Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer running slow and popups [Closed]


  • This topic is locked This topic is locked

#16
tdjones813

tdjones813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=094f78163ad3c744bc87c8c2686083c8
# engine=18144
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-05 10:28:09
# local_time=2014-05-05 06:28:09 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 104283507 235927595 0 0
# scanned=288577
# found=32
# cleaned=0
# scan_time=10115
sh=C2618738D1F91D0FCAE01CB3AC8F90A882448609 ft=1 fh=9c7aebefdb247f2d vn="a variant of MSIL/Adware.StrongVault.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\AI_RecycleBin\{EFAE56BC-8A75-4402-85F4-813384338F2A}\3\Strongvault\StrongVaultApp.exe.vir"
sh=F2C86DE34579B173EF2FC60E38D9C109306FC7E2 ft=1 fh=d3af07b09ee404fc vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=BE868B6FFEC9AA47819BB3573F1073008C5482E7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.DefaultTab.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DefaultTab\DefaultTab.crx.vir"
sh=B1CF6E1D2CC7797C9CCD51E781DBEF3A1ACA74C8 ft=1 fh=e90057d45239714d vn="a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DefaultTab\DefaultTabSearch.exe.vir"
sh=61AE92BDBE73CAA679103CCC8C1C32D9CE4C5036 ft=1 fh=f55a5aa34ffcc0aa vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.16.16\deltaApp.dll.vir"
sh=06E77114B379C9398559C80EA1CD42DDAF2F9932 ft=1 fh=7df5bed9d351ded5 vn="probably a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.16.16\deltaEng.dll.vir"
sh=4078A4660F3A572400399E09D75B1D9EA0F615F5 ft=1 fh=f7bcaf9c52d5d39b vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.16.16\deltasrv.exe.vir"
sh=2BDFE90F70808F029FFF2FBE3CC11AA6D0BA205C ft=1 fh=bbeaf7302e7445ca vn="a variant of Win32/Toolbar.Montiera.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll.vir"
sh=272C54D881640B6385AFF828957D43FA9B3E13E7 ft=1 fh=ee0b8dcb5319564f vn="Win32/Toolbar.Montiera.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.16.16\escortShld.dll.vir"
sh=3D480DDC702B7FEE12CB01EC52C80ECAE5095E7A ft=1 fh=20f46144587ce90b vn="a variant of Win32/Toolbar.Escort.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll.vir"
sh=1CBFF3BADC71DF7CE2A39D6513F977BFC5E88D33 ft=1 fh=be5c08edcfbfb2a8 vn="a variant of Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll.vir"
sh=1B914EB3AB94F1466EB595D38785F15E52DB848B ft=1 fh=8ac696ba96ab6d55 vn="a variant of Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe.vir"
sh=D9661E7DF46F4FCB37E7D8C3E1BF74ED9332F66D ft=1 fh=e6b80258c992497f vn="probably a variant of Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll.vir"
sh=FEC329015A05713AF1099846DA6776DE31CF1C79 ft=1 fh=d0c5b0d7efa7296b vn="a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll.vir"
sh=CC3E4DF6F706D1DD3EEEF749169F25D791A9E137 ft=1 fh=8e73515f6fa99a5a vn="a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll.vir"
sh=4FCC97779D94929758888A954E0806CE5F71AFBD ft=1 fh=e46affbb5110ef8c vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Zynga\tbZyng.dll.vir"
sh=75DFDC05C5D5F0C3B930B5B6871B6528EC9C22EA ft=1 fh=cff868ace0c06f1a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=90A343C25C0F16E0AF60F7F32979AAB039F8F51E ft=1 fh=6ed157f6495e9b66 vn="a variant of Win32/InstallCore.BY potentially unwanted application" ac=I fn="C:\Program Files (x86)\PDFReader\Uninstall\Uninstall.exe"
sh=D9CE0555485B5D19644BABB2CA7DC7F27A365C19 ft=1 fh=92b929e64cdd0c88 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Tracy\.frostwire5\updates\frostwire-5.4.0.windows.exe"
sh=D9CE0555485B5D19644BABB2CA7DC7F27A365C19 ft=1 fh=92b929e64cdd0c88 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Tracy\Desktop\Tracy\.frostwire5\updates\frostwire-5.4.0.windows.exe"
sh=216CD8C3D655F6DDDE812D0263E6B8A0863A8396 ft=1 fh=1b6958610d4c79fe vn="a variant of Win32/Toolbar.Babylon.H potentially unwanted application" ac=I fn="C:\Users\Tracy\Downloads\Babylon10_setup (1).exe"
sh=216CD8C3D655F6DDDE812D0263E6B8A0863A8396 ft=1 fh=1b6958610d4c79fe vn="a variant of Win32/Toolbar.Babylon.H potentially unwanted application" ac=I fn="C:\Users\Tracy\Downloads\Babylon10_setup.exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Tracy\Downloads\cbsidlm-tr1_13-All_in_One_Cleaner-ORG-10531535 (1).exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Tracy\Downloads\cbsidlm-tr1_13-All_in_One_Cleaner-ORG-10531535.exe"
sh=3D84C7C0E316EAD02DD7A59E746EC798DAB8BC0C ft=1 fh=ce50a11e70bad71c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Tracy\Downloads\ccsetup328.exe"
sh=5D409E1A2E4464341AFE9DF1F0F0635CBAF902CB ft=1 fh=68e324d499f71c85 vn="a variant of Win32/Adware.iBryte.G application" ac=I fn="C:\Users\Tracy\Downloads\Extreme_Flash_Player_Setup.exe"
sh=2070FD652E2A803623B2204861027F9BD59F5DED ft=1 fh=dd0830cb205d023d vn="Win32/Toolbar.Inbox.A potentially unwanted application" ac=I fn="C:\Users\Tracy\Downloads\GamesSetup.exe"
sh=64D230B9C8FAC0C157793BD476003B7F19ACEE94 ft=1 fh=cb38888e791ee583 vn="Win32/Toolbar.Inbox.A potentially unwanted application" ac=I fn="C:\Users\Tracy\Downloads\NewsSetup.exe"
sh=90A343C25C0F16E0AF60F7F32979AAB039F8F51E ft=1 fh=6ed157f6495e9b66 vn="a variant of Win32/InstallCore.BY potentially unwanted application" ac=I fn="C:\Users\Tracy\Downloads\PDFReaderSetup.exe"
sh=BF8D8069629C29258561C577FEA00AF234F15462 ft=1 fh=6f1dfb56a673564d vn="Win32/Toolbar.Babylon potentially unwanted application" ac=I fn="C:\Users\Tracy\Downloads\PuranDefragSetup.exe"
sh=B37B52285DE862B7CAEA96BB8EB99D9B10DE236F ft=1 fh=1dbf7062960066bb vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Tracy\Downloads\Shockwave_Installer_Slim.exe"
sh=9BEC2A09C9DC25C918CA1C8CEF2D888E43976900 ft=1 fh=3d44e7e8d60afb08 vn="a variant of Win32/AirAdInstaller.A potentially unwanted application" ac=I fn="C:\Users\Tracy\Downloads\Update.exe"

  • 0

Advertisements


#17
tdjones813

tdjones813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Results of screen317's Security Check version 0.99.82  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Norton Security Suite   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 All in one Cleaner ver.1.0 
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 13.0.0.206  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox (28.0) 
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 7 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 

  • 0

#18
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hey,
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :Files
    C:\ProgramData\ReadOnlyInstaller.msi
    C:\Users\Tracy\Downloads\Extreme_Flash_Player_Setup.exe
    C:\Users\Tracy\Downloads\GamesSetup.exe
    C:\Users\Tracy\Downloads\NewsSetup.exe
    C:\Users\Tracy\Downloads\PDFReaderSetup.exe
    C:\Users\Tracy\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
    C:\Program Files (x86)\PDFReader
    C:\Users\Tracy\Desktop\Tracy\.frostwire5
    C:\Users\Tracy\Downloads\Babylon10_setup (1).exe
    C:\Users\Tracy\Downloads\Babylon10_setup.exe
    C:\Users\Tracy\Downloads\cbsidlm-tr1_13-All_in_One_Cleaner-ORG-10531535 (1).exe
    C:\Users\Tracy\Downloads\cbsidlm-tr1_13-All_in_One_Cleaner-ORG-10531535.exe
    C:\Users\Tracy\Downloads\ccsetup328.exe
    C:\Users\Tracy\Downloads\Extreme_Flash_Player_Setup.exe
    C:\Users\Tracy\Downloads\GamesSetup.exe
    C:\Users\Tracy\Downloads\NewsSetup.exe
    C:\Users\Tracy\Downloads\PDFReaderSetup.exe
    C:\Users\Tracy\Downloads\PuranDefragSetup.exe
    C:\Users\Tracy\Downloads\Shockwave_Installer_Slim.exe
    C:\Users\Tracy\Downloads\Update.exe
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77}]
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into your next reply
 

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa
Please also update:
  • Adobe Reader
 

Do you have a SSD or HDD?
  • 0

#19
tdjones813

tdjones813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

OTL report

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\ProgramData\ReadOnlyInstaller.msi moved successfully.
C:\Users\Tracy\Downloads\Extreme_Flash_Player_Setup.exe moved successfully.
C:\Users\Tracy\Downloads\GamesSetup.exe moved successfully.
C:\Users\Tracy\Downloads\NewsSetup.exe moved successfully.
C:\Users\Tracy\Downloads\PDFReaderSetup.exe moved successfully.
C:\Users\Tracy\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} moved successfully.
C:\Program Files (x86)\PDFReader\Uninstall folder moved successfully.
C:\Program Files (x86)\PDFReader folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\updates folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\themes folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\search_db\search_db folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\search_db folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\library_db\library_db folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\library_db folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\image_cache\static.frostwire.com\images\overlays folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\image_cache\static.frostwire.com\images folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\image_cache\static.frostwire.com folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\image_cache folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\tmp folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\net folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\logs folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\dht folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\active\F899B5643CDB414B15C644EB5B6459084E5CB01D folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\active\F36EB280DB88EC21DD98794D62195E381B6A22D6 folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\active\F1C4E5A37070A6D3863841FAA415F60EBAF68FD7 folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\active\EE17D1CB20DF10438F02C9C69621CF0A902A541C folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\active\E17EEA0E71C711D6201D4CBAC4C8726BD9F263F9 folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\active\C78290BCFD3FD80657507FB2427B9589C3859D99 folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\active\97D8BC674388185A37C1822137599185A85AD601 folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\active\8E4A80265697A02A22A776238D113BD78879F3E4 folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\active\80051038458F6638E6EA11BC576EFF8869BCF67F folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\active\73F88D02CBC9B03B6DAAAA9B36C1C1989AE3938C folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\active\73CFC8F7855AEE5162458C8C9099709323505E91 folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\active\548E0921E87BE8F7BC8099C125DF72681ED70246 folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\active\39B7EA2C863E6DCF5083D43D3B29F3E51638DB56 folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\active\343CB7226FF0A7D80E43FFDC78335679D86DD6A5 folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\active\2EB050B0712CD88806BC9704402380A6D2099349 folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\active\2E307586C70C2F1B062E4351DC03EA5A73860212 folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\active\221C348704687069DE77CD087E54067926AD65C6 folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus\active folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5\azureus folder moved successfully.
C:\Users\Tracy\Desktop\Tracy\.frostwire5 folder moved successfully.
C:\Users\Tracy\Downloads\Babylon10_setup (1).exe moved successfully.
C:\Users\Tracy\Downloads\Babylon10_setup.exe moved successfully.
C:\Users\Tracy\Downloads\cbsidlm-tr1_13-All_in_One_Cleaner-ORG-10531535 (1).exe moved successfully.
C:\Users\Tracy\Downloads\cbsidlm-tr1_13-All_in_One_Cleaner-ORG-10531535.exe moved successfully.
C:\Users\Tracy\Downloads\ccsetup328.exe moved successfully.
File\Folder C:\Users\Tracy\Downloads\Extreme_Flash_Player_Setup.exe not found.
File\Folder C:\Users\Tracy\Downloads\GamesSetup.exe not found.
File\Folder C:\Users\Tracy\Downloads\NewsSetup.exe not found.
File\Folder C:\Users\Tracy\Downloads\PDFReaderSetup.exe not found.
C:\Users\Tracy\Downloads\PuranDefragSetup.exe moved successfully.
C:\Users\Tracy\Downloads\Shockwave_Installer_Slim.exe moved successfully.
C:\Users\Tracy\Downloads\Update.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Tracy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 44626 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3066173 bytes
->Google Chrome cache emptied: 205283737 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 490432 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 199.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05062014_113932
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#20
tdjones813

tdjones813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

When I try and download that it comes up Windows cannot find C:\Users\Tracy\downloads\UltimateCodec.exe. Make sure you typed the name correctly and try again


  • 0

#21
tdjones813

tdjones813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

I'm getting really confused by the javaRa installer. It's asking me to download other things and I'm not sure if they are connected.


  • 0

#22
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
OK, sorry, my mistake, I like to see a new OTL Log. I think there went something wrong.

Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.

Download Mirror #1

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    mpsvc.dll
    winsock.*
    rpcss.dll
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Open otlicon.png on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      OTL_Main_Tutorial.gif
      • Click the box beside Scan All Users at the top of the console
      • If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
      • Make sure the Output box at the top is set to Standard Output.
      • Check the boxes beside LOP Check and Purity Check.
      • Make sure that Use Safe List is checked under Extra Registry.
      • Place the mouse pointer inside the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box, right click and click Paste. This will put the above script inside OTL
      • Click the runscanbutton.png.pagespeed.ce.KPQ_c3iHh button. Do not change any settings unless otherwise told to do so.
      • Let the scan run uninterrupted.
      • When the scan completes, it will open OTL.Txt on the desktop.
      • Please copy the contents of these files and paste it into your reply. To do that:
        • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
        • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
      • Please do the same for the Extras.txt

  • 0

#23
tdjones813

tdjones813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
OTL logfile created on: 5/7/2014 9:35:57 AM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tracy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.99 Gb Total Physical Memory | 3.15 Gb Available Physical Memory | 52.63% Memory free
12.17 Gb Paging File | 9.40 Gb Available in Paging File | 77.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.32 Gb Total Space | 437.49 Gb Free Space | 75.00% Space Free | Partition Type: NTFS
Drive D: | 12.85 Gb Total Space | 1.80 Gb Free Space | 14.05% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: Tracy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/03 10:15:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tracy\Desktop\OTL.exe
PRC - [2014/04/23 20:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/04/23 18:56:22 | 007,631,872 | ---- | M] (Google Inc.) -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/08/17 19:03:08 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/07/26 08:43:52 | 000,844,656 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/07/26 08:43:46 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/07/26 08:43:44 | 001,564,016 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/28 15:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/07/25 10:07:12 | 000,266,240 | ---- | M] () -- C:\Windows\SysWOW64\CSHelper.exe
PRC - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/03 18:21:16 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/23 20:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014/04/23 20:33:12 | 013,692,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
MOD - [2014/04/23 20:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/23 20:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/23 20:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2014/04/23 18:40:00 | 000,253,440 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2014/04/23 18:39:38 | 000,231,936 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2014/04/23 18:38:44 | 000,117,248 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2014/04/23 18:38:40 | 000,344,064 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2014/02/26 04:06:06 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014/02/26 04:05:55 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/26 04:05:53 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\966f64a25064fe74936295dc06ec586e\System.Runtime.Remoting.ni.dll
MOD - [2014/02/26 04:05:50 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/26 04:05:35 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/26 04:05:25 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/26 04:05:20 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/26 04:05:19 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/26 04:05:14 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/26 04:05:13 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/26 04:05:06 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/12/10 17:06:52 | 000,026,624 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/12/10 17:06:42 | 010,683,392 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/12/10 17:06:40 | 001,681,408 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/12/10 17:06:38 | 007,741,952 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/12/10 17:06:36 | 002,248,192 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2013/09/13 20:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 20:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\wincfi39.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/01/17 16:23:56 | 000,292,736 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2010/01/29 17:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/04/28 13:46:59 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/28 21:54:50 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/28 15:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/25 10:07:12 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\CSHelper.exe -- (CSHelper)
SRV - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/20 22:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/07 02:55:36 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/27 16:56:42 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/04/03 09:51:12 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/07/16 13:29:16 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/06/20 20:07:52 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/06/20 20:07:52 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/05/23 01:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2013/05/21 01:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2013/05/16 01:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1404000.028\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2013/04/24 20:43:56 | 000,457,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1404000.028\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2013/04/15 22:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/03/04 21:21:36 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2013/02/11 22:18:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 15:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/27 23:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/11/10 07:53:40 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2009/11/10 07:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/11/10 07:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/11/10 07:52:52 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd)
DRV:64bit: - [2009/11/10 07:52:44 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb)
DRV:64bit: - [2009/09/30 21:22:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/04/11 02:16:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/02/26 19:46:34 | 010,276,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/01/20 06:49:48 | 000,195,584 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/01/06 13:51:08 | 000,028,144 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/12/04 20:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/02/26 13:18:00 | 000,615,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2005/09/19 14:57:36 | 000,142,336 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbVM31b.sys -- (DCamUSBVM)
DRV - [2014/04/19 12:16:31 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20140506.035\ex64.sys -- (NAVEX15)
DRV - [2014/04/19 12:16:31 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/04/19 12:16:31 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20140506.035\eng64.sys -- (NAVENG)
DRV - [2014/03/25 21:03:11 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140506.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/03/18 21:24:11 | 001,525,976 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20140409.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/11/20 23:24:23 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2008/11/28 18:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/06/24 17:28:11] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{73FE0C01-C5C3-43B5-B15B-48A5DEFFC59A}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4D BE D4 01 45 71 0F 4A 99 EB 0F E1 84 A0 27 DF  [binary data]
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4D BE D4 01 45 71 0F 4A 99 EB 0F E1 84 A0 27 DF  [binary data]
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4D BE D4 01 45 71 0F 4A 99 EB 0F E1 84 A0 27 DF  [binary data]
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4D BE D4 01 45 71 0F 4A 99 EB 0F E1 84 A0 27 DF  [binary data]
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4D BE D4 01 45 71 0F 4A 99 EB 0F E1 84 A0 27 DF  [binary data]
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{083368C3-5B72-4F1A-BE01-5F70570FD6E9}: "URL" = http://www.bing.com/...ms}&form=OSDSRC
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{1F9F832A-605A-41F5-86AE-6BB407025F1A}: "URL" = http://www.bing.com/...ms}&form=OSDSRC
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{73FE0C01-C5C3-43B5-B15B-48A5DEFFC59A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.2.0.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tracy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tracy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tracy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/23 19:09:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2014/05/06 20:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013/10/09 12:49:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/17 19:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/08/17 19:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/28 21:54:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/05 12:59:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/23 19:09:08 | 000,000,000 | ---D | M]
 
[2014/05/06 11:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Extensions
[2009/09/15 00:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/07/17 08:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\g6a064b4.default\extensions
[2014/05/04 18:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\extensions
[2014/05/04 19:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/03/28 21:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/28 21:54:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/09 12:49:39 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
[2009/09/02 03:00:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/08/17 19:03:19 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...age={language},
CHR - homepage: 
CHR - plugin: Error reading preferences file
CHR - Extension: RealDownloader = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_2\
CHR - Extension: Norton Identity Protection = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Google Wallet = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2013/07/23 09:15:34 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [cdloader] C:\Users\Tracy\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [HP Deskjet 3510 series (NET)] C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [MusicManager] C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" File not found
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54BD3F87-83EC-4960-AD4D-DB99C4117E05}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4F02821-54EB-4101-9E5B-DE4D9B945C85}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Tracy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tracy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/07 08:12:18 | 000,000,000 | ---D | C] -- C:\Users\Tracy\Desktop\New Folder
[2014/05/06 13:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallConverter bundle uninstaller
[2014/05/06 11:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\003
[2014/05/05 15:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/05/05 13:26:55 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/05 13:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/05 13:26:39 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/05 13:26:39 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/05 13:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/05 13:24:17 | 017,305,616 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Tracy\Desktop\mbam-setup-2.0.1.1004.exe
[2014/05/04 19:31:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/04 19:29:50 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Tracy\Desktop\JRT.exe
[2014/05/04 19:16:45 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/04 19:16:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/04 19:03:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/03 10:15:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tracy\Desktop\OTL.exe
[2014/05/03 03:20:23 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/04/30 06:42:46 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
[2014/04/30 06:42:37 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Local\Programs
[2014/04/10 03:05:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/04/10 03:05:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/04/10 03:05:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/10 03:05:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/10 03:05:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/10 03:05:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/10 03:05:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/04/10 03:05:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/04/10 03:05:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/10 03:05:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/10 03:05:41 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/10 03:05:40 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/10 03:05:40 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/04/10 03:05:40 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/04/10 03:05:40 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/09 08:06:57 | 001,212,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[1 C:\Users\Tracy\Documents\*.tmp files -> C:\Users\Tracy\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/07 09:36:02 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/05/07 09:35:07 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/07 09:35:07 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/07 09:31:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/07 08:47:28 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1953429275-1861937841-2176962007-1000UA.job
[2014/05/07 08:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/07 08:42:51 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/07 07:35:22 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1953429275-1861937841-2176962007-1000Core.job
[2014/05/07 03:04:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/07 03:01:22 | 000,781,906 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/07 03:01:22 | 000,646,112 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/07 03:01:22 | 000,120,986 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/07 02:55:36 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/06 20:56:17 | 000,001,769 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk
[2014/05/06 14:16:31 | 000,000,839 | ---- | M] () -- C:\Users\Tracy\Desktop\Scan0007.lnk
[2014/05/06 14:12:08 | 000,099,609 | ---- | M] () -- C:\Users\Tracy\Desktop\paystub 41814.pdf
[2014/05/06 14:11:42 | 000,099,607 | ---- | M] () -- C:\Users\Tracy\Desktop\paystub 42514.pdf
[2014/05/06 14:10:55 | 000,099,615 | ---- | M] () -- C:\Users\Tracy\Desktop\paystub 5214.pdf
[2014/05/06 14:05:26 | 000,260,974 | ---- | M] () -- C:\Users\Tracy\Documents\Scan0007.pdf
[2014/05/06 13:08:26 | 000,000,924 | ---- | M] () -- C:\Users\Tracy\Desktop\Continue File Opener Installation.lnk
[2014/05/05 23:13:28 | 000,082,910 | ---- | M] () -- C:\Users\Tracy\Desktop\10245344_555975601186476_5469804904034882864_n.jpg
[2014/05/05 22:57:28 | 000,085,884 | ---- | M] () -- C:\Users\Tracy\Desktop\10338256_555931554524214_4252350555965116537_n.jpg
[2014/05/05 22:48:48 | 000,078,017 | ---- | M] () -- C:\Users\Tracy\Desktop\1797341_555954171188619_1791603415774774932_n.jpg
[2014/05/05 21:05:13 | 000,855,379 | ---- | M] () -- C:\Users\Tracy\Desktop\SecurityCheck (4).exe
[2014/05/05 13:26:43 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/05 13:24:24 | 017,305,616 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Tracy\Desktop\mbam-setup-2.0.1.1004.exe
[2014/05/05 08:29:03 | 000,055,981 | ---- | M] () -- C:\Users\Tracy\Desktop\10157230_10201875972721484_5841073507464964691_n.jpg
[2014/05/04 19:29:57 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Tracy\Desktop\JRT.exe
[2014/05/04 19:14:27 | 001,313,617 | ---- | M] () -- C:\Users\Tracy\Desktop\AdwCleaner (4).exe
[2014/05/03 10:15:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tracy\Desktop\OTL.exe
[2014/05/02 20:18:18 | 005,071,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/01 20:12:37 | 000,271,360 | ---- | M] () -- C:\Users\Tracy\Documents\Outlook.pst
[2014/05/01 11:10:51 | 001,619,774 | ---- | M] () -- C:\Users\Tracy\Desktop\20140430_143632.jpg
[2014/05/01 11:07:46 | 000,063,163 | ---- | M] () -- C:\Users\Tracy\Desktop\BONUS PROGRAM.pdf
[2014/04/30 13:54:45 | 000,058,208 | ---- | M] () -- C:\Users\Tracy\Desktop\1795679_10203513826437071_1848224178186761998_n.jpg
[2014/04/30 07:02:27 | 000,000,598 | ---- | M] () -- C:\Users\Tracy\Documents\Dish Washing.m3u
[2014/04/30 07:00:25 | 000,023,805 | ---- | M] () -- C:\Users\Tracy\Documents\Music.m3u
[2014/04/30 06:54:59 | 000,000,788 | ---- | M] () -- C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014/04/30 06:54:59 | 000,000,764 | ---- | M] () -- C:\Users\Tracy\Desktop\BitTorrent.lnk
[2014/04/29 11:22:22 | 000,079,016 | ---- | M] () -- C:\Users\Tracy\Desktop\1466190_667368796618776_1352042444_n.jpg
[2014/04/28 15:45:09 | 000,022,753 | ---- | M] () -- C:\Users\Tracy\Desktop\mouseMellows01.jpg
[2014/04/28 15:44:03 | 000,008,273 | ---- | M] () -- C:\Users\Tracy\Desktop\35af35c23f9db1ca3b0f55ce05c2520e.jpg
[2014/04/28 13:46:58 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/28 13:46:58 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/27 18:15:07 | 000,043,220 | ---- | M] () -- C:\Users\Tracy\Desktop\Tracy-3.jpg
[2014/04/27 16:56:42 | 000,050,464 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/04/26 21:20:20 | 000,045,692 | ---- | M] () -- C:\Users\Tracy\Desktop\Love.jpg
[2014/04/25 17:54:03 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTracy.job
[2014/04/24 12:16:14 | 000,068,374 | ---- | M] () -- C:\Users\Tracy\Desktop\10153283_10203513808396620_7621378519211978667_n.jpg
[2014/04/24 12:15:33 | 000,122,209 | ---- | M] () -- C:\Users\Tracy\Desktop\10155327_10203513814036761_8196217567772750270_n.jpg
[2014/04/14 10:32:18 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/04/13 18:29:16 | 920,617,830 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/12 19:41:22 | 000,190,375 | ---- | M] () -- C:\Users\Tracy\Desktop\1395425_10200685089790155_1900174911_n.jpg
[1 C:\Users\Tracy\Documents\*.tmp files -> C:\Users\Tracy\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/06 14:12:08 | 000,099,609 | ---- | C] () -- C:\Users\Tracy\Desktop\paystub 41814.pdf
[2014/05/06 14:11:41 | 000,099,607 | ---- | C] () -- C:\Users\Tracy\Desktop\paystub 42514.pdf
[2014/05/06 14:10:54 | 000,099,615 | ---- | C] () -- C:\Users\Tracy\Desktop\paystub 5214.pdf
[2014/05/06 14:08:10 | 000,000,839 | ---- | C] () -- C:\Users\Tracy\Desktop\Scan0007.lnk
[2014/05/06 14:05:26 | 000,260,974 | ---- | C] () -- C:\Users\Tracy\Documents\Scan0007.pdf
[2014/05/06 13:08:26 | 000,000,924 | ---- | C] () -- C:\Users\Tracy\Desktop\Continue File Opener Installation.lnk
[2014/05/05 23:13:28 | 000,082,910 | ---- | C] () -- C:\Users\Tracy\Desktop\10245344_555975601186476_5469804904034882864_n.jpg
[2014/05/05 22:57:28 | 000,085,884 | ---- | C] () -- C:\Users\Tracy\Desktop\10338256_555931554524214_4252350555965116537_n.jpg
[2014/05/05 22:48:48 | 000,078,017 | ---- | C] () -- C:\Users\Tracy\Desktop\1797341_555954171188619_1791603415774774932_n.jpg
[2014/05/05 21:05:11 | 000,855,379 | ---- | C] () -- C:\Users\Tracy\Desktop\SecurityCheck (4).exe
[2014/05/05 08:29:02 | 000,055,981 | ---- | C] () -- C:\Users\Tracy\Desktop\10157230_10201875972721484_5841073507464964691_n.jpg
[2014/05/04 19:14:24 | 001,313,617 | ---- | C] () -- C:\Users\Tracy\Desktop\AdwCleaner (4).exe
[2014/05/01 14:43:36 | 001,619,774 | ---- | C] () -- C:\Users\Tracy\Desktop\20140430_143632.jpg
[2014/04/30 13:54:44 | 000,058,208 | ---- | C] () -- C:\Users\Tracy\Desktop\1795679_10203513826437071_1848224178186761998_n.jpg
[2014/04/30 07:02:26 | 000,000,598 | ---- | C] () -- C:\Users\Tracy\Documents\Dish Washing.m3u
[2014/04/30 07:00:24 | 000,023,805 | ---- | C] () -- C:\Users\Tracy\Documents\Music.m3u
[2014/04/30 06:54:59 | 000,000,788 | ---- | C] () -- C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014/04/30 06:54:59 | 000,000,764 | ---- | C] () -- C:\Users\Tracy\Desktop\BitTorrent.lnk
[2014/04/29 11:22:22 | 000,079,016 | ---- | C] () -- C:\Users\Tracy\Desktop\1466190_667368796618776_1352042444_n.jpg
[2014/04/28 15:45:09 | 000,022,753 | ---- | C] () -- C:\Users\Tracy\Desktop\mouseMellows01.jpg
[2014/04/28 15:44:03 | 000,008,273 | ---- | C] () -- C:\Users\Tracy\Desktop\35af35c23f9db1ca3b0f55ce05c2520e.jpg
[2014/04/27 18:15:07 | 000,043,220 | ---- | C] () -- C:\Users\Tracy\Desktop\Tracy-3.jpg
[2014/04/26 21:20:20 | 000,045,692 | ---- | C] () -- C:\Users\Tracy\Desktop\Love.jpg
[2014/04/24 12:16:14 | 000,068,374 | ---- | C] () -- C:\Users\Tracy\Desktop\10153283_10203513808396620_7621378519211978667_n.jpg
[2014/04/24 12:15:33 | 000,122,209 | ---- | C] () -- C:\Users\Tracy\Desktop\10155327_10203513814036761_8196217567772750270_n.jpg
[2014/04/13 18:29:16 | 920,617,830 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/10/15 08:42:53 | 000,000,680 | ---- | C] () -- C:\Users\Tracy\AppData\Local\d3d9caps.dat
[2013/07/28 13:34:57 | 000,893,239 | ---- | C] () -- C:\Users\Tracy\AppData\Local\a.zip
[2013/07/28 12:40:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/07/18 15:05:30 | 000,009,728 | ---- | C] () -- C:\Users\Tracy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/23 13:25:01 | 000,000,104 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/06/14 11:35:05 | 000,000,005 | ---- | C] () -- C:\Users\Tracy\AppData\Roaming\WBPU-TTL.DAT
[2013/05/22 20:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/05/22 20:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/05/22 20:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/05/22 20:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/05/22 20:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/03/11 22:21:22 | 000,000,258 | RHS- | C] () -- C:\Users\Tracy\ntuser.pol
[2012/12/23 21:42:50 | 000,114,730 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmpABBEY.JPG
[2011/04/10 15:34:25 | 264,076,312 | ---- | C] () -- C:\Users\Tracy\100_0367.AVI
[2011/04/09 14:27:52 | 131,092,216 | ---- | C] () -- C:\Users\Tracy\100_0357.AVI
[2011/03/27 15:28:59 | 008,379,428 | ---- | C] () -- C:\Users\Tracy\01 Guilty As Charged (feat. Estelle).m4a
[2011/01/04 18:16:08 | 000,001,940 | ---- | C] () -- C:\Users\Tracy\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/21 22:41:46 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 22:01:54 | 000,036,970 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmpRANDI.JPG
[2010/08/25 22:01:54 | 000,034,964 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmpRANDI.0
[2010/07/26 10:12:18 | 000,006,548 | ---- | C] () -- C:\Users\Tracy\.recently-used.xbel
[2010/05/10 00:22:31 | 000,024,049 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmp24127_1344211615746_1544934352_31140848_8112699_N.JPG
[2010/05/10 00:22:31 | 000,023,533 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmp24127_1344211615746_1544934352_31140848_8112699_N.0
[2009/08/21 13:45:04 | 000,019,550 | ---- | C] () -- C:\Users\Tracy\AppData\Local\slot1.mm1
[2009/05/29 13:25:08 | 000,008,264 | ---- | C] () -- C:\Users\Tracy\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== LOP Check ==========
 
[2011/12/30 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2011/12/30 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2014/03/01 20:35:33 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\.mono
[2010/07/03 15:39:16 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2010/05/15 13:42:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Acoustica
[2009/08/07 10:00:54 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Aisle 5 Games, Inc
[2011/02/13 16:37:44 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Alawar
[2012/03/18 22:03:18 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\AlawarEntertainment
[2010/07/05 08:23:24 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Artogon
[2013/08/12 13:11:39 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\AstImageBack
[2013/03/14 17:28:13 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\AVG
[2011/02/20 10:43:00 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Awem
[2009/12/02 14:27:52 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Azuaz Games
[2012/12/31 23:17:12 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Big Top Games
[2014/05/02 20:20:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\BitTorrent
[2010/06/20 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Boomzap
[2010/02/06 08:04:47 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\casanova
[2010/09/15 14:11:38 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Casual Mechanics
[2014/05/04 19:22:33 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Catalina – Print Savings
[2011/02/18 17:27:08 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\cerasus.media
[2013/10/15 08:33:45 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/13 08:56:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/14 10:33:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Curious Sense
[2010/06/19 19:10:25 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\DarkParablesBriarRoseSE_BFG
[2010/05/06 09:08:32 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\DarkParablesBriarRoseSE_RA
[2010/05/08 11:26:48 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\DarkParablesBriarRose_iWin
[2010/02/22 12:21:08 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Dekovir
[2009/12/01 20:18:40 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\E-centives
[2010/01/26 18:18:25 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\ElementalsTheMagicKey
[2010/09/30 14:44:06 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Enki Games
[2010/08/28 18:40:37 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Enlightenus2SE_BFG
[2010/01/22 16:22:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Enlightenus_Real
[2010/04/05 11:08:32 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\EscapeTheMuseum2
[2009/10/11 11:46:34 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Eyeblaster
[2009/06/21 07:06:20 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\FloodLightGames
[2013/04/01 11:14:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Foxit Software
[2011/02/11 21:21:27 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Friday's games
[2013/06/26 10:26:38 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\FrostWire
[2009/12/21 08:42:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Fuel Industries
[2010/07/13 10:03:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Fugazo
[2013/01/30 19:45:45 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\funkitron
[2010/04/25 19:29:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHouse
[2009/09/05 11:52:42 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHouse 3 Days Zoo Mystery
[2010/06/30 06:39:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHousev1000
[2009/12/06 10:29:37 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHousev1001
[2013/08/10 20:41:46 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gamelab
[2010/10/14 11:39:44 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gamers Digital
[2011/05/27 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gogii
[2010/01/14 11:57:56 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gold Casual Games
[2009/07/16 17:11:34 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GOL_byHasbro
[2009/06/30 19:33:52 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GSC 2.00
[2010/06/28 06:39:00 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\gtk-2.0
[2010/05/14 13:30:50 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\HdO Adventure
[2010/02/22 23:20:12 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\InfraRecorder
[2010/07/14 20:39:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\KranX Productions
[2010/06/21 13:38:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Lazy Turtle Games
[2009/09/15 13:48:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Leadertech
[2010/07/26 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\LolClient
[2010/03/28 00:20:05 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/06/11 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Ludia
[2009/11/02 09:47:18 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Magic Academy 2
[2009/12/08 10:12:10 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\MastersOfMystery2
[2009/08/20 16:19:38 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Meridian93
[2010/09/25 15:16:50 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Merscom
[2010/06/22 22:38:53 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\mjusbsp
[2011/01/19 02:34:26 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\MusicNet
[2010/07/08 17:57:46 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Mutant Arcade
[2011/05/03 10:51:41 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Mystery of Mortlake Mansion
[2009/12/25 10:37:18 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\MysteryStudio
[2009/11/15 08:38:42 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Mysteryville2
[2011/07/03 13:27:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\NetMedia Providers
[2010/06/24 09:02:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Oberon Media
[2013/02/19 23:07:48 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\OpenOffice.org
[2012/07/12 11:31:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PDAppFlex
[2011/02/10 12:18:20 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Phantasmat_bf_se1
[2009/05/26 12:10:59 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PictureMover
[2012/07/15 17:05:05 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PlayFirst
[2011/02/28 09:49:55 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PlayPond
[2009/11/16 17:29:43 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Playrix Entertainment
[2010/01/09 22:15:39 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PoBros
[2010/01/21 16:26:22 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Princess Isabella
[2011/07/02 12:21:46 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Publish Providers
[2011/02/28 11:30:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\QB9
[2010/06/29 16:15:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Quirky Games
[2009/11/21 09:51:10 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Righteous Kill
[2013/08/12 13:28:29 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Samsung
[2010/04/11 15:26:22 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Settlement. Colossus
[2010/07/05 18:11:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SevenSails
[2010/03/30 10:53:31 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Silverback Productions
[2010/08/15 13:26:07 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Sky Bros
[2014/05/03 03:16:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SoftGrid Client
[2013/03/18 21:40:03 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Sony
[2010/09/02 12:01:12 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Specialbit
[2009/08/20 09:18:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SpinTop
[2009/08/20 09:18:40 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SpinTop Games
[2012/02/06 18:21:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/09/24 20:12:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Stamps.com Internet Postage
[2013/06/11 08:19:30 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SumatraPDF
[2011/03/13 01:33:01 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SynthMaker
[2011/10/18 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Temp
[2009/05/29 13:26:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Template
[2010/01/21 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TheFixerUpper
[2010/06/05 16:40:08 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Tific
[2010/02/02 13:02:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TitanicMystery
[2009/11/19 14:42:31 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TMInc
[2009/12/14 12:46:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Total Eclipse
[2011/05/01 19:37:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TP
[2013/03/14 13:50:59 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TuneUp Software
[2011/09/27 20:43:10 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Unity
[2009/07/20 07:31:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\V-Games
[2010/06/09 19:03:33 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\VampireSaga
[2011/11/28 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Visan
[2011/07/08 08:50:58 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Vogat Interactive
[2010/01/20 02:12:44 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WeatherBug
[2014/01/14 09:34:26 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WildTangent
[2010/07/01 12:10:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WildTangentv1000
[2009/06/24 17:25:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2006/11/02 07:16:28 | 000,026,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2008/01/20 22:48:17 | 000,045,056 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2008/01/20 22:48:16 | 000,080,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2009/04/11 03:11:22 | 001,081,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2009/04/11 03:11:13 | 000,458,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bfe.dll -- (BFE)
SRV:64bit: - [2011/11/16 10:34:41 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/04/11 03:11:14 | 000,361,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2008/01/20 22:49:11 | 000,103,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 00:12:34 | 000,174,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 00:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2009/04/11 03:11:23 | 000,719,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2009/04/11 03:11:14 | 000,268,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/11 02:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcsvc.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 12:12:21 | 000,117,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2008/01/20 22:50:17 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/04/11 03:11:15 | 000,024,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/04/11 02:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2008/01/20 22:48:03 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/04/11 03:11:15 | 000,533,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ipsecsvc.dll -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/04/11 03:11:26 | 000,480,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2008/01/20 22:49:56 | 000,037,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2008/01/20 22:48:10 | 000,348,160 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2008/01/20 22:48:40 | 000,304,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2008/01/20 22:49:21 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2008/01/20 22:50:27 | 000,206,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2008/01/20 22:49:42 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2009/04/11 03:11:27 | 000,313,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/08/17 10:54:20 | 000,273,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/16 10:34:41 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
SRV:64bit: - [2009/04/11 03:11:14 | 000,399,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\emdmgmt.dll -- (EMDMgmt)
SRV:64bit: - [2008/01/20 22:48:24 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009/04/11 03:11:22 | 000,309,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2009/04/11 03:11:23 | 000,719,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2008/01/20 22:49:09 | 000,028,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/16 10:34:41 | 000,011,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/04/11 03:11:31 | 000,074,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/09/06 14:28:38 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2009/07/10 07:51:23 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
SRV:64bit: - [2009/04/11 03:10:35 | 002,582,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SLsvc.exe -- (slsvc)
SRV:64bit: - [2010/11/06 07:18:13 | 000,855,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2009/04/11 03:11:26 | 000,318,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2009/04/11 02:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/10 07:51:23 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (Themes)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (Themes)
SRV:64bit: - [2009/04/11 03:11:22 | 000,178,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2009/04/11 03:11:03 | 001,433,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vssvc.exe -- (VSS)
SRV:64bit: - [2009/04/11 03:11:13 | 000,446,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\Audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2009/04/11 03:11:13 | 000,446,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\Audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2008/01/20 22:47:28 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SDRSVC.dll -- (SDRSVC)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/11 03:11:28 | 001,491,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (Eventlog)
SRV:64bit: - [2009/04/11 03:11:15 | 000,603,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mpssvc.dll -- (MpsSvc)
SRV:64bit: - [2009/04/11 03:11:28 | 000,572,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2009/04/11 03:10:29 | 000,125,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2009/04/11 02:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/04/11 03:11:29 | 000,221,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2009/04/11 03:11:14 | 000,208,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/11 15:11:20 | 000,615,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009/06/10 07:53:17 | 000,203,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2009/04/06 20:19:29 | 003,079,680 | ---- | M] (Microsoft Corporation) MD5=513619A8ABBF19F34D4308E91D1EC89D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.20610_none_b038be1d4865a6ca\explorer.exe
[2009/04/06 20:19:29 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=5EF11AC92B68B4B8058A3A4F037F26CE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.20610_none_ba8d686f7cc668c5\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\erdnt\cache86\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: MPSVC.DLL  >
[2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) MD5=7D2A43E8FDF725A1133F6C6056A72CDC -- C:\Program Files\Windows Defender\MpSvc.dll
[2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) MD5=7D2A43E8FDF725A1133F6C6056A72CDC -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_b3db4c4e108c89fb\MpSvc.dll
[2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) MD5=7D2A43E8FDF725A1133F6C6056A72CDC -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_b5c6c55a0dae5547\MpSvc.dll
 
< MD5 for: QMGR.DLL  >
[2009/04/11 03:11:22 | 001,081,856 | ---- | M] (Microsoft Corporation) MD5=6D316F4859634071CC25C4FD4589AD2C -- C:\Windows\erdnt\cache64\qmgr.dll
[2009/04/11 03:11:22 | 001,081,856 | ---- | M] (Microsoft Corporation) MD5=6D316F4859634071CC25C4FD4589AD2C -- C:\Windows\SysNative\qmgr.dll
[2009/04/11 03:11:22 | 001,081,856 | ---- | M] (Microsoft Corporation) MD5=6D316F4859634071CC25C4FD4589AD2C -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_819ad97caef1480e\qmgr.dll
[2008/01/20 22:50:12 | 001,082,368 | ---- | M] (Microsoft Corporation) MD5=D896A0D43F8AB81ECB1FC6C24DECFD58 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_7faf6070b1cf7cc2\qmgr.dll
 
< MD5 for: RPCSS.DLL  >
[2009/03/03 00:40:28 | 000,724,992 | ---- | M] (Microsoft Corporation) MD5=007F8DE7AC0F9386C3FD2EC7DC87C37A -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_c3e2cce1f92f2ca2\rpcss.dll
[2009/03/03 00:57:01 | 000,718,336 | ---- | M] (Microsoft Corporation) MD5=52CDADE8289FF21F1F2215FF51A5F36C -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_c5d9dd2ff64839ac\rpcss.dll
[2009/03/03 00:35:22 | 000,724,992 | ---- | M] (Microsoft Corporation) MD5=54FF562C2710BB610B019D723B16FB2A -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_c47a129912422fc2\rpcss.dll
[2009/03/03 00:59:29 | 000,717,824 | ---- | M] (Microsoft Corporation) MD5=857E04C16007E60FCC0803239C853E78 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_c6259b510f93cd21\rpcss.dll
[2009/04/11 03:11:23 | 000,719,872 | ---- | M] (Microsoft Corporation) MD5=CF8B9A3A5E7DC57724A89D0C3E8CF9EF -- C:\Windows\erdnt\cache64\rpcss.dll
[2009/04/11 03:11:23 | 000,719,872 | ---- | M] (Microsoft Corporation) MD5=CF8B9A3A5E7DC57724A89D0C3E8CF9EF -- C:\Windows\SysNative\rpcss.dll
[2009/04/11 03:11:23 | 000,719,872 | ---- | M] (Microsoft Corporation) MD5=CF8B9A3A5E7DC57724A89D0C3E8CF9EF -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_c7d4f08bf35f3abe\rpcss.dll
[2008/01/20 22:51:07 | 000,713,728 | ---- | M] (Microsoft Corporation) MD5=FF27BE0BA7B3C48D5C99AFCB56D436C2 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_c5e9777ff63d6f72\rpcss.dll
 
< MD5 for: SERVICES  >
[2006/09/18 17:37:24 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\services
 
< MD5 for: SERVICES.CFG  >
[2012/07/27 16:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
 
< MD5 for: SERVICES.DAT  >
[2014/04/06 00:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Tracy\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2008/01/20 22:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\erdnt\cache64\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 22:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2006/11/02 11:13:31 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\SysWOW64\en-US\services.exe.mui
[2006/11/02 11:13:31 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
[2006/11/02 11:13:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F514B57C09E143F1E14415A9E9ADD695 -- C:\Windows\SysNative\en-US\services.exe.mui
[2006/11/02 11:13:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F514B57C09E143F1E14415A9E9ADD695 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c3e5209ee1678e23\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2008/01/20 23:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 23:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2006/09/18 17:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysWOW64\wbem\services.mof
[2006/09/18 17:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.mof
[2006/09/18 17:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
 
< MD5 for: SERVICES.MSC  >
[2006/11/02 11:13:51 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2006/09/18 17:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2006/11/02 11:14:00 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2006/11/02 11:13:51 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_fe26f08ab7d12816\services.msc
[2006/09/18 17:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_2b827e27fe185619\services.msc
[2006/11/02 11:14:00 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
 
< MD5 for: SERVICES.PNG  >
[2008/11/04 19:35:20 | 000,000,875 | ---- | M] () MD5=3382D191625A7528ED791FEDCCE3F212 -- C:\Program Files\PC-Doctor for Windows\Images\img16_16\services.png
[2008/11/04 19:35:30 | 000,002,244 | ---- | M] () MD5=8C5F2C34A5FB317B868565F9451BF74C -- C:\Program Files\PC-Doctor for Windows\Images\img32_32\services.png
[2008/11/04 19:35:40 | 000,006,479 | ---- | M] () MD5=AFCA60ED198BE9309943722FE8758392 -- C:\Program Files\PC-Doctor for Windows\Images\img64_64\services.png
[2008/11/04 19:35:36 | 000,004,193 | ---- | M] () MD5=E1C3A20056206C394E65B37CE1D43851 -- C:\Program Files\PC-Doctor for Windows\Images\img48_48\services.png
[2008/11/04 19:35:26 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\PC-Doctor for Windows\Images\img24_24\services.png
 
< MD5 for: SERVICES.RDB  >
[2012/08/13 11:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 11:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files (x86)\OpenOffice.org 3\program\services.rdb
[2012/08/10 16:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
 
< MD5 for: SVCHOST.EXE  >
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache86\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\erdnt\cache64\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache86\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\erdnt\cache64\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is HP
 Volume Serial Number is 02E3-F964
 Directory of C:\
11/02/2006  11:42 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
11/02/2006  11:42 AM    <JUNCTION>     Application Data [C:\ProgramData]
11/02/2006  11:42 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
11/02/2006  11:42 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
11/02/2006  11:42 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
11/02/2006  11:42 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006  11:42 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
11/02/2006  11:42 AM    <SYMLINKD>     All Users [C:\ProgramData]
11/02/2006  11:42 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
11/02/2006  11:42 AM    <JUNCTION>     Application Data [C:\ProgramData]
11/02/2006  11:42 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
11/02/2006  11:42 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
11/02/2006  11:42 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
11/02/2006  11:42 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006  11:42 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
11/02/2006  11:42 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
11/02/2006  11:42 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
11/02/2006  11:42 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
11/02/2006  11:42 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/02/2006  11:42 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/02/2006  11:42 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/02/2006  11:42 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/02/2006  11:42 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/02/2006  11:42 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
11/02/2006  11:42 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
11/02/2006  11:42 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/02/2006  11:42 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
11/02/2006  11:42 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
11/02/2006  11:42 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
11/02/2006  11:42 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
11/02/2006  11:42 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
11/02/2006  11:42 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
11/02/2006  11:42 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Tracy
05/26/2009  11:57 AM    <JUNCTION>     Application Data [C:\Users\Tracy\AppData\Roaming]
05/26/2009  11:57 AM    <JUNCTION>     Cookies [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Cookies]
05/26/2009  11:57 AM    <JUNCTION>     Local Settings [C:\Users\Tracy\AppData\Local]
05/26/2009  11:57 AM    <JUNCTION>     My Documents [C:\Users\Tracy\Documents]
05/26/2009  11:57 AM    <JUNCTION>     NetHood [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/26/2009  11:57 AM    <JUNCTION>     PrintHood [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/26/2009  11:57 AM    <JUNCTION>     Recent [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Recent]
05/26/2009  11:57 AM    <JUNCTION>     SendTo [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\SendTo]
05/26/2009  11:57 AM    <JUNCTION>     Start Menu [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu]
05/26/2009  11:57 AM    <JUNCTION>     Templates [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Tracy\AppData\Local
05/26/2009  11:57 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Tracy\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Tracy\AppData\LocalLow
09/14/2010  06:36 PM    <JUNCTION>     PlayReady [C:\ProgramData\Microsoft\PlayReady]
               0 File(s)              0 bytes
 Directory of C:\Users\Tracy\Documents
05/26/2009  11:57 AM    <JUNCTION>     My Music [C:\Users\Tracy\Music]
05/26/2009  11:57 AM    <JUNCTION>     My Pictures [C:\Users\Tracy\Pictures]
05/26/2009  11:57 AM    <JUNCTION>     My Videos [C:\Users\Tracy\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              48 Dir(s)  469,404,250,112 bytes free
 
< End of report >

  • 0

#24
tdjones813

tdjones813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
OTL Extras logfile created on: 5/7/2014 9:35:57 AM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tracy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.99 Gb Total Physical Memory | 3.15 Gb Available Physical Memory | 52.63% Memory free
12.17 Gb Paging File | 9.40 Gb Available in Paging File | 77.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.32 Gb Total Space | 437.49 Gb Free Space | 75.00% Space Free | Partition Type: NTFS
Drive D: | 12.85 Gb Total Space | 1.80 Gb Free Space | 14.05% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: Tracy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 93 6B 3A F4 BE 12 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022700E4-C3AA-47CE-9064-0DA284A1069D}" = lport=8371 | protocol=6 | dir=in | name=league of legends launcher | 
"{02B07793-F2E3-4736-B70A-849C06750676}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher | 
"{05ABA71E-A39E-485C-AB25-3F163A727CA4}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher | 
"{07728343-016F-4665-8526-24448A5DD282}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{20165D07-8C71-4C2A-8802-F55EE915C63D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2E951453-720A-4249-9586-05D7AA4727B7}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher | 
"{3A4F6A3F-BF41-4CC5-9A62-8B6C6FEB2237}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4C8A3050-1BCF-40CA-88F7-D661D8574826}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{5F5571BF-7784-4DD2-A62E-AA7E6F4F997A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6CBD6722-9D6F-4FE4-87EF-9BD830111370}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{83F46227-0988-420F-BBF4-C8825C7DF139}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 | 
"{8E606540-D504-4C38-BCAD-58C2484B3B85}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9123154A-33DD-46AE-81F3-C4DA2252E732}" = rport=139 | protocol=6 | dir=out | app=system | 
"{928511F3-B73E-451C-BD91-69BBD006055A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{97D3829D-418C-4F3F-B146-EEABFA7CD53C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A1A4655B-AED0-49FF-94A3-E9ED072EB07B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B2484551-66BB-44DE-B03C-DC072C9C9099}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B4BC3A86-3241-42E2-9594-17FFFC1CF457}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher | 
"{B6D58AD9-F690-405C-97A3-C7F44311ECBB}" = lport=8372 | protocol=17 | dir=in | name=league of legends launcher | 
"{BED21D73-DAD4-42E5-92CE-41A741AA704C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CF347618-1D11-4A54-9DF1-0483AEEE40C2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D1881663-3440-4B3A-BBDF-8A04EC062FC7}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{D9D0546E-2AE9-4DB6-B1A7-2C50811443EF}" = lport=8371 | protocol=17 | dir=in | name=league of legends launcher | 
"{DF6299E0-1133-48C9-86C4-0E949F4EB961}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E05E59A8-EC9E-43C5-A3C4-4B37E736FD7A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E7FF0742-5E15-43F4-AAEB-A666E946C452}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher | 
"{E9FAFCC6-959C-4A5C-8405-5CC1C62F6DD3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{EC2F3F3F-02D5-4C2D-939B-5C3E8B813430}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EF3E6CE9-3C6D-46EA-B5CA-301D9F88699C}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher | 
"{F34EE361-3696-48D9-8F77-B0BF37004ECC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{F4B8ADE0-A2AF-4DF5-8774-CA4AA5DCE99D}" = lport=8372 | protocol=6 | dir=in | name=league of legends launcher | 
"{F5523455-8AE3-44F3-B329-AC389FF83254}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FCE6175C-7C39-45C2-B171-7F9E1B69A76D}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A6718A-8E09-4CA1-B8B5-A4C0044A7758}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{01BC55B3-328C-4F2A-A108-ABBFE63C8F69}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe | 
"{01FF8286-39C6-4FE0-947D-244AA268C7D3}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"{024213FA-3AA4-4D2F-883D-8C6B41C5557C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{03B87268-8026-4964-AB74-9442A9527DD3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{03F0A393-423E-44EF-A0BE-EF8AEF115BE6}" = protocol=1 | dir=in | [email protected],-28543 | 
"{0512BC72-EB54-4FA7-97B3-C23E6FC60423}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"{0ACF825D-90A1-45D8-8FEE-C74F7947B0CB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0BC4327E-A702-4730-8DB0-F5FA0A346E3A}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe | 
"{0C70712C-9E60-4A87-B1D3-422371D07ACA}" = dir=in | app=c:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicatorcom.exe | 
"{0D2D1A82-3E6B-4BEF-BCF8-1B50CECB9647}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{10C51848-1D42-419E-B183-C2CBB90157CC}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{12258B35-15E9-470A-BBFC-A635CB5409EB}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{130C89D7-9708-4AA3-B83A-A0685C1DE471}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{167BAC5F-66F1-496E-83FE-FEC1BBECD937}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{1AA0F2F2-94E2-4504-885E-D3869579E666}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{219B88B5-8CF7-44FC-BF8E-0F4B14B47A3F}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | 
"{2269EF80-7F0A-420E-9296-E1C90C21F06F}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | 
"{28FF4D64-F878-4127-B93D-D44969ED30CD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{290A621F-B02E-4B9F-B49F-C0A4D520BB86}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{29C06FFF-141B-4984-A985-333831B5C6C3}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{2A96866F-DDCA-45B1-AAB1-7B72761C51BB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe | 
"{2B9065E4-B38A-4B2E-95FE-85B9D17C4F26}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{2E8905DE-ABEA-470B-A959-3A8C1B226F2F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{2F5AB145-62E8-499E-9A61-01F50FF90186}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{304BE9BC-53E6-471E-96BB-2A07356833C8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{3296C788-A0B8-4E65-B1F5-EC49A46E940D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{3367A87F-8FCC-4DD5-AB8E-2058A82F7DDD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{351991C6-9C1B-465E-B4D8-0428FDDF5A8C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{38D50BD5-ED1F-4846-BDA4-483A328E5418}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe | 
"{3AF51FA2-B88F-428F-9E02-E9CA3ECCEE85}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{3B0C5432-6F40-4547-82F8-DC3789AD5A94}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | 
"{3B589690-2BBF-48C7-848C-92DDB873E450}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{3BEA67E9-4868-4976-B2A3-36AD9BCC73E8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4105241A-5238-49F2-B4C7-D7CBCFDC29E4}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"{4317138B-437F-49BD-8192-28813CD80D6E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{45E03FD5-D6DB-4C3A-AC2D-8A62323D38C1}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe | 
"{46583094-2E15-4760-806C-F67B4631FD35}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | 
"{4BE629F0-2CE7-411F-98C9-D180DF40F454}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe | 
"{4E008D07-3A65-410E-B0D8-04BEF9711CAB}" = dir=in | app=c:\program files\hp\hp deskjet 3510 series\bin\devicesetup.exe | 
"{500E9717-D26C-4264-87DE-3CBC217C565A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{51045EF8-309A-46FB-8969-AD2B2F59526B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{546DFAA5-E74F-4E4B-AE14-D4AFF06AF8A9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{561FED2D-11D0-4C97-AC96-970D18D1F9AE}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{57FCFD95-FA80-41B1-9D3D-F09B6C1CFE52}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe | 
"{59E43124-7209-4202-A50D-7DA2F8934855}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{607FB60F-D124-4AEE-82D3-61A45EE1B434}" = dir=in | app=c:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicator.exe | 
"{64E2D6B5-49E9-4772-9F86-229FBD1166C3}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | 
"{64FC7C2C-2796-443A-A29A-04D3D21CF502}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{6918E4AE-D8FC-49E8-91AF-97584B62BE41}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{6974B65A-A961-411A-9250-58AEA79B446E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe | 
"{73703FB0-8C6A-4149-B0D9-6E68B5193BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe | 
"{76126DD7-B6A0-452E-B4FD-348970EE4E25}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{77BE3E79-6E80-4212-8F05-80BBD9E2F270}" = dir=in | app=c:\windows\explorer.exe | 
"{77E6B2DC-097D-47A2-93F3-13502B8B59E1}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe | 
"{7A9A5A19-B0F4-43AC-8714-28604822A893}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7ACC6E87-8C12-4adb-91B7-EFC3F2F4705A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"{7EB78C91-089F-4FD2-A41A-FC1F38C8A075}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{7F3023F6-E0BE-481B-93E5-A1858C22A94A}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{86CCEB3C-AE8F-4B03-A3DD-205F2802D550}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{88FED118-615F-438B-B92D-3F3D0BE98FBF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{921A0520-0EF5-4431-8C05-923A682FB78A}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{92459C5E-D350-4cba-AA74-C8F989C9336F}" = protocol=17 | dir=out | app=c:\windows\explorer.exe | 
"{92B91EDE-1B5A-47EC-A9EA-34ABBA2D18CA}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | 
"{96898CE9-192A-4DEA-B9EB-D737DB37C694}" = protocol=58 | dir=out | [email protected],-28546 | 
"{997E864A-F5DD-4B95-BCA5-6F2FB3D33FBA}" = protocol=58 | dir=in | [email protected],-28545 | 
"{9C5ADA5A-8B26-40CD-B8FA-07ED6C8D8CF0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{A439F425-25C3-4E98-9300-579C2E95554D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
"{A5C5E630-7261-4BF8-B147-EEEF3A825593}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{A63639E0-E873-4BAA-B1A6-42D833CF72C1}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{A7EC8AC5-3F0A-4A61-B7B2-15E90C427E78}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{AA019790-B637-4C83-B635-A4602D759294}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe | 
"{AD5FF138-1CB5-4A97-8D6B-12451183F058}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{ADCA02ED-AE0E-4D6C-8533-B84090B1E19F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{B078B2B6-A878-44ff-9BCC-458257924F96}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"{B1A40E4F-58DB-490f-9D18-55B5194E8BD5}" = protocol=6 | dir=out | app=c:\windows\explorer.exe | 
"{B65DBA5B-6B96-4AD2-9D91-B146DC30B1E4}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{BB185B0F-AED3-4E5F-BD81-228FAFB2E219}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"{BDF03952-A3C8-4CEC-9FDA-54CEB244E348}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"{BE1AFBA7-8F6A-4EBF-B6D4-49236EE74A7C}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | 
"{BF588ABB-0221-4544-9974-D3881871A742}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{C3E9B20A-B7E2-4aab-9835-3C548937E46F}" = dir=out | app=c:\windows\explorer.exe | 
"{C50D73B4-EF90-4012-876B-3393A9073292}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CB4D2707-9791-4F0C-B05B-50FEAD7CD5E5}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | 
"{CF04C498-25F7-4A19-B546-171C583091C9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{D46994EA-3A54-47B7-AE59-DE7B013C8BDA}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | 
"{D962BC8C-1854-4CE3-9D2B-6D998B9BE5DD}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"{DCE125B2-5753-4128-8EE8-7ACF983E1C7E}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | 
"{E0271837-E16C-4B23-9DEC-B4C0CA15EFC7}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{E0DF3D7B-6F0A-4FD8-B6B3-4917F26B388A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{E2A8918E-0706-4D0D-897C-DE4BE52C029A}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe | 
"{E9286A07-14A7-43D5-BDF0-BCE89E081C8A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | 
"{EB8C4488-8AC6-432A-84B3-8578D785BE7F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{EC2E83AF-3A3F-4761-8BFC-30EDADB7838E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{ED2D3C4E-68D9-42FA-B8A1-5A02B0B6D4DF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{F1AEF8F4-51BB-4FBC-A126-0B21719AE75F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
"{F29005AF-F1B1-46E6-8810-03E7863B917A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | 
"{F2EE4088-C1B5-4937-B3A0-D865AF5EB620}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | 
"{F60A8697-5934-4B99-8CB7-E8385A75229D}" = protocol=1 | dir=out | [email protected],-28544 | 
"{FD86B81B-18DA-4C73-8385-F2C6F109B509}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | 
"TCP Query User{039F517F-0782-46AC-B000-DDB9E751F000}C:\users\tracy\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\tracy\program files (x86)\dna\btdna.exe | 
"TCP Query User{28F9E780-56A0-479B-8894-2E566D489E71}C:\users\tracy\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\tracy\program files (x86)\dna\btdna.exe | 
"TCP Query User{4C21DCA0-69C1-4787-A868-6F2639EB1A86}C:\users\tracy\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tracy\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{AD30FB7C-FDF2-471A-8E12-7D9F8465EAB7}C:\users\tracy\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\tracy\appdata\roaming\mjusbsp\magicjack.exe | 
"TCP Query User{C7B2F589-F065-4E50-8024-E9323CB53785}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{ED7E4D2E-86AF-4D38-A669-2686885AE235}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"UDP Query User{7C391D61-79DA-4269-BF1D-1E58FCF70FFE}C:\users\tracy\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\tracy\program files (x86)\dna\btdna.exe | 
"UDP Query User{89BE46D5-9B35-4B57-BC15-967C0648A4E4}C:\users\tracy\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\tracy\program files (x86)\dna\btdna.exe | 
"UDP Query User{91B0F4CF-9036-4230-BBFC-49B53C02F927}C:\users\tracy\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\tracy\appdata\roaming\mjusbsp\magicjack.exe | 
"UDP Query User{9BC50BF9-B1C6-4378-A712-08C0EBEB3525}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{F0D7A2EE-9E4B-4A2E-BA3A-B8409DE580F0}C:\users\tracy\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tracy\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{F40146ED-C932-4F28-83BD-373CDC7D090A}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5848A26C-E4BC-4A13-AA8D-810BA344475A}" = HP Deskjet 1050 J410 series Product Improvement Study
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{791D3241-C6A4-417F-82E6-00543B6E5012}" = HP Deskjet 3510 series Product Improvement Study
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{7F20F2D1-C425-4432-96BA-EBD0C2181493}" = HP Deskjet 3510 series Basic Device Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B1A8F3D-8059-43FB-A7AE-4F2C21F0AAF2}" = KhalInstallWrapper
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB94D541-A747-4A5D-B0ED-72FA5C158EA5}" = HP Deskjet 1050 J410 series Basic Device Software
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.10
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Puran Defrag_is1" = Puran Defrag 7.6
"SP6" = Logitech SetPoint 6.0
"System Optimizer Pro" = System Optimizer Pro
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}" = Microsoft Office Word 2007 Get Started Tab
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E29C1CE-346A-3F59-AE22-8C5B7F230498}" = Google Talk Plugin
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}" = HP Deskjet 3510 series Help
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6174060-52D9-4886-8DBF-4EBF7C1CBCAA}" = MSRedx64
"{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}" = muvee Reveal
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}" = ASPCA Reminder by We-Care.com v4.1.22.1
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E1591139-8B44-411B-A81B-D35F83A0565A}" = HP Customer Experience Enhancements
"{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EEA7D922-7F21-42A1-B548-236984D36423}_is1" = Jihosoft Android Photo Transfer version 1.5
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All in one Cleaner_is1" = All in one Cleaner ver.1.0
"ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
"BFGC" = Big Fish Games: Game Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"DivX Setup.divx.com" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"GSC 2.00" = GSC 2.00
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"HP Photo Creations" = HP Photo Creations
"InfraRecorder" = InfraRecorder
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton Security Suite
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PrintProjects" = PrintProjects
"PROR" = Microsoft Office Professional 2007 Trial
"pywin32-py2.6" = Python 2.6 pywin32-212
"RCA Updater_is1" = RCA Updater 1.0.4.0
"RealPlayer 16.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Revo Uninstaller" = Revo Uninstaller 1.94
"WildTangent hp Master Uninstall" = HP Games
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"MusicManager" = Music Manager
"MyFreeCodec" = MyFreeCodec
"PDF Reader" = PDF Reader
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/7/2014 4:36:39 AM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1092
 
Error - 5/7/2014 4:36:40 AM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/7/2014 4:36:40 AM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2091
 
Error - 5/7/2014 4:36:40 AM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2091
 
Error - 5/7/2014 5:17:09 AM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/7/2014 5:17:09 AM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
 
Error - 5/7/2014 5:17:09 AM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error - 5/7/2014 8:56:11 AM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/7/2014 8:56:11 AM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
 
Error - 5/7/2014 8:56:11 AM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
 
[ System Events ]
Error - 5/6/2014 4:42:22 PM | Computer Name = Home-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 5/6/2014 8:53:31 PM | Computer Name = Home-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 5/6/2014 8:53:53 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 5/6/2014 8:53:53 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 5/6/2014 8:55:11 PM | Computer Name = Home-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 5/6/2014 8:55:34 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 5/6/2014 8:55:34 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 5/6/2014 8:56:50 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 5/7/2014 2:56:14 AM | Computer Name = Home-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 5/7/2014 3:04:24 AM | Computer Name = Home-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
 
< End of report >

  • 0

#25
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hey,
corrected the JavaRa Link now. ;)

Step 1: Uninstall Software
  • Click on the Start Start%20Orb.jpg button and select Control Panel
  • Click on Programs then click on Uninstall a program
  • You will now see a list of your installed software, double click on the following one by one to uninstall them:
    • System Optimizer Pro

  • Once you have done this, reboot your computer
Step 2: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    FF - user.js - File not found
    O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" File not found
    O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" File not found
    [2014/05/06 13:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallConverter bundle uninstaller
    [2014/05/06 11:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\003
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.
Step 3: JavaRa

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa
Step 4: Question

How is the PC running? Do you have a HDD or SSD Drive?
  • 0

Advertisements


#26
tdjones813

tdjones813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\KodakHomeCenter deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\KodakHomeCenter not found.
C:\Program Files (x86)\InstallConverter bundle uninstaller folder moved successfully.
C:\Program Files\003 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Tracy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2849066 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 982147 bytes
->Google Chrome cache emptied: 66077434 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 138918 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 67.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05072014_112007
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#27
tdjones813

tdjones813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

It seems to be running a litlte faster.  I'm not sure what those are.


  • 0

#28
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hey,

did JavaRa work?

Could you please tell me the model of your computer? Have you upgraded any hardware etc.?
  • 0

#29
tdjones813

tdjones813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

It's a hp pavilion.  I haven't added anything to it.  I want to get a newer computer but the $ just isn't there right now so we have to keep this one working for the time being.


  • 0

#30
tdjones813

tdjones813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

It downloaded.  I believe it did, is there a way to find out if it did


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP