files\contextMenu.xml
    [2013/05/03 12:20:20 | 000,110,422 | ---- | C] () -- C:\Program Files\langs.model.xml
    [2013/03/17 15:43:16 | 000,095,686 | ---- | C] () -- C:\Program Files\stylers.model.xml
    [2013/01/06 17:39:58 | 000,004,575 | ---- | C] () -- C:\Program Files\config.model.xml
    [2012/11/02 02:08:34 | 000,000,000 | ---- | C] () -- C:\Program Files\doLocalConf.xml
    [2012/11/02 02:08:28 | 000,002,111 | ---- | C] () -- C:\Program Files\shortcuts.xml
    [2012/11/01 15:22:55 | 000,004,096 | -H-- | C] () -- C:\Users\Espinola\AppData\Local\keyfile3.drm
    [2012/10/17 03:54:22 | 000,667,280 | ---- | C] () -- C:\windows\SysWow64\tx12.dll
    [2012/10/17 03:54:22 | 000,000,530 | ---- | C] () -- C:\windows\SysWow64\tx12_ic.ini
    [2012/10/17 03:54:16 | 000,000,186 | ---- | C] () -- C:\windows\SysWow64\Gsw32.exe.config
     
    ========== ZeroAccess Check ==========
     
    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== Custom Scans ==========
     
    ========== Drive Information ==========
     
    Physical Drives
    ---------------
     
    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: TOSHIBA MK6465GSXN
    Partitions: 3
    Status: OK
    Status Info: 0
     
    Partitions
    ---------------
     
    DeviceID: Disk #0, Partition #0
    PartitionType: Unknown
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 1.00GB
    Starting Offset: 1048576
    Hidden sectors: 0
     
     
    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 583.00GB
    Starting Offset: 1573912576
    Hidden sectors: 0
     
     
    DeviceID: Disk #0, Partition #2
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 12.00GB
    Starting Offset: 627216220160
    Hidden sectors: 0
     
     
    < %SYSTEMDRIVE%\*.exe >
     
    < %systemroot%\assembly\GAC_32\*.ini >
     
    < %systemroot%\assembly\GAC_64\*.ini >
     
    < %SYSTEMDRIVE%\*.exe >
     
    < %ALLUSERSPROFILE%\Application Data\*.exe >
     
    < %APPDATA%\*. >
    [2011/10/15 15:43:13 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Acronis
    [2013/10/20 21:43:40 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Adobe
    [2013/08/30 10:18:25 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Apple Computer
    [2012/08/23 08:33:20 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Canon
    [2012/08/31 10:27:46 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/08/30 12:47:44 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2014/04/22 15:23:46 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Dropbox
    [2014/04/22 14:51:38 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\DropboxMaster
    [2011/10/26 15:18:16 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Foxit Software
    [2013/05/15 06:56:21 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Garmin
    [2011/10/18 08:17:42 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\HP
    [2013/07/25 06:09:29 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\ICAClient
    [2011/09/30 18:21:18 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Identities
    [2012/04/14 13:15:14 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\InstallShield
    [2011/09/30 18:23:33 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Intel
    [2011/10/19 10:20:37 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Intuit
    [2012/04/14 13:16:09 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Logitech
    [2011/09/30 18:26:41 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Macromedia
    [2009/07/14 00:44:38 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Media Center Programs
    [2014/04/22 08:42:41 | 000,000,000 | --SD | M] -- C:\Users\Espinola\AppData\Roaming\Microsoft
    [2011/10/07 21:03:48 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Mozilla
    [2013/03/26 07:29:31 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Musicnotes
    [2012/09/15 10:02:14 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\No Company Name
    [2011/10/20 00:01:50 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\PDF reDirect
    [2013/02/17 09:08:44 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Sibelius Software
    [2013/11/26 10:23:22 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Skype
    [2011/10/03 07:35:15 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Tific
    [2013/07/10 19:09:45 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Toshiba
    [2011/09/30 18:20:20 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\WinBatch
    [2012/10/12 13:50:24 | 000,000,000 | ---D | M] -- C:\Users\Espinola\AppData\Roaming\Worksimaging
     
    < MD5 for: ATAPI.SYS  >
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
     
    < MD5 for: CSRSS.EXE  >
    [2009/07/13 18:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\windows\SysNative\csrss.exe
    [2009/07/13 18:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
     
    < MD5 for: EXPLORER.EXE  >
    [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
    [2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
    [2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
     
    < MD5 for: MSWSOCK.DLL  >
    [2009/07/13 18:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
    [2010/11/20 06:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
    [2013/09/06 19:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
    [2010/11/20 05:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
    [2013/09/07 19:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\windows\SysNative\mswsock.dll
    [2013/09/07 19:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
    [2013/09/06 19:24:39 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
    [2013/09/07 19:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll
    [2013/09/07 19:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll
    [2009/07/13 18:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll
     
    < MD5 for: NAPINSP.DLL  >
    [2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
    [2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
    [2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\windows\SysNative\NapiNSP.dll
    [2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll
     
    < MD5 for: NLAAPI.DLL  >
    [2009/07/13 18:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
    [2012/01/13 00:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
    [2012/01/13 00:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
    [2010/11/20 05:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
    [2012/10/03 09:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
    [2010/11/20 06:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
    [2012/10/03 10:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\windows\SysNative\nlaapi.dll
    [2012/10/03 10:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
    [2009/07/13 18:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll
    [2012/10/03 10:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll
     
    < MD5 for: PNRPNSP.DLL  >
    [2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
    [2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
    [2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\windows\SysNative\pnrpnsp.dll
    [2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll
     
    < MD5 for: PRINTISOLATIONHOST.EXE  >
    [2009/07/13 18:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\windows\SysNative\PrintIsolationHost.exe
    [2009/07/13 18:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe
     
    < MD5 for: SERVICES.EXE  >
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
     
    < MD5 for: SVCHOST.EXE  >
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
    [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
     
    < MD5 for: USER32.DLL  >
    [2010/11/20 05:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
    [2010/11/20 05:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    [2009/07/13 18:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [2009/07/13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    [2010/11/20 06:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
    [2010/11/20 06:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
     
    < MD5 for: USERINIT.EXE  >
    [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
    [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
     
    < MD5 for: WINLOGON.EXE  >
    [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
    [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
     
    < MD5 for: WINRNR.DLL  >
    [2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\windows\SysNative\winrnr.dll
    [2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
    [2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
    [2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll
     
    < MD5 for: WSHELPER.DLL  >
    [2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
    [2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
    [2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\windows\SysNative\wshelper.dll
    [2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll
     
    < C:\Windows\assembly\tmp\U\*.* /s >
     
    < %systemroot%\*. /mp /s >
     
    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2014/04/02 19:47:34 | 000,878,024 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2014/04/02 19:47:34 | 000,878,024 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2014/04/02 19:47:34 | 000,878,024 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2014/04/02 19:47:54 | 000,275,568 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2014/04/02 19:47:54 | 000,275,568 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2014/04/02 19:47:54 | 000,275,568 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/03/13 01:39:35 | 000,775,344 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2014/03/13 01:39:35 | 000,775,344 | ---- | M] (Microsoft Corporation)
     
    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2014/04/02 19:47:34 | 000,878,024 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2014/04/02 19:47:34 | 000,878,024 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2014/04/02 19:47:34 | 000,878,024 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2014/04/02 19:47:54 | 000,275,568 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2014/04/02 19:47:54 | 000,275,568 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2014/04/02 19:47:54 | 000,275,568 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2014/03/12 23:33:52 | 000,051,712 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2014/03/12 23:33:52 | 000,051,712 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2014/03/12 23:33:52 | 000,051,712 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2014/03/13 01:39:35 | 000,775,344 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2014/03/13 01:39:35 | 000,775,344 | ---- | M] (Microsoft Corporation)
     
    < %systemroot%\system32\*.dll /lockedfiles >
     
    < %systemroot%\Tasks\*.job /lockedfiles >
     
    < %ProgramFiles%\WINDOWS NT\*.* /s >
    [2010/11/20 05:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
    [2009/07/13 18:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
    [2009/07/13 19:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
    [2009/07/13 18:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
    [2009/06/10 14:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
    [2009/06/10 14:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
    [2009/06/10 14:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
    [2009/06/10 14:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
    [2009/06/10 14:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
    [2009/06/10 14:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
    [2009/06/10 14:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
    [2009/07/13 19:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui
     
    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < End of report >
     


    • 0

    #9
    fletch11

    fletch11

      Member

    • Topic Starter
    • Member
    • PipPip
    • 52 posts

    OTL Extras Log:

    OTL Extras logfile created on: 4/29/2014 9:15:17 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Espinola\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16866)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    3.80 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 51.69% Memory free
    7.60 Gb Paging File | 5.72 Gb Available in Paging File | 75.31% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 582.67 Gb Total Space | 237.64 Gb Free Space | 40.78% Space Free | Partition Type: NTFS
     
    Computer Name: ESPINOLA-PC | User Name: Espinola | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (All) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
    .cpl[@ = cplfile] -- C:\windows\SysNative\control.exe (Microsoft Corporation)
    .hlp[@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
    .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf[@ = inffile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = JSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\windows\SysWow64\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{043E1FB7-7DCF-47DB-909C-F683E7F34DC0}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{06C77730-240E-44B8-B09C-962BA50C17D6}" = lport=139 | protocol=6 | dir=in | app=system |
    "{0D51337D-70C7-4CE4-B29B-E607A362B5E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{0EB4D3CE-6D9D-4182-8079-6CC0B407D166}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{157EFBA9-2B1B-49D1-A3BF-FC8C45F87354}" = lport=137 | protocol=17 | dir=in | app=system |
    "{191155E7-7206-40AD-8063-EF9946BC78FE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{1CFA8F35-FE06-482E-8DDA-FEABD48ECDFC}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{22073A84-2657-44D8-9942-8BB687AC0937}" = rport=138 | protocol=17 | dir=out | app=system |
    "{2733ABD6-B46F-49F1-905C-EEAE43DC9A72}" = lport=138 | protocol=17 | dir=in | app=system |
    "{27957518-ACD5-4934-B5EF-08FB711ACB67}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{3927D299-0EE9-4485-A086-FF94F6DE88B6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{4C32B208-DB54-4AE7-972C-874560F9EF16}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{4FCB5E00-597C-48CF-A595-5C29D0EC5432}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5C045E52-C044-4021-AF11-B4104B8412C9}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6AFD1BDD-8276-4E2E-8D9F-58F754801A3A}" = lport=445 | protocol=6 | dir=in | app=system |
    "{6C4C0A05-03AF-40FB-B373-49D902FE1A69}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{7B4D1C50-BF9E-46FB-8571-46F8A3EE887F}" = lport=10255 | protocol=6 | dir=in | name=tmc_plugin_port |
    "{89A5E90E-7C52-4B4E-9567-C883CA1600DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{89D536F4-6FF2-4B73-8FCC-DF089D0F9DD0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AB120CFC-6FB7-41CB-AC58-D6DF35808AAA}" = rport=445 | protocol=6 | dir=out | app=system |
    "{B67AC5C2-E45A-486A-AAA0-9BE0D1010A84}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BF0BDF42-6003-4BDC-B307-B0B1478131AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C997BB24-E4D5-430F-89FA-760F3098DE4E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D119173A-94C1-42D3-A2D4-99B7BE2C1C2B}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{D43B3071-A30F-4739-AD47-B6E4D81D8AEA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D4750081-2CD1-4258-A671-BB81D08DF898}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D64D5788-F0D5-449C-AF3E-02592B3667BC}" = rport=137 | protocol=17 | dir=out | app=system |
    "{DF125488-F7EC-4DA6-BC78-E96AC7D6B8A5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{EAED2F2C-50C3-4BD8-963C-FD28973A15FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{027433D4-623C-4DC0-B0A4-5B6D96D30A0C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{06C75A54-DA17-455C-B451-47D71D6FEA01}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{07E182A7-762E-41D3-A2CC-07F77CDB9125}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
    "{0C6C7084-54D5-4764-9AD3-80F81914566B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
    "{0D83A39A-EB5E-40C5-8BDC-235DB517765B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{1126A179-9BF4-40C6-BEDE-F605B7BAB29F}" = protocol=58 | dir=in | [email protected],-28545 |
    "{169B4AD6-EE43-4304-B5BC-D164DA14BD46}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
    "{1AE6E4C9-38DB-4D16-808F-C5BCD0D37927}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{266CDD2E-3274-427C-B823-3B519773FE02}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{27829300-9DE5-434C-BFD6-11A7B590822D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{2AE71396-32BD-45A9-B797-635E160436AA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{2E81F690-6F6D-4415-BB75-CEC961549432}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{33BD1037-CE68-423B-A86E-1CD64047915D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{345F0876-647B-478C-ACFF-6E97E0795115}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{396794DF-93A4-4FD4-90BF-F16D1A4A54BF}" = protocol=17 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
    "{39F5CA89-BAB2-4F7C-83D5-A0C344583B58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3DD27F10-BAA0-40CC-8650-10CAB2F194E3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
    "{4502FBD0-4AA2-47AD-803F-DF0EB752BE8B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{456FF3A0-F569-4682-86E8-E8FC27BEB3EB}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{50FE1F07-4F9E-4928-97AE-291CF2C747C1}" = protocol=6 | dir=in | app=c:\users\espinola\appdata\roaming\dropbox\bin\dropbox.exe |
    "{55F03252-A186-45FC-83A3-C0A557783BAA}" = protocol=6 | dir=in | app=c:\users\espinola\appdata\local\temp\7zs6185.tmp\symnrt.exe |
    "{5AFBEE35-3C56-41F2-BE77-5C372F6310DE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{66B668C6-E22C-42FC-ABFF-4A3B81FE9A7F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{73A15B5C-62BE-4E33-87A2-FECD81965183}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
    "{89198910-9889-462A-951E-FFD27BD4F17E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{8EF52E28-E139-4486-976E-7709B6DA7C94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9318CAD8-DC2C-4FF7-9B60-FA3CAF80080D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{98F5F2AE-45C2-4C9E-84BF-8AEB3529B524}" = protocol=1 | dir=out | [email protected],-28544 |
    "{A4DF1FDC-98CD-4526-8E52-3903519FB405}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{A68B4F69-3889-44F3-94A9-C3B4B0D0872F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B02DA483-25B7-4A28-A99A-AA9EA817D5E4}" = protocol=6 | dir=out | app=system |
    "{B1BF20F7-CAF8-4FCE-8BA6-0A61237FD971}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B448EFC0-ECED-41D7-A797-BAF09D603160}" = protocol=17 | dir=in | app=c:\users\espinola\appdata\roaming\dropbox\bin\dropbox.exe |
    "{B8CE88E2-FFCF-4614-BA4B-2904F01A74B6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{B908D962-A932-4DCD-8E97-42F55E6FEF10}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{BE849B79-E0D2-457B-8513-49EEC29ECBB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C345C165-B0DE-49A7-A157-A71AC0BFFD0A}" = protocol=6 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
    "{C4529C98-DA9A-4FDE-A49E-0FC3C9F045C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{C4C70778-AD46-4A67-80AF-18937CDBAFA6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{CC85FE8A-100D-4248-B333-15067E433E4F}" = protocol=17 | dir=in | app=c:\users\espinola\appdata\local\temp\7zs6185.tmp\symnrt.exe |
    "{CD0BFBF3-A479-4FEA-818E-5BB55C255EB4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{CE2740D9-9EC6-491E-828B-3F14193C2ACC}" = dir=in | app=d:\setup\hpznui40.exe |
    "{DD170A59-5C0C-4B9B-9247-8F17CE4962CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DE016067-4FE9-47DB-B315-2170BB412B71}" = protocol=58 | dir=out | [email protected],-28546 |
    "{E3810413-1705-4A1C-88BB-9D1AE997174F}" = protocol=1 | dir=in | [email protected],-28543 |
    "{E7F8805C-703B-481A-AE7D-58C4FB1B5283}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{EA962BB3-ECD5-4762-8C92-825178DACF56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{EE829392-E63F-41F8-BE79-0A39D3371977}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{EF55BF4A-4860-4FEB-B256-EA46C36F3B9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F2C49491-AD9B-493E-93C1-73056B5533BC}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{F484E01F-2A54-4298-826F-E38A14020EF2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{F4E82317-ABC7-4313-B8E9-D6E40B6A4A5F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F4F21322-671B-4C89-945E-AF2D5A5007CB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
    "{F839BC8E-00C7-4BBC-8D19-26478B4C4032}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "TCP Query User{1A16053C-466B-4FFB-B127-4E7ECE372F74}C:\users\espinola\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\espinola\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{3EBB88BA-AB35-40DF-9396-36B089450040}C:\users\espinola\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\espinola\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{46BFA6FC-5146-4DD5-A5B0-7530D6822381}C:\users\espinola\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\espinola\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{4CF757F0-A3B4-4D1D-BDDB-9FD308050B17}C:\program files (x86)\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
    "UDP Query User{04916A37-7090-40B5-92CE-4C6FA98F6788}C:\program files (x86)\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
    "UDP Query User{3EB4FB5E-92F1-48D8-9934-AEEEEF536508}C:\users\espinola\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\espinola\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{63789DA2-B5B1-4E02-A0A3-70EDF080A215}C:\users\espinola\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\espinola\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{C306A44F-0405-4785-BC28-D94686DE5DD1}C:\users\espinola\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\espinola\appdata\local\akamai\netsession_win.exe |
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX710_series" = Canon MX710 series MP Drivers
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
    "{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel® PROSet/Wireless WiFi Software
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel® Wireless Display
    "{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
    "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
    "{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
    "{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
    "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{308C9F09-B104-4E15-AD41-6CB69604E8BE}" = QuickBooks Premier: Retail Edition 2013
    "{3167CC62-C775-4E47-92C1-73EBB845751A}" = QuickBooks
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
    "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
    "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
    "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
    "{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
    "{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PUBLISHERR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PUBLISHERR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010
    "{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
    "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
    "{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
    "{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
    "Aimersoft DVD to iPad Converter_is1" = Aimersoft DVD to iPad Converter(Build 2.5.0.0)
    "AudibleDownloadManager" = Audible Download Manager
    "Canon MX710 series On-screen Manual" = Canon MX710 series On-screen Manual
    "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenuEX" = Canon Solution Menu EX
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
    "Foxit Reader_is1" = Foxit Reader 5.0
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 5.1" = Canon MP Navigator EX 5.1
    "Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.7.2
    "NortonPCCheckup" = Toshiba Laptop Checkup
    "Office14.PUBLISHERR" = Microsoft Publisher 2010
    "Office14.SingleImage" = Microsoft Office Home and Business 2010
    "PDF reDirect" = PDF reDirect (remove only)
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "WinLiveSuite" = Windows Live Essentials
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
     
    ========== Last 20 Event Log Errors ==========
     
    [ System Events ]
    Error - 4/29/2014 12:09:50 PM | Computer Name = Espinola-PC | Source = DCOM | ID = 10010
    Description =
     
     
    < End of report >
     


    • 0

    #10
    fletch11

    fletch11

      Member

    • Topic Starter
    • Member
    • PipPip
    • 52 posts

    I think that is everything you asked for.  Please let me know if I've missed a step.  Thank you in advance for any advice.  I really appreciate it.  Jill


    • 0

    Advertisements


    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP
     
     
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
     
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that then you should be able to boot into regular mode.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
    If it doesn't reboot automatically please reboot.
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.
     
     
    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     

    • 0

    #12
    fletch11

    fletch11

      Member

    • Topic Starter
    • Member
    • PipPip
    • 52 posts

    I cleared the system and application logs in the event viewer.

     

    I ran FRST - here is the fix log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2014
    Ran by Espinola at 2014-04-29 10:55:49 Run:1
    Running from C:\FRST
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-1128360627-1436904473-556086094-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Espinola\AppData\Local\Akamai\netsession_win.exe"
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {1F3373B8-2047-47F3-BFE4-31649C8ACE4D} URL =
    SearchScopes: HKCU - {248E6208-0BDD-4325-8D8B-E0FF65FE8994} URL =
    BHO-x32: No Name - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} -  No File
    BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-04-02]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-04-02]
    C:\Users\Espinola\AppData\Local\Temp\Abspdf.exe
    C:\Users\Espinola\AppData\Local\Temp\acfpdfu.dll
    C:\Users\Espinola\AppData\Local\Temp\acfpdfuamd64.dll
    C:\Users\Espinola\AppData\Local\Temp\acfpdfui.dll
    C:\Users\Espinola\AppData\Local\Temp\acfpdfuia64.dll
    C:\Users\Espinola\AppData\Local\Temp\acfpdfuiamd64.dll
    C:\Users\Espinola\AppData\Local\Temp\acfpdfuiia64.dll
    C:\Users\Espinola\AppData\Local\Temp\AskSLib.dll
    C:\Users\Espinola\AppData\Local\Temp\cdintf.dll
    C:\Users\Espinola\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxyrpl2.dll
    C:\Users\Espinola\AppData\Local\Temp\helper.exe
    C:\Users\Espinola\AppData\Local\Temp\InstallAX.exe
    C:\Users\Espinola\AppData\Local\Temp\mpegc.dll
    C:\Users\Espinola\AppData\Local\Temp\MSETUP4.EXE
    C:\Users\Espinola\AppData\Local\Temp\MySearchDial.exe
    C:\Users\Espinola\AppData\Local\Temp\PDFPRT400.exe
    C:\Users\Espinola\AppData\Local\Temp\Quarantine.exe
    C:\Users\Espinola\AppData\Local\Temp\readSTILog.dll
    C:\Users\Espinola\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Espinola\AppData\Local\Temp\sqlite3.exe
    C:\Users\Espinola\AppData\Local\Temp\xmllite.dll
    Task: {81E1D550-CFEC-4CAB-9D33-D8B7AE5B21F5} - \Digital Sites No Task File <==== ATTENTION
    R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [115056 2010-10-20] (Symantec Corporation)
    R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
    S3 EraserUtilDrv11113; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [X]
    C:\Program Files (x86)\Norton PC Checkup
    Norton PC Checkup Application Launcher
    PCCUJobMgr

    *****************

    HKU\S-1-5-21-1128360627-1436904473-556086094-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => Value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F3373B8-2047-47F3-BFE4-31649C8ACE4D} => Key deleted successfully.
    HKCR\CLSID\{1F3373B8-2047-47F3-BFE4-31649C8ACE4D} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{248E6208-0BDD-4325-8D8B-E0FF65FE8994} => Key deleted successfully.
    HKCR\CLSID\{248E6208-0BDD-4325-8D8B-E0FF65FE8994} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
    HKCR\PROTOCOLS\Handler\intu-help-qb6 => Key deleted successfully.
    HKCR\CLSID\{6898B29B-BF49-43cb-A0B1-D0B9496AF491} => Key not found.
    HKCR\PROTOCOLS\Handler\qbwc => Key deleted successfully.
    HKCR\CLSID\{FC598A64-626C-4447-85B8-53150405FD57} => Key not found.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully.
    C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\Abspdf.exe => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\acfpdfu.dll => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\acfpdfuamd64.dll => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\acfpdfui.dll => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\acfpdfuia64.dll => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\acfpdfuiamd64.dll => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\acfpdfuiia64.dll => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\AskSLib.dll => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\cdintf.dll => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxyrpl2.dll => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\helper.exe => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\InstallAX.exe => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\mpegc.dll => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\MSETUP4.EXE => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\MySearchDial.exe => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\PDFPRT400.exe => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\readSTILog.dll => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\sqlite3.exe => Moved successfully.
    C:\Users\Espinola\AppData\Local\Temp\xmllite.dll => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81E1D550-CFEC-4CAB-9D33-D8B7AE5B21F5} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81E1D550-CFEC-4CAB-9D33-D8B7AE5B21F5} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites => Key deleted successfully.
    Norton PC Checkup Application Launcher => Unable to stop service
    Norton PC Checkup Application Launcher => Service deleted successfully.
    PCCUJobMgr => Unable to stop service
    PCCUJobMgr => Service deleted successfully.
    EraserUtilDrv11113 => Service deleted successfully.

    "C:\Program Files (x86)\Norton PC Checkup" directory move:

    C:\Program Files (x86)\Norton PC Checkup\isolate.ini => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine64\2.0.6.22\ccIPC.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine64\2.0.6.22\ccSet.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine64\2.0.6.22\ccSvc.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine64\2.0.6.22\ccVrTrst.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccIPC.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccJobMgr.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccL90U.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSet.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvc.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccVrTrst.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\diLueCbk.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\hsplayer.dat => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\hsplayer.dll => Moved successfully.
    Could not move "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\hsplayer.exe" => Scheduled to move on reboot.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\InstallHelper.exe => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\Norton PC Checkup.exe => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\Norton_Client.exe => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\Norton_PC_Checkup_Updater.exe => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\OemStop.exe => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\preferences.dat => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\Resource.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ScheduleWinExe.exe => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\service.dat => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCUAlive.exe => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCUAlive.xml => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCUMigration.exe => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\TestWorker.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\Tific.ocx => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\unicows.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\version.txt => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\{2A85E335-7417-424d-AD89-31DED1689794}.dat => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\{F8D07955-00ED-4093-88AA-0A0F69AFD83C}.dat => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\styles\102\en\Main.css => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\styles\102\en\Main.swf => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\nss\ccL70U.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\nss\ccScanw.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\nss\ccVrTrst.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\nss\dec_abi.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\nss\DefUtDCD.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\nss\ecmldr32.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\nss\Microsoft.VC80.CRT.manifest => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\nss\msl.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\nss\msvcp80.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\nss\msvcr80.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\nss\OEMScanner.exe => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\nss\patch25d.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\nss\SAUpdt.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\nss\ScanCore.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\.CLT2010.exe => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\.CLT2011.exe => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\ccL100U.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\ccL90U.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\isolate.ini => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\libeay32.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\SymNSPDetector.exe => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\symNSPDetector3PP.xml.enc => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\symNSPDetectorNSP.xml.enc => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\symNSPDetectorNUP.xml.enc => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\SymNSPScanner.exe => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\Microsoft.VC90.CRT\msvcm90.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\Microsoft.VC90.CRT\msvcp90.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\Microsoft.VC90.CRT\msvcr90.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\legacy\ccL80U.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\legacy\isolate.ini => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\legacy\Microsoft.VC80.CRT.manifest => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\legacy\msvcm80.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\legacy\msvcp80.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\legacy\msvcr80.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\legacy\SymClgX.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\legacy\symNPD.exe => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\legacy\symNPDScan.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\scanners\npd\legacy\SymXPep2.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\Microsoft.VC90.CRT\msvcm90.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\Microsoft.VC90.CRT\msvcp90.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\Microsoft.VC90.CRT\msvcr90.dll => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\logs\InstallHelper.log => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\logs\placeholder.txt => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\Icon\icon.ico => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\content\102\Resources_en_US.swf => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\content\102\html\en\2\help.htm => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\content\102\html\en\1\help.htm => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\config\ProfileConfig.swf => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\config\102\Config.swf => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\Common Client\JobMgr\Jobs\ccJobSch.dat => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\Common Client\ccJobMgr\Jobs\ccJobMgr.dat => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\Cache\tificps.symantec.com\OffLineCache.zip => Moved successfully.
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\Cache\tificps-qa.symantec.com\OffLineCache.zip => Moved successfully.
    Could not move "C:\Program Files (x86)\Norton PC Checkup" directory. => Scheduled to move on reboot.


    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-29 10:58:37)<=

    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\hsplayer.exe => Is moved successfully.
    C:\Program Files (x86)\Norton PC Checkup => Moved successfully.

    ==== End of Fixlog ====


    • 0

    #13
    fletch11

    fletch11

      Member

    • Topic Starter
    • Member
    • PipPip
    • 52 posts

    This is the FRST scan log (after I ran "fix"):

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014
    Ran by Espinola (administrator) on ESPINOLA-PC on 29-04-2014 12:11:10
    Running from C:\FRST
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\windows\system32\WLANExt.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
    (TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\windows\system32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Intel Corporation) C:\windows\system32\igfxext.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
    HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation)
    HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-19] (Intel® Corporation)
    HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
    HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
    HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
    HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.)
    HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-04-01] (TOSHIBA)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
    HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-17] (Intuit Inc. All rights reserved.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1128360627-1436904473-556086094-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
    HKU\S-1-5-21-1128360627-1436904473-556086094-1001\...\MountPoints2: {39ccc1cd-58f9-11e3-a649-1c7508850c44} - E:\DTVP_Launcher.exe

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
    SearchScopes: HKLM - DefaultScope {248E6208-0BDD-4325-8D8B-E0FF65FE8994} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKLM - {248E6208-0BDD-4325-8D8B-E0FF65FE8994} URL = http://www.google.co...ng}&rlz=1I7TSNF
    SearchScopes: HKLM-x32 - {1F3373B8-2047-47F3-BFE4-31649C8ACE4D} URL = http://www.google.co...ng}&rlz=1I7TSNF
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{EEB04055-85B2-408F-8648-4B47FA8AEE33}: [NameServer]0.0.0.0

    FireFox:
    ========
    FF ProfilePath: C:\Users\Espinola\AppData\Roaming\Mozilla\Firefox\Profiles\cq9wok0x.default
    FF Homepage: hxxp://www.bbc.com/news/
    FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
    FF Plugin-x32: @Sibelius.com/Scorch Plugin - C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
    FF Extension: Pin It button - C:\Users\Espinola\AppData\Roaming\Mozilla\Firefox\Profiles\cq9wok0x.default\Extensions\[email protected] [2014-04-21]

    ==================== Services (Whitelisted) =================

    S3 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-04-29 09:10 - 2014-04-29 09:10 - 00031954 _____ () C:\Users\Espinola\Downloads\Addition.txt
    2014-04-29 09:09 - 2014-04-29 09:10 - 00068040 _____ () C:\Users\Espinola\Downloads\FRST.txt
    2014-04-29 09:08 - 2014-04-29 12:11 - 00000000 ____D () C:\FRST
    2014-04-29 09:00 - 2014-04-29 09:00 - 00008550 _____ () C:\Users\Espinola\Desktop\JRT.txt
    2014-04-29 08:54 - 2014-04-29 08:54 - 00000000 ____D () C:\windows\ERUNT
    2014-04-29 08:23 - 2014-04-29 08:23 - 01016261 _____ (Thisisu) C:\Users\Espinola\Downloads\JRT(1).exe
    2014-04-29 08:02 - 2014-04-29 08:08 - 00000000 ____D () C:\AdwCleaner
    2014-04-29 08:02 - 2014-04-29 08:02 - 01310621 _____ () C:\Users\Espinola\Downloads\adwcleaner.exe
    2014-04-24 13:00 - 2014-04-29 09:34 - 00088328 _____ () C:\Users\Espinola\Downloads\Extras.Txt
    2014-04-24 12:59 - 2014-04-29 09:26 - 00225318 _____ () C:\Users\Espinola\Downloads\OTL.Txt
    2014-04-24 12:56 - 2014-04-24 12:56 - 01016261 _____ (Thisisu) C:\Users\Espinola\Downloads\JRT.exe
    2014-04-24 12:47 - 2014-04-24 12:47 - 00602112 _____ (OldTimer Tools) C:\Users\Espinola\Downloads\OTL.exe
    2014-04-22 14:51 - 2014-04-22 14:51 - 00000000 ____D () C:\Users\Espinola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-04-22 14:51 - 2014-04-22 14:51 - 00000000 ____D () C:\Users\Espinola\AppData\Roaming\DropboxMaster
    2014-04-22 09:06 - 2014-04-22 09:06 - 00316160 _____ (Dropbox, Inc.) C:\Users\Espinola\Downloads\DropboxInstaller.exe
    2014-04-10 12:02 - 2013-05-09 22:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
    2014-04-10 12:02 - 2013-05-09 22:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
    2014-04-10 12:02 - 2013-05-09 21:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
    2014-04-10 12:02 - 2013-05-09 21:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
    2014-04-10 10:45 - 2013-12-21 02:39 - 00600064 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-04-10 10:45 - 2013-12-21 00:56 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-04-10 10:26 - 2012-07-25 20:08 - 00744448 _____ (Microsoft Corporation) C:\windows\system32\WUDFx.dll
    2014-04-10 10:26 - 2012-07-25 20:08 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe
    2014-04-10 10:26 - 2012-07-25 20:08 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll
    2014-04-10 10:26 - 2012-07-25 20:08 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll
    2014-04-10 10:26 - 2012-07-25 20:08 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\WUDFCoinstaller.dll
    2014-04-10 10:26 - 2012-07-25 19:26 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys
    2014-04-10 10:26 - 2012-07-25 19:26 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys
    2014-04-10 10:26 - 2012-06-02 07:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2014-04-10 10:19 - 2014-04-10 10:22 - 00000000 ____D () C:\windows\system32\MRT
    2014-04-10 09:53 - 2013-08-01 19:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
    2014-04-10 09:53 - 2013-08-01 19:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
    2014-04-10 09:53 - 2013-08-01 18:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
    2014-04-10 09:53 - 2013-08-01 17:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
    2014-04-10 09:53 - 2012-10-09 11:17 - 00226816 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll
    2014-04-10 09:53 - 2012-10-09 11:17 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll
    2014-04-10 09:53 - 2012-10-09 10:40 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore6.dll
    2014-04-10 09:53 - 2012-10-09 10:40 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc6.dll
    2014-04-10 09:51 - 2013-12-05 19:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
    2014-04-10 09:51 - 2013-12-05 19:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
    2014-04-10 09:51 - 2013-12-05 19:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
    2014-04-10 09:51 - 2013-12-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
    2014-04-10 09:51 - 2013-10-05 13:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
    2014-04-10 09:51 - 2013-10-05 12:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
    2014-04-10 09:51 - 2013-10-03 19:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
    2014-04-10 09:51 - 2013-10-03 19:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
    2014-04-10 09:51 - 2013-10-03 19:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
    2014-04-10 09:51 - 2013-10-03 18:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
    2014-04-10 09:51 - 2013-10-03 18:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
    2014-04-10 09:51 - 2013-10-03 18:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
    2014-04-10 09:51 - 2013-07-08 22:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
    2014-04-10 09:51 - 2013-07-08 22:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
    2014-04-10 09:51 - 2013-07-08 22:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
    2014-04-10 09:51 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
    2014-04-10 09:51 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
    2014-04-10 09:51 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
    2014-04-10 09:51 - 2013-05-09 22:49 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
    2014-04-10 09:51 - 2013-05-09 20:20 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
    2014-04-10 09:50 - 2014-03-12 23:33 - 02238976 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-04-10 09:50 - 2014-03-12 23:33 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-04-10 09:50 - 2014-03-12 23:33 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-04-10 09:50 - 2014-03-12 23:32 - 19273728 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-04-10 09:50 - 2014-03-12 23:32 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-04-10 09:50 - 2014-03-12 23:32 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2014-04-10 09:50 - 2014-03-12 23:32 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-04-10 09:50 - 2014-03-12 23:32 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-04-10 09:50 - 2014-03-12 23:32 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-04-10 09:50 - 2014-03-12 23:31 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-04-10 09:50 - 2014-03-12 23:31 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-04-10 09:50 - 2014-03-12 23:31 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-04-10 09:50 - 2014-03-12 23:31 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
    2014-04-10 09:50 - 2014-03-12 23:31 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-04-10 09:50 - 2014-03-12 23:31 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-04-10 09:50 - 2014-03-12 22:10 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-04-10 09:50 - 2014-03-12 22:10 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 14358016 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 02049536 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-04-10 09:50 - 2014-03-12 22:09 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-04-10 09:50 - 2014-03-12 21:57 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-04-10 09:50 - 2014-03-12 21:47 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-04-10 09:50 - 2014-03-12 20:59 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
    2014-04-10 09:50 - 2014-03-12 20:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
    2014-04-10 09:50 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-04-10 09:50 - 2013-12-24 16:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
    2014-04-10 09:50 - 2013-12-24 15:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
    2014-04-10 09:50 - 2013-12-03 19:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
    2014-04-10 09:50 - 2013-12-03 19:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
    2014-04-10 09:50 - 2013-12-03 19:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
    2014-04-10 09:50 - 2013-12-03 19:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
    2014-04-10 09:50 - 2013-12-03 19:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
    2014-04-10 09:50 - 2013-12-03 19:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
    2014-04-10 09:50 - 2013-12-03 19:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
    2014-04-10 09:50 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
    2014-04-10 09:50 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
    2014-04-10 09:50 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
    2014-04-10 09:50 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
    2014-04-10 09:50 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
    2014-04-10 09:50 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
    2014-04-10 09:50 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
    2014-04-10 09:50 - 2013-11-26 01:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
    2014-04-10 09:50 - 2013-11-22 15:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
    2014-04-10 09:49 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
    2014-04-10 09:49 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
    2014-04-10 09:49 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
    2014-04-10 09:49 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
    2014-04-10 09:49 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
    2014-04-10 09:49 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
    2014-04-10 09:49 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
    2014-04-10 09:49 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
    2014-04-10 09:49 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
    2014-04-10 09:49 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
    2014-04-10 09:49 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
    2014-04-10 09:49 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
    2014-04-10 09:49 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
    2014-04-10 09:49 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
    2014-04-10 09:49 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
    2014-04-10 09:49 - 2013-09-24 19:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2014-04-10 09:49 - 2013-09-24 19:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
    2014-04-10 09:49 - 2013-09-24 19:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
    2014-04-10 09:49 - 2013-09-24 19:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
    2014-04-10 09:49 - 2013-09-24 19:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
    2014-04-10 09:49 - 2013-09-24 19:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2014-04-10 09:49 - 2013-09-24 19:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-04-10 09:49 - 2013-09-24 19:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2014-04-10 09:49 - 2013-09-24 18:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
    2014-04-10 09:49 - 2013-09-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2014-04-10 09:49 - 2013-09-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
    2014-04-10 09:49 - 2013-09-24 18:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
    2014-04-10 09:49 - 2013-09-24 18:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
    2014-04-10 09:49 - 2013-08-28 19:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2014-04-10 09:49 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2014-04-10 09:49 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
    2014-04-10 09:49 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
    2014-04-10 09:49 - 2013-08-28 18:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
    2014-04-10 09:49 - 2013-08-28 18:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
    2014-04-10 09:49 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
    2014-04-10 09:49 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
    2014-04-10 09:49 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
    2014-04-10 09:49 - 2013-08-01 19:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
    2014-04-10 09:49 - 2013-08-01 19:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 18:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
    2014-04-10 09:49 - 2013-08-01 17:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 17:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 17:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2014-04-10 09:49 - 2013-08-01 17:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2014-04-10 09:49 - 2013-07-04 05:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
    2014-04-10 09:49 - 2012-12-07 06:20 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\Wpc.dll
    2014-04-10 09:49 - 2012-12-07 06:15 - 02746368 _____ (Microsoft Corporation) C:\windows\system32\gameux.dll
    2014-04-10 09:49 - 2012-12-07 05:26 - 00308736 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wpc.dll
    2014-04-10 09:49 - 2012-12-07 05:20 - 02576384 _____ (Microsoft Corporation) C:\windows\SysWOW64\gameux.dll
    2014-04-10 09:49 - 2012-12-07 04:20 - 00045568 _____ (Microsoft) C:\windows\system32\oflc-nz.rs
    2014-04-10 09:49 - 2012-12-07 04:20 - 00044544 _____ (Microsoft) C:\windows\system32\pegibbfc.rs
    2014-04-10 09:49 - 2012-12-07 04:20 - 00043520 _____ (Microsoft) C:\windows\system32\csrr.rs
    2014-04-10 09:49 - 2012-12-07 04:20 - 00030720 _____ (Microsoft) C:\windows\system32\usk.rs
    2014-04-10 09:49 - 2012-12-07 04:20 - 00023552 _____ (Microsoft) C:\windows\system32\oflc.rs
    2014-04-10 09:49 - 2012-12-07 04:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-pt.rs
    2014-04-10 09:49 - 2012-12-07 04:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-fi.rs
    2014-04-10 09:49 - 2012-12-07 04:19 - 00055296 _____ (Microsoft) C:\windows\system32\cero.rs
    2014-04-10 09:49 - 2012-12-07 04:19 - 00051712 _____ (Microsoft) C:\windows\system32\esrb.rs
    2014-04-10 09:49 - 2012-12-07 04:19 - 00046592 _____ (Microsoft) C:\windows\system32\fpb.rs
    2014-04-10 09:49 - 2012-12-07 04:19 - 00040960 _____ (Microsoft) C:\windows\system32\cob-au.rs
    2014-04-10 09:49 - 2012-12-07 04:19 - 00021504 _____ (Microsoft) C:\windows\system32\grb.rs
    2014-04-10 09:49 - 2012-12-07 04:19 - 00020480 _____ (Microsoft) C:\windows\system32\pegi.rs
    2014-04-10 09:49 - 2012-12-07 04:19 - 00015360 _____ (Microsoft) C:\windows\system32\djctq.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00055296 _____ (Microsoft) C:\windows\SysWOW64\cero.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00051712 _____ (Microsoft) C:\windows\SysWOW64\esrb.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00046592 _____ (Microsoft) C:\windows\SysWOW64\fpb.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00045568 _____ (Microsoft) C:\windows\SysWOW64\oflc-nz.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00044544 _____ (Microsoft) C:\windows\SysWOW64\pegibbfc.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00043520 _____ (Microsoft) C:\windows\SysWOW64\csrr.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00040960 _____ (Microsoft) C:\windows\SysWOW64\cob-au.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00030720 _____ (Microsoft) C:\windows\SysWOW64\usk.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00023552 _____ (Microsoft) C:\windows\SysWOW64\oflc.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00021504 _____ (Microsoft) C:\windows\SysWOW64\grb.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-pt.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-fi.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi.rs
    2014-04-10 09:49 - 2012-12-07 03:46 - 00015360 _____ (Microsoft) C:\windows\SysWOW64\djctq.rs
    2014-04-10 09:48 - 2013-11-23 11:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
    2014-04-10 09:48 - 2013-11-23 10:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
    2014-04-10 09:48 - 2013-04-25 16:30 - 01505280 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
    2014-04-10 09:48 - 2013-03-31 15:52 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
    2014-04-10 09:48 - 2012-10-03 10:44 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
    2014-04-10 09:48 - 2012-10-03 10:44 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll
    2014-04-10 09:48 - 2012-10-03 10:44 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
    2014-04-10 09:48 - 2012-10-03 10:44 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
    2014-04-10 09:48 - 2012-10-03 10:44 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\netevent.dll
    2014-04-10 09:48 - 2012-10-03 10:42 - 00569344 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
    2014-04-10 09:48 - 2012-10-03 09:42 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcorehc.dll
    2014-04-10 09:48 - 2012-10-03 09:42 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
    2014-04-10 09:48 - 2012-10-03 09:42 - 00018944 _____ (Microsoft Corporation) C:\windows\SysWOW64\netevent.dll
    2014-04-10 09:48 - 2012-10-03 09:07 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
    2014-04-10 09:48 - 2012-01-13 00:12 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
    2014-04-10 09:48 - 2011-05-03 22:25 - 02315776 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
    2014-04-10 09:48 - 2011-05-03 22:22 - 02223616 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
    2014-04-10 09:48 - 2011-05-03 22:22 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
    2014-04-10 09:48 - 2011-05-03 22:22 - 00491520 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
    2014-04-10 09:48 - 2011-05-03 22:22 - 00288256 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
    2014-04-10 09:48 - 2011-05-03 22:22 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
    2014-04-10 09:48 - 2011-05-03 22:19 - 00591872 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
    2014-04-10 09:48 - 2011-05-03 22:19 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
    2014-04-10 09:48 - 2011-05-03 22:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
    2014-04-10 09:48 - 2011-05-03 21:34 - 01549312 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
    2014-04-10 09:48 - 2011-05-03 21:32 - 01401344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
    2014-04-10 09:48 - 2011-05-03 21:32 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
    2014-04-10 09:48 - 2011-05-03 21:32 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
    2014-04-10 09:48 - 2011-05-03 21:32 - 00197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
    2014-04-10 09:48 - 2011-05-03 21:32 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll
    2014-04-10 09:48 - 2011-05-03 21:28 - 00427520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
    2014-04-10 09:48 - 2011-05-03 21:28 - 00164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
    2014-04-10 09:48 - 2011-05-03 21:28 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
    2014-04-10 09:48 - 2011-03-10 23:33 - 02565632 _____ (Microsoft Corporation) C:\windows\system32\esent.dll
    2014-04-10 09:48 - 2011-03-10 23:30 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\fsutil.exe
    2014-04-10 09:48 - 2011-03-10 22:33 - 01699328 _____ (Microsoft Corporation) C:\windows\SysWOW64\esent.dll
    2014-04-10 09:47 - 2013-11-26 04:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
    2014-04-10 09:47 - 2013-10-18 19:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
    2014-04-10 09:47 - 2013-10-18 18:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
    2014-04-10 09:47 - 2013-09-07 19:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
    2014-04-10 09:47 - 2013-09-07 19:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
    2014-04-10 09:47 - 2013-09-07 19:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
    2014-04-10 09:47 - 2013-07-25 19:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
    2014-04-10 09:47 - 2013-07-25 19:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
    2014-04-10 09:47 - 2013-07-25 18:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
    2014-04-10 09:47 - 2013-07-25 18:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
    2014-04-10 09:47 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2014-04-10 09:47 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2014-04-10 09:47 - 2013-07-08 22:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
    2014-04-10 09:47 - 2013-07-08 21:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
    2014-04-10 09:47 - 2013-06-25 15:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
    2014-04-10 09:47 - 2012-11-28 15:56 - 00054376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
    2014-04-10 09:47 - 2012-11-28 15:56 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\Wdfres.dll
    2014-04-10 09:47 - 2012-11-28 15:56 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    2014-04-10 09:47 - 2012-01-04 03:44 - 00509952 _____ (Microsoft Corporation) C:\windows\system32\ntshrui.dll
    2014-04-10 09:47 - 2012-01-04 01:58 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntshrui.dll
    2014-04-10 09:47 - 2011-03-10 23:41 - 00410496 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStorV.sys
    2014-04-10 09:47 - 2011-03-10 23:41 - 00166272 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvstor.sys
    2014-04-10 09:47 - 2011-03-10 23:41 - 00148352 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvraid.sys
    2014-04-10 09:47 - 2011-03-10 23:41 - 00107904 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdsata.sys
    2014-04-10 09:47 - 2011-03-10 23:41 - 00027008 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdxata.sys
    2014-04-10 09:47 - 2011-03-10 22:31 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\fsutil.exe
    2014-04-10 09:47 - 2011-03-10 21:37 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
    2014-04-10 09:46 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
    2014-04-10 09:46 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
    2014-04-10 09:46 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
    2014-04-10 09:46 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
    2014-04-10 09:46 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
    2014-04-10 09:46 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
    2014-04-10 09:46 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
    2014-04-10 09:46 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
    2014-04-10 09:46 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
    2014-04-10 09:46 - 2013-11-26 18:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
    2014-04-10 09:46 - 2013-11-26 18:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
    2014-04-10 09:46 - 2013-11-26 18:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
    2014-04-10 09:46 - 2013-11-26 18:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
    2014-04-10 09:46 - 2013-11-26 18:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
    2014-04-10 09:46 - 2013-11-26 18:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
    2014-04-10 09:46 - 2013-11-26 18:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
    2014-04-10 09:46 - 2013-11-11 19:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
    2014-04-10 09:46 - 2013-11-11 19:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
    2014-04-10 09:46 - 2013-10-29 19:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
    2014-04-10 09:46 - 2013-10-29 19:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
    2014-04-10 09:46 - 2013-10-11 19:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
    2014-04-10 09:46 - 2013-10-11 19:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
    2014-04-10 09:46 - 2013-10-11 19:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
    2014-04-10 09:46 - 2013-10-11 19:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
    2014-04-10 09:46 - 2013-10-11 18:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
    2014-04-10 09:46 - 2013-10-11 18:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
    2014-04-10 09:46 - 2013-10-11 18:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
    2014-04-10 09:46 - 2013-10-11 18:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
    2014-04-10 09:46 - 2013-10-03 19:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
    2014-04-10 09:46 - 2013-10-03 18:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
    2014-04-10 09:46 - 2013-10-02 19:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
    2014-04-10 09:46 - 2013-10-02 19:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
    2014-04-10 09:46 - 2013-09-27 18:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
    2014-04-10 09:46 - 2013-07-12 03:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
    2014-04-10 09:46 - 2013-07-12 03:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
    2014-04-10 09:46 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
    2014-04-10 09:46 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
    2014-04-10 09:46 - 2013-06-14 21:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
    2014-04-10 09:46 - 2013-06-05 22:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
    2014-04-10 09:46 - 2013-06-05 22:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
    2014-04-10 09:46 - 2013-06-05 22:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
    2014-04-10 09:46 - 2013-06-05 22:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
    2014-04-10 09:46 - 2013-06-05 21:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
    2014-04-10 09:46 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
    2014-04-10 09:46 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
    2014-04-10 09:46 - 2013-06-05 20:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
    2014-04-10 09:46 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
    2014-04-10 09:46 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
    2014-04-10 09:46 - 2013-03-18 22:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll
    2014-04-10 09:46 - 2013-01-23 23:01 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
    2014-04-10 09:46 - 2012-11-21 22:44 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
    2014-04-10 09:46 - 2012-11-21 21:45 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
    2014-04-10 09:46 - 2012-08-22 11:12 - 00950128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
    2014-04-10 09:46 - 2012-07-04 13:26 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys
    2014-04-10 09:46 - 2012-05-05 01:36 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
    2014-04-10 09:46 - 2012-05-05 00:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
    2014-04-10 09:46 - 2012-04-07 05:31 - 03216384 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-04-10 09:46 - 2012-04-07 04:26 - 02342400 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2014-04-10 09:46 - 2011-02-18 03:51 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\prevhost.exe
    2014-04-10 09:46 - 2011-02-17 22:39 - 00031232 _____ (Microsoft Corporation) C:\windows\SysWOW64\prevhost.exe
    2014-04-10 09:45 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
    2014-04-10 09:45 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
    2014-04-10 09:45 - 2013-12-31 16:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
    2014-04-10 09:45 - 2013-12-31 16:04 - 00420008 _____ () C:\windows\system32\locale.nls
    2014-04-10 09:45 - 2013-08-04 19:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
    2014-04-10 09:45 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
    2014-04-10 09:45 - 2013-07-25 02:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
    2014-04-10 09:45 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
    2014-04-10 09:45 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
    2014-04-10 09:45 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
    2014-04-10 09:45 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
    2014-04-10 09:45 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
    2014-04-10 09:45 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
    2014-04-10 09:45 - 2013-07-02 21:40 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
    2014-04-10 09:45 - 2013-07-02 21:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
    2014-04-10 09:45 - 2013-07-02 21:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
    2014-04-10 09:45 - 2012-08-21 14:01 - 00245760 _____ (Microsoft Corporation) C:\windows\system32\OxpsConverter.exe
    2014-04-10 09:45 - 2012-04-30 22:40 - 00209920 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
    2014-04-10 09:45 - 2011-12-29 23:26 - 00515584 _____ (Microsoft Corporation) C:\windows\system32\timedate.cpl
    2014-04-10 09:45 - 2011-12-29 22:27 - 00478720 _____ (Microsoft Corporation) C:\windows\SysWOW64\timedate.cpl
    2014-04-10 09:45 - 2011-06-15 22:49 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\xmllite.dll
    2014-04-10 09:45 - 2011-06-15 21:33 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\xmllite.dll
    2014-04-10 09:22 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
    2014-04-10 09:22 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
    2014-04-10 09:21 - 2013-10-11 19:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
    2014-04-10 09:21 - 2013-10-11 19:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
    2014-04-10 09:21 - 2013-10-11 19:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
    2014-04-10 09:21 - 2013-10-11 19:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
    2014-04-10 09:21 - 2013-10-11 19:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
    2014-04-10 09:21 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
    2014-04-10 09:21 - 2013-04-09 16:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
    2014-04-10 09:21 - 2013-04-02 15:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
    2014-04-08 16:02 - 2014-04-08 16:02 - 00031777 _____ () C:\Users\Espinola\Documents\Tessa surf camp receipt.htm
    2014-04-08 16:02 - 2014-04-08 16:02 - 00000000 ____D () C:\Users\Espinola\Documents\Tessa surf camp receipt_files
    2014-04-02 19:47 - 2014-04-02 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

    ==================== One Month Modified Files and Folders =======

    2014-04-29 12:11 - 2014-04-29 09:08 - 00000000 ____D () C:\FRST
    2014-04-29 12:11 - 2013-06-22 09:34 - 00000000 ____D () C:\Users\Espinola\Documents\Outlook Files
    2014-04-29 12:11 - 2011-10-03 15:54 - 00000000 ____D () C:\Users\Espinola\Documents\Outlook
    2014-04-29 11:56 - 2013-08-30 10:16 - 00000000 ____D () C:\Users\Espinola\AppData\Local\D5943476-2141-4FBF-B56A-4DB1D637F073.aplzod
    2014-04-29 11:56 - 2011-09-30 17:39 - 01671863 _____ () C:\windows\WindowsUpdate.log
    2014-04-29 11:05 - 2009-07-13 21:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-04-29 11:05 - 2009-07-13 21:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-04-29 11:03 - 2009-07-13 22:13 - 00783270 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-04-29 10:57 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-04-29 10:57 - 2009-07-13 21:51 - 00056054 _____ () C:\windows\setupact.log
    2014-04-29 10:56 - 2010-10-28 21:10 - 00119030 _____ () C:\windows\PFRO.log
    2014-04-29 09:34 - 2014-04-24 13:00 - 00088328 _____ () C:\Users\Espinola\Downloads\Extras.Txt
    2014-04-29 09:26 - 2014-04-24 12:59 - 00225318 _____ () C:\Users\Espinola\Downloads\OTL.Txt
    2014-04-29 09:10 - 2014-04-29 09:10 - 00031954 _____ () C:\Users\Espinola\Downloads\Addition.txt
    2014-04-29 09:10 - 2014-04-29 09:09 - 00068040 _____ () C:\Users\Espinola\Downloads\FRST.txt
    2014-04-29 09:00 - 2014-04-29 09:00 - 00008550 _____ () C:\Users\Espinola\Desktop\JRT.txt
    2014-04-29 08:54 - 2014-04-29 08:54 - 00000000 ____D () C:\windows\ERUNT
    2014-04-29 08:23 - 2014-04-29 08:23 - 01016261 _____ (Thisisu) C:\Users\Espinola\Downloads\JRT(1).exe
    2014-04-29 08:08 - 2014-04-29 08:02 - 00000000 ____D () C:\AdwCleaner
    2014-04-29 08:02 - 2014-04-29 08:02 - 01310621 _____ () C:\Users\Espinola\Downloads\adwcleaner.exe
    2014-04-29 07:57 - 2014-02-27 19:55 - 00000048 _____ () C:\Users\Espinola\AppData\Roaming\WB.CFG
    2014-04-26 17:29 - 2013-01-16 18:47 - 00000000 ____D () C:\Users\Espinola\Documents\Musicnotes
    2014-04-24 12:56 - 2014-04-24 12:56 - 01016261 _____ (Thisisu) C:\Users\Espinola\Downloads\JRT.exe
    2014-04-24 12:47 - 2014-04-24 12:47 - 00602112 _____ (OldTimer Tools) C:\Users\Espinola\Downloads\OTL.exe
    2014-04-22 15:23 - 2013-08-01 00:41 - 00000000 ___RD () C:\Users\Espinola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-04-22 15:23 - 2013-06-27 13:25 - 00000000 ___RD () C:\Users\Espinola\Dropbox
    2014-04-22 15:23 - 2013-06-27 13:22 - 00000000 ____D () C:\Users\Espinola\AppData\Roaming\Dropbox
    2014-04-22 14:51 - 2014-04-22 14:51 - 00000000 ____D () C:\Users\Espinola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-04-22 14:51 - 2014-04-22 14:51 - 00000000 ____D () C:\Users\Espinola\AppData\Roaming\DropboxMaster
    2014-04-22 09:06 - 2014-04-22 09:06 - 00316160 _____ (Dropbox, Inc.) C:\Users\Espinola\Downloads\DropboxInstaller.exe
    2014-04-21 07:54 - 2013-11-25 13:35 - 00000000 ____D () C:\Program Files (x86)\Citrix
    2014-04-21 07:52 - 2013-11-25 13:35 - 00000000 ____D () C:\Users\Espinola\AppData\Local\Citrix
    2014-04-21 07:44 - 2011-10-07 21:18 - 00000000 ____D () C:\Users\Espinola\Documents\1Jill
    2014-04-17 20:41 - 2011-11-02 22:16 - 00000000 ____D () C:\ProgramData\xml_param
    2014-04-11 17:30 - 2013-09-16 14:31 - 00000000 ___RD () C:\Users\Espinola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-04-11 17:30 - 2011-09-30 18:25 - 00133256 _____ () C:\Users\Espinola\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-04-11 17:30 - 2009-07-13 22:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
    2014-04-11 17:27 - 2009-07-13 21:45 - 00466784 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-04-11 17:14 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-04-11 17:14 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-04-11 17:08 - 2009-07-14 00:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-04-11 16:35 - 2012-05-05 11:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-04-10 12:11 - 2011-10-03 07:57 - 00777486 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
    2014-04-10 10:22 - 2014-04-10 10:19 - 00000000 ____D () C:\windows\system32\MRT
    2014-04-08 16:02 - 2014-04-08 16:02 - 00031777 _____ () C:\Users\Espinola\Documents\Tessa surf camp receipt.htm
    2014-04-08 16:02 - 2014-04-08 16:02 - 00000000 ____D () C:\Users\Espinola\Documents\Tessa surf camp receipt_files
    2014-04-02 19:47 - 2014-04-02 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-03-31 03:51 - 2012-02-07 16:03 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-04-02 14:32

    ==================== End Of Log ============================


    • 0

    #14
    fletch11

    fletch11

      Member

    • Topic Starter
    • Member
    • PipPip
    • 52 posts

    Here is the FRST Applications Log:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014
    Ran by Espinola at 2014-04-29 12:11:43
    Running from C:\FRST
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Microsoft Security Essentials (Disabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Disabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

    ==================== Installed Programs ======================

    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    Acronis True Image Home (HKLM-x32\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7160 - Acronis)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
    Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
    Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Aimersoft DVD to iPad Converter(Build 2.5.0.0) (HKLM-x32\...\Aimersoft DVD to iPad Converter_is1) (Version:  - Aimersoft Software)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
    Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
    Canon MX710 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX710_series) (Version:  - )
    Canon MX710 series On-screen Manual (HKLM-x32\...\Canon MX710 series On-screen Manual) (Version:  - )
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
    Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A3AD381D-848C-4478-80DC-228E37309308}) (Version:  - Microsoft)
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{A3AD381D-848C-4478-80DC-228E37309308}) (Version:  - Microsoft)
    Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
    Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Foxit Reader 5.0 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.0.2.718 - Foxit Corporation)
    iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
    Intel PROSet Wireless (Version:  - ) Hidden
    Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
    Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
    iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
    Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.)
    [email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
    Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
    Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
    Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
    Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
    Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Publisher 2010 (HKLM-x32\...\Office14.PUBLISHERR) (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Security Client (Version: 4.2.0223.1 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31010 - Microsoft Corporation) Hidden
    Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Musicnotes Software Suite 1.7.2 (HKLM-x32\...\Musicnotes Combined Installer_is1) (Version: 1.7.2 - Musicnotes Inc.)
    PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    QuickBooks (x32 Version: 23.0.4003.2305 - Intuit Inc.) Hidden
    QuickBooks Premier: Retail Edition 2013 (HKLM-x32\...\{308C9F09-B104-4E15-AD41-6CB69604E8BE}) (Version: 23.0.4003.2305 - Intuit Inc.)
    Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.20.503.2010 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
    Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
    Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
    Skype™ 6.6 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
    TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
    TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
    TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.18.64 - TOSHIBA Corporation)
    TOSHIBA eco Utility (Version: 1.2.18.64 - TOSHIBA Corporation) Hidden
    TOSHIBA eco Utility (x32 Version: 1.2.18.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
    TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
    TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.26C - TOSHIBA CORPORATION)
    TOSHIBA Hardware Setup (x32 Version: 1.63.0.26C - TOSHIBA CORPORATION) Hidden
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
    TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
    TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
    TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
    Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.6.22 - Symantec Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.1.64 - TOSHIBA Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (Version: 1.7.16.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
    TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
    TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION) Hidden
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
    TOSHIBA Value Added Package (Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Value Added Package (x32 Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
    ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
    Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PUBLISHERR_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PUBLISHERR_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version:  - Microsoft)
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version:  - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
    Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
    Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

    ==================== Restore Points  =========================

    18-03-2014 16:51:32 Windows Update
    21-03-2014 21:00:20 Windows Update
    26-03-2014 00:22:41 Windows Update
    29-03-2014 01:11:36 Windows Update
    02-04-2014 15:00:10 Windows Update
    08-04-2014 22:57:44 Windows Update
    10-04-2014 16:53:42 Windows Update
    14-04-2014 17:43:15 Windows Update
    17-04-2014 20:33:15 Windows Update
    21-04-2014 14:18:30 Windows Update
    21-04-2014 14:54:55 Removed Java™ 6 Update 20
    25-04-2014 19:11:38 Windows Update
    28-04-2014 20:35:56 Windows Update
    29-04-2014 16:16:18 OTL Restore Point - 4/29/2014 9:16:16 AM

    ==================== Hosts content: ==========================

    2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============


    ==================== Loaded Modules (whitelisted) =============

    2010-07-19 16:48 - 2010-07-19 16:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2010-06-06 07:20 - 2010-06-06 07:20 - 00065344 _____ () C:\windows\System32\PDFreDirectMon64.dll
    2010-04-07 16:07 - 2010-04-07 16:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
    2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
    2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
    2010-10-28 20:59 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
    2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
    2009-07-25 17:38 - 2009-07-25 17:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
    2010-07-19 16:48 - 2010-07-19 16:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
    2010-03-12 15:41 - 2010-03-12 15:41 - 00417080 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
    2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
    2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-04-02 19:47 - 2014-04-02 19:47 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
    2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== Disabled items from MSCONFIG ==============

    MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
    MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (04/29/2014 10:56:03 AM) (Source: Service Control Manager) (User: )
    Description: The Toshiba Laptop Checkup Application Launcher service terminated unexpectedly.  It has done this 1 time(s).

    Error: (04/29/2014 10:56:03 AM) (Source: Service Control Manager) (User: )
    Description: The Common Client Job Manager Service service terminated unexpectedly.  It has done this 1 time(s).


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Percentage of memory in use: 44%
    Total physical RAM: 3890.67 MB
    Available physical RAM: 2164.02 MB
    Total Pagefile: 7779.52 MB
    Available Pagefile: 6079.48 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: (TI106045W0C) (Fixed) (Total:582.67 GB) (Free:237.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 7BEC2C48)
    Partition 1: (Active) - (Size=1 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=583 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=12 GB) - (Type=17)

    ==================== End Of Log ============================


    • 0

    #15
    fletch11

    fletch11

      Member

    • Topic Starter
    • Member
    • PipPip
    • 52 posts

    /scannow found no integrity violations

     

    Vino's Event Viewer - System Scan Log:

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 29/04/2014 12:52:35 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 29/04/2014 5:56:03 PM
    Type: Error Category: 0
    Event: 7034 Source: Service Control Manager
    The Toshiba Laptop Checkup Application Launcher service terminated unexpectedly.  It has done this 1 time(s).

    Log: 'System' Date/Time: 29/04/2014 5:56:03 PM
    Type: Error Category: 0
    Event: 7034 Source: Service Control Manager
    The Common Client Job Manager Service service terminated unexpectedly.  It has done this 1 time(s).

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Information Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 29/04/2014 7:50:04 PM
    Type: Information Category: 0
    Event: 7036 Source: Service Control Manager
    The Windows Modules Installer service entered the stopped state.

    Log: 'System' Date/Time: 29/04/2014 7:50:03 PM
    Type: Information Category: 0
    Event: 7040 Source: Service Control Manager
    The start type of the Windows Modules Installer service was changed from auto start to demand start.

    Log: 'System' Date/Time: 29/04/2014 7:50:02 PM
    Type: Information Category: 0
    Event: 7040 Source: Service Control Manager
    The start type of the Windows Modules Installer service was changed from demand start to auto start.

    Log: 'System' Date/Time: 29/04/2014 7:49:57 PM
    Type: Information Category: 0
    Event: 7036 Source: Service Control Manager
    The Application Experience service entered the running state.

    Log: 'System' Date/Time: 29/04/2014 7:37:05 PM
    Type: Information Category: 0
    Event: 7036 Source: Service Control Manager
    The Application Experience service entered the stopped state.

    Log: 'System' Date/Time: 29/04/2014 7:34:05 PM
    Type: Information Category: 0
    Event: 7036 Source: Service Control Manager
    The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.

    Log: 'System' Date/Time: 29/04/2014 7:27:28 PM
    Type: Information Category: 0
    Event: 7036 Source: Service Control Manager
    The Windows Modules Installer service entered the running state.

    Log: 'System' Date/Time: 29/04/2014 7:27:16 PM
    Type: Information Category: 0
    Event: 1013 Source: Microsoft Antimalware
    Microsoft Antimalware has removed history of malware and other potentially unwanted software.      Time: ?4/?14/?2014 12:27:11 PM      User: NT AUTHORITY\SYSTEM

    Log: 'System' Date/Time: 29/04/2014 7:24:46 PM
    Type: Information Category: 0
    Event: 7036 Source: Service Control Manager
    The Software Protection service entered the stopped state.

    Log: 'System' Date/Time: 29/04/2014 7:22:56 PM
    Type: Information Category: 0
    Event: 7036 Source: Service Control Manager
    The Multimedia Class Scheduler service entered the running state.

    Log: 'System' Date/Time: 29/04/2014 7:22:04 PM
    Type: Information Category: 0
    Event: 7036 Source: Service Control Manager
    The Multimedia Class Scheduler service entered the stopped state.

    Log: 'System' Date/Time: 29/04/2014 7:21:41 PM
    Type: Information Category: 0
    Event: 7036 Source: Service Control Manager
    The Application Experience service entered the running state.

    Log: 'System' Date/Time: 29/04/2014 7:19:48 PM
    Type: Information Category: 0
    Event: 7036 Source: Service Control Manager
    The Windows Update service entered the running state.

    Log: 'System' Date/Time: 29/04/2014 7:19:46 PM
    Type: Information Category: 0
    Event: 7036 Source: Service Control Manager
    The Security Center service entered the running state.

    Log: 'System' Date/Time: 29/04/2014 7:19:46 PM
    Type: Information Category: 0
    Event: 7036 Source: Service Control Manager
    The Intel® Management & Security Application User Notification Service service entered the running state.

    Log: 'System' Date/Time: 29/04/2014 7:19:44 PM
    Type: Information Category: 0
    Event: 7036 Source: Service Control Manager
    The Software Protection service entered the running state.

    Log: 'System' Date/Time: 29/04/2014 7:19:42 PM
    Type: Information Category: 0
    Event: 7036 Source: Service Control Manager
    The Microsoft .NET Framework NGEN v4.0.30319_X64 service entered the stopped state.

    Log: 'System' Date/Time: 29/04/2014 7:19:42 PM
    Type: Information Category: 0
    Event: 7036 Source: Service Control Manager
    The Microsoft .NET Framework NGEN v4.0.30319_X64 service entered the running state.

    Log: 'System' Date/Time: 29/04/2014 7:19:42 PM
    Type: Information Category: 0
    Event: 7036 Source: Service Control Manager
    The Microsoft .NET Framework NGEN v4.0.30319_X86 service entered the stopped state.

    Log: 'System' Date/Time: 29/04/2014 7:19:42 PM
    Type: Information Category: 0
    Event: 7036 Source: Service Control Manager
    The Microsoft .NET Framework NGEN v4.0.30319_X86 service entered the running state.
     


    • 0






    Similar Topics


    Also tagged with one or more of these keywords: slow, malware, spyware, cleanup

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP