[Spencer4134]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/21/2014
Scan Time: 1:41:35 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.21.07
Rootkit Database: v2014.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Conrad Bowen

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 308119
Time Elapsed: 19 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.TrustedShopper.A, C:\Users\Conrad Bowen\AppData\LocalLow\trustedshopper, , [52e9d2f73f3c2f07938a3ea1b250ff01],
PUP.Optional.TrustedShopper.A, C:\Users\Conrad Bowen\AppData\Roaming\trustedshopper, , [2813f7d277041a1c8d91ab348181e818],

Files: 5
PUP.Optional.UpdateChecker.A, C:\Users\Conrad Bowen\AppData\Local\UpdateChecker\UpdateCheckerApp.exe, , [e05b52770d6e51e52bf9a4aafc08c838],
PUP.Optional.TrustedShopper.A, C:\Users\Conrad Bowen\AppData\LocalLow\trustedshopper\channel.json, , [52e9d2f73f3c2f07938a3ea1b250ff01],
PUP.Optional.TrustedShopper.A, C:\Users\Conrad Bowen\AppData\LocalLow\trustedshopper\proxy.json, , [52e9d2f73f3c2f07938a3ea1b250ff01],
PUP.Optional.TrustedShopper.A, C:\Users\Conrad Bowen\AppData\Roaming\trustedshopper\channel.json, , [2813f7d277041a1c8d91ab348181e818],
PUP.Optional.TrustedShopper.A, C:\Users\Conrad Bowen\AppData\Roaming\trustedshopper\proxy.json, , [2813f7d277041a1c8d91ab348181e818],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Please note that the laptop feels like it is getting slower than it was when you had me uninstall those programs. It's still faster, but not as much.

[Advertisements]

Spencer4134,

I think this system is well on it's way to being clean; the FRST fix below will remove what MBAM found and then let us see what BitDefender finds (or has found).

First >>>>

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

start
C:\Users\Conrad Bowen\AppData\LocalLow\trustedshopper
C:\Users\Conrad Bowen\AppData\Roaming\trustedshopper
C:\Users\Conrad Bowen\AppData\Local\UpdateChecker
EmptyTemp:
end

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
(Please post this before running the second step as that may take some time.)


Second >>>>>

I usually have a third party AV scan done as a final check but on this system (with BitDefender Total Security installed) I feel that would not be of any benefit to us.

That being said, can you please run a full system scan with BitDefender Total Security and post the log results. The instructions on running the scan are here and summarized below for your convenience.

To perform a complete scan on the system, follow these steps:

• Open the Bitdefender window.
• Access the Protection panel.
• Under the Antivirus module, select System Scan.
• Follow the Antivirus Scan wizard to complete the scan. Bitdefender will automatically take the recommended actions on detected files.
• If there remain unresolved threats, you will be prompted to choose the actions to be taken on them.

Please post either a screen shot of what is found / fixed or post a copy of the log of the scan.

 

Third >>>>

After the system scan, please run a disk defragmentation on the system disk. The best way to do this is to click on Start > My Computer, right click on the C: disk and select Properties. On the Tools tab, click on Defragment now to start the process.

[dbreeze]

Spencer4134,

I think this system is well on it's way to being clean; the FRST fix below will remove what MBAM found and then let us see what BitDefender finds (or has found).

First >>>>

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

start
C:\Users\Conrad Bowen\AppData\LocalLow\trustedshopper
C:\Users\Conrad Bowen\AppData\Roaming\trustedshopper
C:\Users\Conrad Bowen\AppData\Local\UpdateChecker
EmptyTemp:
end

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
(Please post this before running the second step as that may take some time.)


Second >>>>>

I usually have a third party AV scan done as a final check but on this system (with BitDefender Total Security installed) I feel that would not be of any benefit to us.

That being said, can you please run a full system scan with BitDefender Total Security and post the log results. The instructions on running the scan are here and summarized below for your convenience.

To perform a complete scan on the system, follow these steps:

• Open the Bitdefender window.
• Access the Protection panel.
• Under the Antivirus module, select System Scan.
• Follow the Antivirus Scan wizard to complete the scan. Bitdefender will automatically take the recommended actions on detected files.
• If there remain unresolved threats, you will be prompted to choose the actions to be taken on them.

Please post either a screen shot of what is found / fixed or post a copy of the log of the scan.

 

Third >>>>

After the system scan, please run a disk defragmentation on the system disk. The best way to do this is to click on Start > My Computer, right click on the C: disk and select Properties. On the Tools tab, click on Defragment now to start the process.

[Spencer4134]

I'm running them now and will post them today. Sorry it's been awhile.

[dbreeze]

Not a problem; we all have other things to do.  Thanks for the post to keep us in the loop; will look for the results when you get them.

[Spencer4134]

FRST:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-08-2014
Ran by Conrad Bowen at 2014-08-27 13:11:37 Run:2
Running from C:\Users\Conrad Bowen\Documents\1to1Greetings\CmasProofs\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\Conrad Bowen\AppData\LocalLow\trustedshopper
C:\Users\Conrad Bowen\AppData\Roaming\trustedshopper
C:\Users\Conrad Bowen\AppData\Local\UpdateChecker
EmptyTemp:
end

*****************

C:\Users\Conrad Bowen\AppData\LocalLow\trustedshopper => Moved successfully.
C:\Users\Conrad Bowen\AppData\Roaming\trustedshopper => Moved successfully.
C:\Users\Conrad Bowen\AppData\Local\UpdateChecker => Moved successfully.
EmptyTemp: => Removed 318.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

Bitdefender (Another user ran this scan and deleted some found items):

 

<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type="text/xsl" href="C:\Program Files\Bitdefender\Bitdefender 2015\ondemand.xsl"?>
<ScanSession creator="Bitdefender Total Security 2015" name="System Scan" installPath="C:\Program Files\Bitdefender\Bitdefender 2015\" creationDate="Wednesday, August 27, 2014 2:25:45 PM" originalPath="C:\ProgramData\Bitdefender\Desktop\Profiles\Logs\dcf483c4-26d0-4e6f-ba28-6a53a00adae1\1409167231_1_01.xml" >
    <ScanSettings
        statisticsRefreshInterval="1000"
        scanSpeed="1.000000"
        lowPriority="0"
        enableExclusions="1"
        enableTaskExclusions="0"
        scanAdware="1"
        scanSpyware="1"
        scanApplications="1"
        scanDialers="1"
        scanKeyloggers="1"
        scanFiles="1"
        scanAllFiles="1"
        scanProgramsOnly="0"
        useCustomPrograms="0"
        customPrograms=""
        scanUserDefined="0"
        scanPacked="1"
        scanArchives="1"
        useSmartScan="1"
        scanEmails="1"
        scanRootkits="0"
        scanAllRootkits="1"
        scanBoot="1"
        scanMemory="1"
        scanRegistry="1"
        quickScan="1"
        quickScanMemory="0"
        quickScanAutoruns="0"
        quickScanPlugins="1"
        scanCookies="1"
        shutdownAfter="0"
        passwordPrompt="0"
        onlyAllowedActions="1"
        deepArchiveScan="1"
        maxArchiveLevel="15"
        maxArchiveSize="0"
        infectedAction1="3"
        infectedAction2="7"
        suspectAction1="7"
        suspectAction2="1"
        rootkitAction="3"
        userDefinedExtensions=""
    >

        <ScanPaths>
            <path>C:\</path>
        </ScanPaths>

        <ExcludedPaths>
            <path>c:\users\conrad bowen\documents\1to1greetings\cmasproofs\desktop\aswmbr.exe</path>
        </ExcludedPaths>

        <ExcludedExtensions>
        </ExcludedExtensions>

    </ScanSettings>

    <EngineSummary
        totalSignatures="6726288"
        />

    <ScanSummary
        scannedArchives="5"
        scannedPacked="1"
        startTime="1409167231"
        duration="2542645"
    >

        <TypeSummary type="1"
            scanned="30"
            infected="0"
            suspicious="0"
            disinfected="0"
            deleted="0"
            moved="0"
            moved_reboot="0"
            delete_reboot="0"
            renamed="0"
            hidden="0"
        />

        <TypeSummary type="4"
            scanned="0"
            infected="0"
            suspicious="0"
            disinfected="0"
            deleted="0"
            moved="0"
            moved_reboot="0"
            delete_reboot="0"
            renamed="0"
            hidden="0"
        />

        <TypeSummary type="0"
            scanned="392736"
            infected="0"
            suspicious="0"
            disinfected="0"
            deleted="0"
            moved="0"
            moved_reboot="0"
            delete_reboot="0"
            renamed="0"
            hidden="0"
        />

        <TypeSummary type="5"
            scanned="0"
            infected="0"
            suspicious="0"
            disinfected="0"
            deleted="0"
            moved="0"
            moved_reboot="0"
            delete_reboot="0"
            renamed="0"
            hidden="0"
        />

        <TypeSummary type="2"
            scanned="4394"
            infected="0"
            suspicious="0"
            disinfected="0"
            deleted="0"
            moved="0"
            moved_reboot="0"
            delete_reboot="0"
            renamed="0"
            hidden="0"
        />

        <TypeSummary type="3"
            scanned="2765"
            infected="0"
            suspicious="0"
            disinfected="0"
            deleted="0"
            moved="0"
            moved_reboot="0"
            delete_reboot="0"
            renamed="0"
            hidden="0"
        />

        <TypeSummary type="6"
            scanned="1"
            infected="0"
            suspicious="0"
            disinfected="0"
            deleted="0"
            moved="0"
            moved_reboot="0"
            delete_reboot="0"
            renamed="0"
            hidden="0"
        />

    </ScanSummary>

    <ScanDetails>
        <UnresolvedDetails>
        </UnresolvedDetails>

        <ResolvedDetails>
        </ResolvedDetails>

        <IgnoredDetails>
        </IgnoredDetails>

        <QuickScanDetails>
        </QuickScanDetails>
        <NotScannedDetails
            skipped="156206"
            ioerrors="7"
            archiveBombs="0"
            passwordProtected="2"
        >

            <Item type="0" objectType="0" path="C:\System Volume Information\{c9191bca-1b35-11e4-a6ab-00266c5a3206}{3808876b-c176-4e48-b7ae-04046e6cc752}" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
            <Item type="0" objectType="0" path="C:\System Volume Information\{c54eb4e7-1a46-11e4-b728-00266c5a3206}{3808876b-c176-4e48-b7ae-04046e6cc752}" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
            <Item type="0" objectType="0" path="C:\System Volume Information\{903dfb12-1436-11e4-a96b-00266c5a3206}{3808876b-c176-4e48-b7ae-04046e6cc752}" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
            <Item type="0" objectType="0" path="C:\Users\Conrad Bowen\AppData\Local\Microsoft\Outlook\Outlook.pst=&gt;[Subject: Fwd: SDRCM Reunion 2013][From: Anna]=&gt;SDRCM_11282012.xls" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
            <Item type="0" objectType="0" path="C:\System Volume Information\{793fe78f-2312-11e4-a82e-00266c5a3206}{3808876b-c176-4e48-b7ae-04046e6cc752}" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
            <Item type="0" objectType="0" path="C:\System Volume Information\{fb0f6471-18b3-11e4-b2b9-00266c5a3206}{3808876b-c176-4e48-b7ae-04046e6cc752}" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
            <Item type="0" objectType="0" path="C:\System Volume Information\{b9a7ebee-27ea-11e4-8c44-00266c5a3206}{3808876b-c176-4e48-b7ae-04046e6cc752}" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
            <Item type="0" objectType="0" path="C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
            <Item type="0" objectType="0" path="C:\Users\Conrad Bowen\Documents\OutLook Backups\Outlook backup.pst=&gt;[Subject: Fwd: SDRCM Reunion 2013][From: Anna]=&gt;SDRCM_11282012.xls" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
        </NotScannedDetails>
    </ScanDetails>

</ScanSession>
 

[dbreeze]

OK, thanks for the reports.  I see some that we will remove in the last clean up steps.  I will get my steps approved and get them to you ASAP.

 

How is the system running now?  Was a defragmentation run made on this system?

[dbreeze]

All right!! Your logs are clean and you're good to go now!! We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. Just run through the steps from the Cleanup of Tools to the Program Update Checker. The last thing to do manually, is the reset of the Desktop file location. That's it. Thanks.


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

• Download Delfix from here to your desktop and double click it to start the program
• Ensure Remove disinfection tools is ticked
  Also tick:
• Create registry backup
• Purge system restore
• Reset system settings
• 
• Click Run
• The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

• Click Start and then click Control Panel.
• Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
• Scroll down and click on Windows Update.
• Click on Change settings.
• Under Important Updates, click on Install updates automatically (recommended).
• Select (click on) the other options on this page.
• Select a day and time to have windows install the updates.
• Click on Ok to change the settings.
• If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

• How to disable Java in your web browser
• How to unplug Java from the browser

To uninstall Java (on Win7):

• Click Start and then click Control Panel.
• If you need to, click View by: and select either Large Icons or Small Icons.
• Click on Programs and Features.
• Scroll down until you find Java and click on it to select that program.
• (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
• Click Uninstall.
• If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:

• Go to java.com and click on Do I have Java?.
• On the next page, click on Verify Java Version.
• If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
• Follow the recommendations (if any) on the results screen.
• If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
• The site will start a download of jxpiinstall.exe. Save the file to your desktop.
• When the download is finished, close your browser.
• Right click on the jxpiinstall.exe and select Run as Administrator.
• On the opening window, check Change destination folder and then click Install>.
• The program will now download the rest of the files needed to install Java.
• On the Destination Folder window, click Next>.
• On the next window, the install will present you the option of adding additional software (this is known as Foistware).
• Uncheck the Set and keep Ask as my default search provider.
• Uncheck the Install the Ask Toolbar.
• Click Next> to finish the install.
• When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that we recommend is Sumatra PDF.

To update Adobe Reader:

• Launch your Adobe Reader.
• Click Help and then click on About Adobe Reader from the menu list.
• If the version is 11.0.04 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
• The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
• Click on Download in the menu bar on top of the Adobe web page.
• Click on Adobe Reader in the list on the right hand side of the page.
• On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
• Click the Install Now button and follow the directions on next page.
• If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
• When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Update Checker from FileHippo.com (you can get the software from here and read more about it on the same page).

Change or Restore the Desktop Location for Windows 7

• Open your folder (i.e c:\users\yourloginid ). This can be opened by just clicking on the login name in the Start menu. (Start [Windows Orb] > user name on the top right hand side of the menu)
• Right click on Desktop folder
• Select Properties
• Click on Location tab

• Now enter the new location for the Desktop folder or click on Restore Default to return the desktop folder to the system default value.
• Click on Apply
• If the new location does not exist already it asks for confirmation to create the folder.

• Click on Yes
• Next it asks if you want to move all of the files from the old location to the new location. Select Yes.

• Next click on OK and close the Desktop Properties window.

You are now done!

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Emsisoft Online Armor - installs as trialware which converts to freeware in 30 days
Zone Alarm Free Firewall - installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online
 

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!

[Spencer4134]

Thank you so much!

 

The thing is, the computer is slow again. It was running great when you had me uninstall those programs, but now it is almost as slow as it was before...

 

Any advice?

 

I am also still REALLY suspicious there's more crap on my computer. I have like 3 or 4 pdf readers apparently, like PDF Pro. And there's some files in the Common Files folder that don't look right.

 

UPDATE: Apparently, PDF Pro was an intentional install. But I still see a ton of strange looking files. And there's a Yahoo! folder for a toolbar that doesn't exist in my browser. There's a lot more I could name.

Edited by Spencer4134, 30 August 2014 - 04:58 PM.

[dbreeze]

Well, let's look at a few things to see if those can shed any light on this.

First, did you make the changes to the desktop file location? How did that go?

Second, let's look at the services running and see about any pertanent errors there.

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

 

 

Third, a OTL scan can be configured to show files dated back further than a month.

OTL
OTL is a tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

• Download OTL to your Desktop
• XP users should double click on the OTL icon to run it; all other users should right click on the OTL icon and select Run as Administrator. Make sure all other windows are closed and to let the tool run uninterrupted.
• Make sure the following boxes / options are selected:
  • Scan All Users
  • Include 64bit Scans (if this option is present)
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name Whitelist
  • LOP Check
  • Purity Check
  • Use Safelist is selected under Extra Registry option box.
  • Under File Age select 180 days
• Copy the contents of the quote box below and paste them into the Custom Scans/Fixes box at the bottom of OTL's main panel. Do not copy the word Quote.
  

  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  dir "%systemdrive%\*" /S /A:L /C
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  rpcss.dll
  /md5stop
  c:\windows\system32\*.dll /lockedfiles
  c:\windows\system32\drivers\*.sys /lockedfiles
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT

• Click the Run Scan button. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply. Thank you.

[dbreeze]

Also, Spencer4134, is the slowness just in browsing the net or the entire system is acting slow in general?  Is there any one activity that seems to trigger the slowness or .....?  Thanks.

[Spencer4134]

The whole system in general. I right click and the first few times it takes like 10-20 seconds to do it. And the one activity that seems to trigger it? Turning it on. It's not on and off, it's steady slowness.

[Spencer4134]

Oh and I didn't notice your other post. I'll work on it and post the results.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[CompCav]

User returned.

[Spencer4134]

Ok, the desktop change went great! Nothing wrong so far.

 

Here's the logs.

 

FSS:

 

Farbar Service Scanner Version: 21-07-2014
Ran by Conrad Bowen (administrator) on 10-09-2014 at 13:24:54
Running from "C:\Users\Conrad Bowen\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

OTL:

 

OTL logfile created on: 9/10/2014 1:50:41 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Conrad Bowen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 0.26 Gb Available Physical Memory | 14.08% Memory free
3.74 Gb Paging File | 1.03 Gb Available in Paging File | 27.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.47 Gb Total Space | 138.61 Gb Free Space | 62.30% Space Free | Partition Type: NTFS
 
Computer Name: CBSLAPTOP | User Name: Conrad Bowen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 360 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/10 13:50:34 | 017,328,816 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\FlashPlayerInstaller.exe
PRC - [2014/09/10 13:45:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Conrad Bowen\Desktop\OTL.exe
PRC - [2014/09/05 13:45:46 | 000,279,488 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
PRC - [2014/07/29 18:22:10 | 036,414,496 | ---- | M] (Dropbox, Inc.) -- C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/02/03 23:48:58 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/12/04 10:52:22 | 000,174,592 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2011/08/29 15:56:58 | 004,566,016 | ---- | M] (Visagesoft) -- C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\vspdfprsrv.exe
PRC - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/10 13:05:47 | 000,043,008 | ---- | M] () -- c:\Users\Conrad Bowen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdglbqj.dll
MOD - [2014/07/29 18:20:20 | 003,610,624 | ---- | M] () -- C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/08/23 13:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2011/08/29 15:57:12 | 001,135,616 | ---- | M] () -- C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\TMSlite140.bpl
MOD - [2011/08/29 15:57:02 | 002,366,464 | ---- | M] () -- C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\bblite140.bpl
MOD - [2011/08/29 15:57:02 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\expertpdfcore140.bpl
MOD - [2011/08/18 16:40:04 | 000,336,896 | ---- | M] () -- C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\visage140.bpl
MOD - [2011/08/18 16:40:04 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\vsmisc140.bpl
MOD - [2011/07/31 08:45:46 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\js32.dll
MOD - [2010/11/23 09:46:22 | 002,387,456 | ---- | M] () -- C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\PKIECtrl140.bpl
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/05 13:44:33 | 000,067,320 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2014/09/05 13:44:32 | 001,518,560 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe -- (VSSERV)
SRV:64bit: - [2014/08/27 13:48:42 | 000,077,632 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe -- (BdDesktopParental)
SRV:64bit: - [2014/07/25 07:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/07/08 15:59:09 | 000,094,624 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/11/18 14:21:16 | 000,739,672 | ---- | M] (CANON INC) [Auto | Running] -- C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe -- (Canon imagePROGRAF Status Monitor)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/05 23:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 16:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2008/12/08 08:29:24 | 000,210,944 | ---- | M] (CANON INC.) [Auto | Stopped] -- C:\Windows\SysNative\cnwiols6.exe -- (iPFDeviceAgentService)
SRV - [2014/09/10 13:51:35 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/29 14:10:24 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/02/03 23:48:58 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/12/04 10:52:22 | 000,174,592 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe -- (HP DS Service)
SRV - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/27 13:49:12 | 000,647,752 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2014/08/27 13:48:33 | 001,260,120 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2014/08/27 13:48:09 | 000,419,616 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2013/11/13 16:41:29 | 000,093,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2013/11/04 16:47:36 | 000,082,824 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2013/08/23 13:48:49 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2013/07/02 14:04:11 | 000,121,928 | ---- | M] (Bitdefender SRL) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys -- (bdfwfpf_pc)
DRV:64bit: - [2013/02/11 22:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/11/02 14:17:46 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012/10/29 15:23:56 | 000,107,080 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/17 14:34:26 | 000,076,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/20 09:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/20 10:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/01 11:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/06 13:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 18:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/07 09:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{0E5BE163-B4B7-4606-86A4-9A275814FF82}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8EACC4AA-8F68-495E-873C-25480C25810A}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{8EACC4AA-8F68-495E-873C-25480C25810A}: "URL" = http://www.google.co...&rlz=1I7TSNA_en
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{8EACC4AA-8F68-495E-873C-25480C25810A}: "URL" = http://www.google.co...&rlz=1I7TSNA_en
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com
IE - HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\..\SearchScopes,DefaultScope = {0E5BE163-B4B7-4606-86A4-9A275814FF82}
IE - HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\..\SearchScopes\{0E5BE163-B4B7-4606-86A4-9A275814FF82}: "URL" = http://www.google.co...1I7TSNA_enUS398
IE - HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\..\SearchScopes\{8EACC4AA-8F68-495E-873C-25480C25810A}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\..\SearchScopes\{E10195EF-867C-49D7-BCA5-77419340AE66}: "URL" = http://www.google.co...1I7TSNA_enUS398
IE - HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.memotoo.com/"
FF - prefs.js..extensions.enabledAddons: bdwteff%40bitdefender.com:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Conrad Bowen\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2015\BDTBEXT [2014/07/11 17:33:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff\ [2014/07/11 17:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/07/29 14:10:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/29 14:10:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014/07/11 17:33:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/07/29 14:10:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/29 14:10:17 | 000,000,000 | ---D | M]
 
[2014/02/26 19:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conrad Bowen\AppData\Roaming\Mozilla\Extensions
[2014/07/16 18:55:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conrad Bowen\AppData\Roaming\Mozilla\Firefox\Profiles\nhg2jzjt.default-1400084744074\extensions
[2014/07/29 14:10:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/29 14:10:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/11 17:33:33 | 000,000,000 | ---D | M] (Bitdefender Wallet) -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2015\ANTISPAM32\BDWTEFF
 
O1 HOSTS File: ([2010/10/31 06:26:14 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Bitdefender Wallet ) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bitdefender Wallet) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\pmbxie.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\vspdfprsrv.exe (Visagesoft)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4154370108-1394326414-2424723564-1000..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe (Bitdefender)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Conrad Bowen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...?rnd=2750789380 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{072ABE1C-E17B-40D6-B3F6-FEF04F61A10A}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42E3E135-8341-4569-B362-A380A0DF4BF5}: DhcpNameServer = 192.168.0.1 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46D4A7BF-90E2-4C88-A85F-82CBB2C51980}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B0EF9D3-C5C8-4C9F-AB72-8393ACF51725}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AB2917D-4D13-46A0-A1DD-9AE9A25F5BEA}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDC89304-5822-4779-9B88-E92AC944280E}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0811df36-2892-11e0-8890-00266c5a3206}\Shell - "" = AutoRun
O33 - MountPoints2\{0811df36-2892-11e0-8890-00266c5a3206}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 360 Days ==========
 
[2014/09/10 13:45:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Conrad Bowen\Desktop\OTL.exe
[2014/09/10 13:22:26 | 000,415,232 | ---- | C] (Farbar) -- C:\Users\Conrad Bowen\Desktop\FSS.exe
[2014/09/10 13:12:36 | 000,000,000 | R--D | C] -- C:\Users\Conrad Bowen\Desktop\scan
[2014/09/10 13:12:36 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\Desktop\Old Firefox Data
[2014/09/10 13:12:36 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\Desktop\mbar
[2014/08/27 13:49:12 | 000,647,752 | ---- | C] (BitDefender) -- C:\windows\SysNative\drivers\avckf.sys
[2014/08/20 11:00:29 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\AppData\Local\LogMeIn
[2014/08/20 11:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2014/08/19 17:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2014/08/19 17:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2014/08/19 15:54:31 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/08/18 16:19:04 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/08/14 15:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/08/13 10:57:34 | 000,000,000 | ---D | C] -- C:\FRST
[2014/08/13 10:45:38 | 000,000,000 | R--D | C] -- C:\Users\Public\Desktop\PC Repair Tools
[2014/08/07 09:28:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/02 15:01:52 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\Documents\FamHistPhotos
[2014/07/29 14:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/07/15 16:23:40 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\windows\SysNative\bdsandboxuiskin32.dll
[2014/07/15 15:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
[2014/07/15 15:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2014/07/15 15:52:56 | 000,076,944 | ---- | C] (BitDefender) -- C:\windows\SysNative\drivers\bdvedisk.sys
[2014/07/15 15:52:51 | 000,093,600 | ---- | C] (BitDefender LLC) -- C:\windows\SysNative\drivers\BdfNdisf6.sys
[2014/07/15 15:52:51 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\windows\SysWow64\bdsandboxuiskin32.dll
[2014/07/15 15:52:50 | 000,082,824 | ---- | C] (BitDefender SRL) -- C:\windows\SysNative\drivers\bdsandbox.sys
[2014/07/15 15:52:35 | 001,260,120 | ---- | C] (BitDefender) -- C:\windows\SysNative\drivers\avc3.sys
[2014/07/15 15:52:35 | 000,261,056 | ---- | C] (BitDefender) -- C:\windows\SysNative\drivers\avchv.sys
[2014/07/15 15:50:54 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\AppData\Roaming\Bitdefender
[2014/07/15 15:41:14 | 000,084,848 | ---- | C] (BitDefender SRL) -- C:\windows\SysNative\BDSandBoxUISkin.dll
[2014/07/15 15:41:14 | 000,034,384 | ---- | C] (BitDefender SRL) -- C:\windows\SysNative\BDSandBoxUH.dll
[2014/07/15 15:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2014/07/15 15:41:13 | 000,150,256 | ---- | C] (BitDefender LLC) -- C:\windows\SysNative\drivers\gzflt.sys
[2014/07/15 15:41:11 | 000,419,616 | ---- | C] (BitDefender S.R.L.) -- C:\windows\SysNative\drivers\trufos.sys
[2014/07/15 15:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2014/07/15 15:40:57 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\AppData\Roaming\QuickScan
[2014/07/15 15:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2014/07/15 15:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2014/07/15 14:47:00 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/15 14:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/15 14:46:10 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/07/15 14:46:10 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/07/15 14:46:10 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/07/15 14:46:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/07/15 14:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/07/04 18:38:17 | 000,000,000 | ---D | C] -- C:\GalaxyS5-Transfer
[2014/06/11 07:00:16 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\AppData\Local\Adobe
[2014/06/10 16:07:11 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\AppData\Roaming\GoContactSyncMOD
[2014/06/08 19:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync
[2014/06/05 20:21:22 | 000,000,000 | R--D | C] -- C:\Users\Conrad Bowen\Dropbox
[2014/06/05 20:19:47 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/06/05 20:17:58 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\AppData\Roaming\Dropbox
[2014/05/19 16:35:54 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\AppData\Local\HP
[2014/05/14 17:23:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/14 10:32:43 | 000,000,000 | -HSD | C] -- C:\Users\Conrad Bowen\AppData\Local\EmieUserList
[2014/05/14 10:32:43 | 000,000,000 | -HSD | C] -- C:\Users\Conrad Bowen\AppData\Local\EmieSiteList
[2014/05/12 16:26:04 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\AppData\Roaming\Hewlett-Packard Company
[2014/05/12 16:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/05/12 16:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/05/12 16:24:40 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\AppData\Roaming\HpUpdate
[2014/05/12 16:23:29 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
[2014/05/12 16:21:41 | 000,217,656 | ---- | C] (Hewlett Packard) -- C:\windows\SysNative\hppscancoins64.dll
[2014/05/12 16:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014/05/12 16:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/05/05 23:00:38 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel
[2014/04/01 12:48:44 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\Documents\MooreGreen
[2014/02/27 15:04:43 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\AppData\Local\Citrix
[2014/02/26 18:20:14 | 000,000,000 | ---D | C] -- C:\temp
[2014/02/26 15:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/02/26 15:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2014/02/26 15:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2014/02/26 15:09:42 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\AppData\Roaming\Yahoo!
[2014/02/26 15:09:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2014/02/26 14:37:24 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\Documents\Add-in Express
[2014/02/26 14:33:33 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best MP4 to MP3 Converter
[2014/02/26 14:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Best MP4 To MP3 Converter
[2014/02/26 00:25:18 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2014/02/22 11:12:59 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\AppData\Local\SlimWare Utilities Inc
[2014/02/22 11:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
[2014/02/22 11:12:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2014/02/07 10:23:04 | 000,000,000 | R--D | C] -- C:\Users\Conrad Bowen\Desktop
[2014/02/05 19:44:01 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\AppData\Roaming\Free Download Manager
[2014/01/26 10:40:20 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\Documents\Primary
[2014/01/21 09:00:17 | 000,000,000 | ---D | C] -- C:\prntdrvr
[2014/01/15 18:42:40 | 000,608,032 | ---- | C] (McAfee, Inc.) -- C:\SecurityScanner.dll
[2013/11/19 09:58:59 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\Documents\Janene
[2013/11/06 13:34:53 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\Documents\Pic-KSL
[2013/10/03 15:00:02 | 000,000,000 | ---D | C] -- C:\PDF Printer
[2013/10/03 14:58:31 | 000,000,000 | ---D | C] -- C:\Users\Conrad Bowen\AppData\Roaming\Softland
[2013/10/03 14:58:23 | 000,025,920 | ---- | C] (Softland) -- C:\windows\SysNative\dopdfmn7.dll
[2013/10/03 14:58:23 | 000,021,312 | ---- | C] (Softland) -- C:\windows\SysNative\dopdfmi7.dll
[2013/10/03 14:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 7
[2013/10/03 14:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2013/10/01 16:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/10/01 16:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/09/19 22:48:03 | 000,000,000 | ---D | C] -- C:\perflogs
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 360 Days ==========
 
[2014/09/10 13:51:45 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/09/10 13:45:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Conrad Bowen\Desktop\OTL.exe
[2014/09/10 13:40:09 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/10 13:30:25 | 000,000,604 | ---- | M] () -- C:\windows\tasks\G2MUpdateTask-S-1-5-21-4154370108-1394326414-2424723564-1000.job
[2014/09/10 13:21:52 | 000,415,232 | ---- | M] (Farbar) -- C:\Users\Conrad Bowen\Desktop\FSS.exe
[2014/09/10 13:12:26 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/10 13:12:26 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/10 13:04:59 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/10 13:02:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/09/10 13:02:45 | 1506,783,232 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/09 21:17:00 | 000,926,884 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/09/09 21:17:00 | 000,764,410 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/09/09 21:17:00 | 000,161,736 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/09/09 20:44:13 | 000,053,619 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\Carlson - Pre-qualification-5.pdf
[2014/09/09 20:42:19 | 000,016,329 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\michael kindon sig.PNG
[2014/09/09 20:35:35 | 000,002,272 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\norton.PNG
[2014/09/09 20:12:28 | 000,015,941 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\Michael Kingdon.PNG
[2014/08/29 06:03:43 | 000,438,128 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/08/27 13:49:12 | 000,647,752 | ---- | M] (BitDefender) -- C:\windows\SysNative\drivers\avckf.sys
[2014/08/27 13:48:33 | 001,260,120 | ---- | M] (BitDefender) -- C:\windows\SysNative\drivers\avc3.sys
[2014/08/27 13:48:09 | 000,419,616 | ---- | M] (BitDefender S.R.L.) -- C:\windows\SysNative\drivers\trufos.sys
[2014/08/27 13:32:07 | 000,000,409 | ---- | M] () -- C:\windows\SysNative\checkdnsid.xml
[2014/08/25 10:57:10 | 000,271,360 | ---- | M] () -- C:\Users\Conrad Bowen\Documents\Outlook backup.pst
[2014/08/22 18:42:42 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/22 13:08:58 | 000,000,000 | ---- | M] () -- C:\Users\Conrad Bowen\Documents\HPLJM127_128_Fax_Port
[2014/08/19 17:14:48 | 000,038,421 | ---- | M] () -- C:\windows\hplj3380.his
[2014/08/19 17:14:48 | 000,003,778 | ---- | M] () -- C:\windows\hplj3380.ini
[2014/08/19 17:13:34 | 000,000,103 | ---- | M] () -- C:\windows\SysWow64\hptrace.ini
[2014/08/19 17:12:55 | 000,013,438 | ---- | M] () -- C:\windows\hpbins01.dat.temp
[2014/08/19 17:12:55 | 000,013,438 | ---- | M] () -- C:\windows\hpbins01.dat
[2014/08/14 15:19:45 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/08/14 11:19:20 | 000,001,069 | ---- | M] () -- C:\Users\Conrad Bowen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/08/14 11:19:05 | 000,001,069 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\Dropbox.lnk
[2014/08/14 11:07:08 | 000,018,432 | ---- | M] () -- C:\windows\SysNative\umstartup.etl
[2014/07/30 08:42:28 | 000,002,059 | ---- | M] () -- C:\Users\Conrad Bowen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/07/23 07:59:03 | 015,344,640 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\B+2013-12 (Portable).QBM
[2014/07/22 16:18:06 | 000,000,000 | -H-- | M] () -- C:\Users\Conrad Bowen\Documents\Default.rdp
[2014/07/16 06:32:24 | 000,000,385 | ---- | M] () -- C:\windows\SysNative\user_gensett.xml
[2014/07/15 16:23:40 | 000,074,512 | ---- | M] (BitDefender SRL) -- C:\windows\SysNative\bdsandboxuiskin32.dll
[2014/07/15 15:57:32 | 000,642,321 | ---- | M] () -- C:\ProgramData\1405460457.bdinstall.bin
[2014/07/15 15:54:22 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2014/07/15 15:54:22 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2014/07/15 15:54:22 | 000,000,684 | -H-- | M] () -- C:\bdr-cf01
[2014/07/15 15:53:45 | 000,002,137 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
[2014/07/15 15:53:43 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/07/15 15:37:06 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2014/07/14 15:23:07 | 000,001,085 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/04 17:49:36 | 049,563,064 | -H-- | M] () -- C:\bdr-im01.gz
[2014/06/30 15:09:33 | 003,797,424 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\GoogleData-all-BU14-6-30.csv
[2014/06/30 15:07:37 | 003,427,104 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\GoogleData-MyContacts-BU14-6-30.csv
[2014/06/20 16:25:12 | 003,804,060 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\GoogleData-all-BU14-6-20.csv
[2014/06/08 20:24:48 | 000,083,448 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\ExportTest.bcm
[2014/05/25 00:14:07 | 000,001,062 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\cc_20140525_001339.reg
[2014/05/18 11:04:44 | 000,238,125 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\FollowTheProphet.pdf
[2014/05/14 06:10:49 | 000,003,770 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\cc_20140514_061035.reg
[2014/05/12 16:25:37 | 000,001,283 | ---- | M] () -- C:\Users\Public\Desktop\HP LaserJet Pro MFP M127-M128 – Help & Learn Center.lnk
[2014/05/12 16:23:29 | 000,000,196 | ---- | M] () -- C:\windows\SysNative\AddPort.ini
[2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/04/29 14:08:38 | 015,300,608 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\B+2013-12 (QuickBooks2011 Acct Transfer Apr 29,2014  02 07 PM).QBX
[2014/04/01 12:23:13 | 000,000,090 | ---- | M] () -- C:\windows\QBChanUtil_Trigger.ini
[2014/03/31 20:48:02 | 003,491,563 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\Blake.jpg
[2014/03/31 20:47:48 | 000,297,744 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\LOGO2.jpeg
[2014/03/31 20:45:50 | 000,545,682 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\LOGO1.jpeg
[2014/03/26 09:46:48 | 000,059,032 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\cc_20140326_094634.reg
[2014/03/10 20:09:04 | 000,013,264 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\ConradampPaula39sCards-YouTube_kaywa.me_Mt8bl.pdf
[2014/03/03 15:51:24 | 000,361,826 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\res_cma_report_78376.pdf
[2014/03/03 13:31:19 | 000,000,267 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\Legal Description for this Parcel.URL
[2014/03/01 20:43:30 | 000,589,770 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\IStandAll.pdf
[2014/02/27 20:25:45 | 000,065,320 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\cc_20140227_192533.reg
[2014/02/26 19:23:42 | 000,919,498 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/02/26 14:33:35 | 000,001,169 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\MP4 to MP3.lnk
[2014/02/22 11:49:39 | 000,004,012 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\cc_20140222_104917.reg
[2014/02/22 11:32:04 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/02/19 16:27:51 | 000,209,329 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\PriceChange-13-10-15.pdf
[2014/02/19 16:18:45 | 000,216,303 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\Bleiweiss-PriceChanges_page_001.png
[2014/02/17 18:46:07 | 000,560,314 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\Melinda-Ins.pdf
[2014/02/15 17:10:32 | 000,013,277 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\ConradampPaulaBowen12-Cardgiftpacks-YouTube_kaywa.me_115XH.pdf
[2014/02/15 17:05:51 | 000,013,280 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\ConradBowenDelivers500GiftCard-YouTube_kaywa.me_EKkM0.pdf
[2014/02/15 11:47:48 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini
[2014/02/05 20:02:24 | 000,003,654 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\cc_20140205_190209.reg
[2014/01/29 17:33:34 | 000,056,989 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\ArtistsCall_UConn.pdf
[2014/01/15 18:42:40 | 000,608,032 | ---- | M] (McAfee, Inc.) -- C:\SecurityScanner.dll
[2014/01/09 10:56:54 | 000,009,584 | ---- | M] () -- C:\windows\SysWow64\ractrlkeyhook.dll
[2014/01/03 15:35:42 | 000,000,990 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\cc_20140103_143526.reg
[2013/12/07 23:19:13 | 000,001,280 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\Clear Clip Board.lnk
[2013/12/05 14:46:33 | 000,000,355 | ---- | M] () -- C:\Users\Conrad Bowen\Homegroup - Shortcut.lnk
[2013/12/04 16:39:26 | 000,643,968 | ---- | M] () -- C:\Users\Conrad Bowen\Documents\LtCttnwd-Inside.pdf
[2013/11/27 11:46:20 | 000,271,360 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\Outlook backup.pst
[2013/11/27 00:54:34 | 000,000,720 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\Libraries - Shortcut.lnk
[2013/11/19 23:20:53 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/19 23:20:50 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/11/13 16:41:29 | 000,093,600 | ---- | M] (BitDefender LLC) -- C:\windows\SysNative\drivers\BdfNdisf6.sys
[2013/11/04 16:47:36 | 000,082,824 | ---- | M] (BitDefender SRL) -- C:\windows\SysNative\drivers\bdsandbox.sys
[2013/11/04 16:47:10 | 000,084,848 | ---- | M] (BitDefender SRL) -- C:\windows\SysNative\BDSandBoxUISkin.dll
[2013/11/04 16:47:08 | 000,074,512 | ---- | M] (BitDefender SRL) -- C:\windows\SysWow64\bdsandboxuiskin32.dll
[2013/11/04 16:46:57 | 000,034,384 | ---- | M] (BitDefender SRL) -- C:\windows\SysNative\BDSandBoxUH.dll
[2013/10/23 06:57:36 | 000,548,644 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\EquityLogo-Blue.tif
[2013/10/03 13:22:00 | 001,483,290 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\ExportFile-2.csv
[2013/10/01 15:18:18 | 001,483,258 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\ExportFile-1.csv
[2013/09/24 16:18:45 | 001,478,581 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\ExportFile.csv
[2013/09/24 15:55:04 | 040,012,147 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\ExportFile.bcm
[2013/09/19 22:45:56 | 000,000,017 | ---- | M] () -- C:\Users\Conrad Bowen\AppData\Local\resmon.resmoncfg
[2013/09/19 17:16:07 | 001,397,496 | ---- | M] () -- C:\Users\Conrad Bowen\Desktop\Vivian Bergenthal Art of Play.jpg
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/09/10 13:13:25 | 013,727,048 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\winzip121.exe
[2014/09/10 13:13:24 | 001,397,496 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\Vivian Bergenthal Art of Play.jpg
[2014/09/10 13:13:24 | 000,361,826 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\res_cma_report_78376.pdf
[2014/09/10 13:13:24 | 000,209,329 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\PriceChange-13-10-15.pdf
[2014/09/10 13:13:24 | 000,000,927 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\Windows Mobile Device Center.lnk
[2014/09/10 13:13:23 | 000,560,314 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\Melinda-Ins.pdf
[2014/09/10 13:13:23 | 000,297,744 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\LOGO2.jpeg
[2014/09/10 13:13:23 | 000,271,360 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\Outlook backup.pst
[2014/09/10 13:13:23 | 000,016,329 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\michael kindon sig.PNG
[2014/09/10 13:13:23 | 000,015,941 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\Michael Kingdon.PNG
[2014/09/10 13:13:23 | 000,002,272 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\norton.PNG
[2014/09/10 13:13:23 | 000,001,169 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\MP4 to MP3.lnk
[2014/09/10 13:13:23 | 000,001,085 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/10 13:13:22 | 000,589,770 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\IStandAll.pdf
[2014/09/10 13:13:22 | 000,545,682 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\LOGO1.jpeg
[2014/09/10 13:13:22 | 000,000,720 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\Libraries - Shortcut.lnk
[2014/09/10 13:13:22 | 000,000,267 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\Legal Description for this Parcel.URL
[2014/09/10 13:13:21 | 003,427,104 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\GoogleData-MyContacts-BU14-6-30.csv
[2014/09/10 13:13:19 | 003,797,424 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\GoogleData-all-BU14-6-30.csv
[2014/09/10 13:13:17 | 003,804,060 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\GoogleData-all-BU14-6-20.csv
[2014/09/10 13:13:15 | 000,001,719 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\Google Drive.lnk
[2014/09/10 13:13:13 | 000,238,125 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\FollowTheProphet.pdf
[2014/09/10 13:13:11 | 001,478,581 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\ExportFile.csv
[2014/09/10 13:13:11 | 000,083,448 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\ExportTest.bcm
[2014/09/10 13:13:04 | 040,012,147 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\ExportFile.bcm
[2014/09/10 13:13:03 | 001,483,290 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\ExportFile-2.csv
[2014/09/10 13:13:02 | 001,483,258 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\ExportFile-1.csv
[2014/09/10 13:13:02 | 000,548,644 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\EquityLogo-Blue.tif
[2014/09/10 13:13:01 | 000,013,280 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\ConradBowenDelivers500GiftCard-YouTube_kaywa.me_EKkM0.pdf
[2014/09/10 13:13:01 | 000,013,277 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\ConradampPaulaBowen12-Cardgiftpacks-YouTube_kaywa.me_115XH.pdf
[2014/09/10 13:13:01 | 000,013,264 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\ConradampPaula39sCards-YouTube_kaywa.me_Mt8bl.pdf
[2014/09/10 13:13:01 | 000,003,654 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\cc_20140205_190209.reg
[2014/09/10 13:13:01 | 000,001,280 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\Clear Clip Board.lnk
[2014/09/10 13:13:01 | 000,001,069 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\Dropbox.lnk
[2014/09/10 13:13:01 | 000,000,990 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\cc_20140103_143526.reg
[2014/09/10 13:13:00 | 000,216,303 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\Bleiweiss-PriceChanges_page_001.png
[2014/09/10 13:13:00 | 000,053,619 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\Carlson - Pre-qualification-5.pdf
[2014/09/10 13:12:59 | 003,491,563 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\Blake.jpg
[2014/09/10 13:12:58 | 000,056,989 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\ArtistsCall_UConn.pdf
[2014/08/19 17:13:34 | 000,000,103 | ---- | C] () -- C:\windows\SysWow64\hptrace.ini
[2014/08/19 17:13:26 | 000,013,438 | ---- | C] () -- C:\windows\hpbins01.dat.temp
[2014/08/19 17:13:26 | 000,001,380 | ---- | C] () -- C:\windows\hpbmdl01.dat.temp
[2014/08/19 17:12:08 | 000,013,438 | ---- | C] () -- C:\windows\hpbins01.dat
[2014/08/19 17:11:55 | 000,038,421 | ---- | C] () -- C:\windows\hplj3380.his
[2014/08/19 17:11:55 | 000,003,778 | ---- | C] () -- C:\windows\hplj3380.ini
[2014/08/13 12:09:07 | 000,000,409 | ---- | C] () -- C:\windows\SysNative\checkdnsid.xml
[2014/07/31 11:51:42 | 000,000,000 | ---- | C] () -- C:\Users\Conrad Bowen\Documents\HPLJM127_128_Fax_Port
[2014/07/23 07:58:48 | 015,344,640 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\B+2013-12 (Portable).QBM
[2014/07/22 16:18:06 | 000,000,000 | -H-- | C] () -- C:\Users\Conrad Bowen\Documents\Default.rdp
[2014/07/16 06:32:24 | 000,000,385 | ---- | C] () -- C:\windows\SysNative\user_gensett.xml
[2014/07/15 15:57:31 | 000,642,321 | ---- | C] () -- C:\ProgramData\1405460457.bdinstall.bin
[2014/07/15 15:54:22 | 000,000,684 | -H-- | C] () -- C:\bdr-cf01
[2014/07/15 15:53:45 | 000,002,137 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
[2014/07/15 15:53:43 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/07/15 15:50:36 | 003,271,472 | -H-- | C] () -- C:\bdr-bz01
[2014/07/15 15:50:36 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2014/07/15 15:50:35 | 049,563,064 | -H-- | C] () -- C:\bdr-im01.gz
[2014/07/15 15:50:34 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2014/06/05 20:20:34 | 000,001,069 | ---- | C] () -- C:\Users\Conrad Bowen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/25 10:17:10 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/05/25 00:13:44 | 000,001,062 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\cc_20140525_001339.reg
[2014/05/14 06:10:41 | 000,003,770 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\cc_20140514_061035.reg
[2014/05/12 16:25:37 | 000,001,283 | ---- | C] () -- C:\Users\Public\Desktop\HP LaserJet Pro MFP M127-M128 – Help & Learn Center.lnk
[2014/05/12 16:23:29 | 000,000,196 | ---- | C] () -- C:\windows\SysNative\AddPort.ini
[2014/05/12 15:51:04 | 000,409,600 | ---- | C] () -- C:\windows\SysWow64\hpcc3140.DLL
[2014/04/29 14:08:31 | 015,300,608 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\B+2013-12 (QuickBooks2011 Acct Transfer Apr 29,2014  02 07 PM).QBX
[2014/03/27 19:33:08 | 000,271,360 | ---- | C] () -- C:\Users\Conrad Bowen\Documents\Outlook backup.pst
[2014/03/26 09:46:42 | 000,059,032 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\cc_20140326_094634.reg
[2014/02/27 20:25:40 | 000,065,320 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\cc_20140227_192533.reg
[2014/02/27 15:05:30 | 000,000,604 | ---- | C] () -- C:\windows\tasks\G2MUpdateTask-S-1-5-21-4154370108-1394326414-2424723564-1000.job
[2014/02/22 11:49:35 | 000,004,012 | ---- | C] () -- C:\Users\Conrad Bowen\Desktop\cc_20140222_104917.reg
[2014/02/10 23:00:45 | 000,002,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS.lnk
[2014/02/10 23:00:45 | 000,002,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS.lnk
[2014/01/09 10:56:54 | 000,009,584 | ---- | C] () -- C:\windows\SysWow64\ractrlkeyhook.dll
[2013/12/05 14:46:33 | 000,000,355 | ---- | C] () -- C:\Users\Conrad Bowen\Homegroup - Shortcut.lnk
[2013/12/04 15:54:52 | 000,643,968 | ---- | C] () -- C:\Users\Conrad Bowen\Documents\LtCttnwd-Inside.pdf
[2013/11/19 23:20:53 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/19 23:20:50 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/10/03 14:58:24 | 000,007,549 | ---- | C] () -- C:\windows\SysNative\dopdf7.ctm
[2013/10/01 16:30:10 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/09/19 22:45:56 | 000,000,017 | ---- | C] () -- C:\Users\Conrad Bowen\AppData\Local\resmon.resmoncfg
[2013/06/18 12:37:06 | 000,000,355 | ---- | C] () -- C:\Users\Conrad Bowen\Computer - Shortcut.lnk
[2011/03/30 15:04:42 | 000,015,984 | ---- | C] () -- C:\Users\Conrad Bowen\AppData\Roaming\CCList.csv.19570434.xml
[2011/03/24 20:55:50 | 000,004,370 | ---- | C] () -- C:\Users\Conrad Bowen\AppData\Roaming\BrideListOriginalExpandedCSV.csv.47653859.xml
[2011/03/24 14:55:01 | 000,025,247 | ---- | C] () -- C:\Users\Conrad Bowen\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/03/23 18:32:18 | 000,000,286 | ---- | C] () -- C:\Users\Conrad Bowen\AppData\Roaming\Contact.35243964.xml
[2011/03/13 19:56:10 | 000,038,441 | ---- | C] () -- C:\Users\Conrad Bowen\AppData\Roaming\Comma Separated Values (DOS).ADR
[2011/03/01 21:36:14 | 000,002,239 | ---- | C] () -- C:\Users\Conrad Bowen\AppData\Roaming\BCMMappings.xml
[2010/09/23 11:54:30 | 000,008,428 | ---- | C] () -- C:\Users\Conrad Bowen\AppData\Roaming\UserTile.png
[2010/09/21 21:26:46 | 000,000,070 | ---- | C] () -- C:\Users\Conrad Bowen\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/07/15 16:12:15 | 000,000,000 | ---D | M] -- C:\Users\Conrad Bowen\AppData\Roaming\Bitdefender
[2014/09/10 13:06:13 | 000,000,000 | ---D | M] -- C:\Users\Conrad Bowen\AppData\Roaming\Dropbox
[2014/02/26 19:07:48 | 000,000,000 | ---D | M] -- C:\Users\Conrad Bowen\AppData\Roaming\Free Download Manager
[2014/06/10 16:08:44 | 000,000,000 | ---D | M] -- C:\Users\Conrad Bowen\AppData\Roaming\GoContactSyncMOD
[2011/08/27 13:09:27 | 000,000,000 | ---D | M] -- C:\Users\Conrad Bowen\AppData\Roaming\Nitro PDF
[2012/04/19 12:11:14 | 000,000,000 | ---D | M] -- C:\Users\Conrad Bowen\AppData\Roaming\PDF Pro 10
[2011/09/30 14:49:24 | 000,000,000 | ---D | M] -- C:\Users\Conrad Bowen\AppData\Roaming\PrimoPDF
[2014/07/15 15:40:57 | 000,000,000 | ---D | M] -- C:\Users\Conrad Bowen\AppData\Roaming\QuickScan
[2013/10/03 14:58:31 | 000,000,000 | ---D | M] -- C:\Users\Conrad Bowen\AppData\Roaming\Softland
[2012/12/06 17:22:00 | 000,000,000 | ---D | M] -- C:\Users\Conrad Bowen\AppData\Roaming\Template
[2011/05/16 08:41:50 | 000,000,000 | ---D | M] -- C:\Users\Conrad Bowen\AppData\Roaming\Toshiba
[2010/09/21 14:27:19 | 000,000,000 | ---D | M] -- C:\Users\Conrad Bowen\AppData\Roaming\WinBatch
[2010/11/16 20:02:44 | 000,000,000 | ---D | M] -- C:\Users\Conrad Bowen\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 23:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 07:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2014/04/11 20:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 23:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 22:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 07:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 06:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 07:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 05:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2014/04/11 20:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 07:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 07:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2014/04/11 20:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 07:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 07:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 06:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 07:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 07:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 06:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 07:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 07:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 07:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 07:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 07:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 07:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 07:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 07:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 06:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2014/05/14 10:23:46 | 002,477,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 07:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 07:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is TI105847W0F
 Volume Serial Number is 7C0E-931B
 Directory of C:\
07/13/2009  11:08 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/13/2009  11:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  11:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  11:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  11:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  11:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  11:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/13/2009  11:08 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/13/2009  11:08 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/13/2009  11:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  11:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  11:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  11:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  11:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  11:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Conrad Bowen
09/21/2010  02:26 PM    <JUNCTION>     Application Data [C:\Users\Conrad Bowen\AppData\Roaming]
09/21/2010  02:26 PM    <JUNCTION>     Cookies [C:\Users\Conrad Bowen\AppData\Roaming\Microsoft\Windows\Cookies]
09/21/2010  02:26 PM    <JUNCTION>     Local Settings [C:\Users\Conrad Bowen\AppData\Local]
09/21/2010  02:26 PM    <JUNCTION>     My Documents [C:\Users\Conrad Bowen\Documents]
09/21/2010  02:26 PM    <JUNCTION>     NetHood [C:\Users\Conrad Bowen\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/21/2010  02:26 PM    <JUNCTION>     PrintHood [C:\Users\Conrad Bowen\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/21/2010  02:26 PM    <JUNCTION>     Recent [C:\Users\Conrad Bowen\AppData\Roaming\Microsoft\Windows\Recent]
09/21/2010  02:26 PM    <JUNCTION>     SendTo [C:\Users\Conrad Bowen\AppData\Roaming\Microsoft\Windows\SendTo]
09/21/2010  02:26 PM    <JUNCTION>     Start Menu [C:\Users\Conrad Bowen\AppData\Roaming\Microsoft\Windows\Start Menu]
09/21/2010  02:26 PM    <JUNCTION>     Templates [C:\Users\Conrad Bowen\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Conrad Bowen\AppData\Local
09/21/2010  02:26 PM    <JUNCTION>     Application Data [C:\Users\Conrad Bowen\AppData\Local]
09/21/2010  02:26 PM    <JUNCTION>     History [C:\Users\Conrad Bowen\AppData\Local\Microsoft\Windows\History]
09/21/2010  02:26 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Conrad Bowen\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Conrad Bowen\Documents
09/21/2010  02:26 PM    <JUNCTION>     My Music [C:\Users\Conrad Bowen\Music]
09/21/2010  02:26 PM    <JUNCTION>     My Pictures [C:\Users\Conrad Bowen\Pictures]
09/21/2010  02:26 PM    <JUNCTION>     My Videos [C:\Users\Conrad Bowen\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/13/2009  11:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009  11:08 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009  11:08 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/13/2009  11:08 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/13/2009  11:08 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009  11:08 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009  11:08 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009  11:08 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009  11:08 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009  11:08 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/13/2009  11:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/13/2009  11:08 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009  11:08 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/13/2009  11:08 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/13/2009  11:08 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/13/2009  11:08 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/13/2009  11:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/13/2009  11:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/13/2009  11:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              50 Dir(s)  149,559,476,224 bytes free
 
< MD5 for: EXPLORER.EXE  >
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: RPCSS.DLL  >
[2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\windows\SysNative\rpcss.dll
[2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
 
< MD5 for: SERVICES  >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2014/05/08 07:48:48 | 000,560,495 | ---- | M] () MD5=12A7DDA9C7CA1AAA2C6F36BB1E24528B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
 
< MD5 for: SERVICES.CSS  >
[2005/06/29 14:48:58 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files (x86)\Intuit\QuickBooks 2011\Components\Services\services.css
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/03/04 05:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 03:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\windows\SysNative\winlogon.exe
[2014/03/04 03:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
 
< c:\windows\system32\*.dll /lockedfiles >
 
< c:\windows\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\*. /mp /s >

< End of report >
 

Extras:

 

OTL Extras logfile created on: 9/10/2014 1:50:41 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Conrad Bowen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 0.26 Gb Available Physical Memory | 14.08% Memory free
3.74 Gb Paging File | 1.03 Gb Available in Paging File | 27.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.47 Gb Total Space | 138.61 Gb Free Space | 62.30% Space Free | Partition Type: NTFS
 
Computer Name: CBSLAPTOP | User Name: Conrad Bowen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 360 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4154370108-1394326414-2424723564-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A773E3-A399-436E-BE99-4C76AE276CB9}" = rport=138 | protocol=17 | dir=out | app=system |
"{0C1A590D-D0B5-4D19-B2AE-D3C03D051CDF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1327DBA0-E6F9-4DB0-B47C-9F44B05804CB}" = rport=445 | protocol=6 | dir=out | app=system |
"{1CC367F6-C10A-4DD6-84AC-74C434D69DEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295AF235-8BCE-4085-BA72-E6C81E44C091}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{330C3A17-3934-4A2D-8135-A679BFCF7E28}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{34D217B7-AD0F-4772-B088-D7E8E3626A22}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A298309-D7CF-4BF8-A8BF-3112DE906947}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CFB893D-26A4-42A8-A850-C49079E4EB7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4119700C-1BCF-4F3C-B058-7AD1B242E75B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{452761D7-EE31-48E4-931D-F4546A6B7820}" = lport=2869 | protocol=6 | dir=in | app=system |
"{532B0F24-32E9-4EAE-92F4-DD7726654AF6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{54028550-E376-4022-A46B-EFB270A004A7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5E507DE9-685C-4421-87FE-3661424F6D47}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{606D71A8-B629-4581-BE58-4150164C045C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{62A4BA89-FC14-4C36-BFF5-C6625870269F}" = lport=138 | protocol=17 | dir=in | app=system |
"{7B7D3674-C70D-442E-B5B1-65E4EACA2938}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B9FB602-5F12-47B4-B65D-8876FC743C48}" = lport=2869 | protocol=6 | dir=in | app=system |
"{80EB5587-29A8-4B3D-B0A2-70E353F72648}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8477F0C0-0170-44B7-9B6C-901AD134827A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{867F19D5-E4E0-4D76-BA0D-9D63DD88BC6A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{97EF7C2F-7746-41B5-953C-B8133CFBCE26}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9A33213F-E95B-4F1F-B2D1-D0DBD08BB279}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{A043C063-44C0-4283-8DB2-7CB5A29CB952}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A5233232-A368-4180-9397-3A6ED25B0A11}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A92B15A7-7D9F-4674-A884-DB9F75C6944B}" = lport=445 | protocol=6 | dir=in | app=system |
"{AA2023F6-4646-4995-8782-2400345D9C15}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{AA606833-D6AB-4703-8CB8-8095A9EDED6A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFD89163-482A-4D2C-AF11-FC14C40031AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{B08AE8B6-FA19-4C89-8F1A-7BA551B4BD66}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B0E2ACC2-2004-40D6-9612-3A884B83E73D}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{BB354453-144F-43FD-A5F2-F45DE780FC43}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CA5E0ABC-D134-4764-8474-35E75C7909FA}" = lport=137 | protocol=17 | dir=in | app=system |
"{D179B4E2-6896-4650-A906-81F602C59988}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D242A148-A217-42B8-9A87-8F31EDFD521A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D38457C8-C3FE-4151-8DE7-8D41A333434D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E7C551D4-6880-464A-9814-37DE69531D8F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F5F30226-C059-45BF-8B2D-A580AC82E1AE}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9E41180-CF84-4C27-91E8-D567A6576834}" = lport=139 | protocol=6 | dir=in | app=system |
"{FBBD5DF0-96DB-4102-A94E-BDDC7F1E7C86}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00354A4D-F21C-4742-8796-15B6388D739D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0B062990-A6E9-4C74-B63D-A82F260D3264}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0F32C2F0-6871-4010-A678-A6B76717ED63}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{19F247F8-7751-4292-99E4-3796C4C764A4}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1BC21DDB-191D-4980-BF4D-108BA4CA1B99}" = dir=in | app=c:\program files (x86)\hp\hp laserjet pro mfp m127-m128\bin\hpnetworkcommunicatorcom.exe |
"{28E9285D-BA28-4484-B0BE-CE572818FCC0}" = protocol=58 | dir=in | [email protected],-28545 |
"{3837C2AD-113B-4B6F-B1BD-3AE225D966EE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46896F6C-E6B7-4A3B-B111-59A3ED1014CB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{564356E0-BAF1-4599-A297-2B2FB573ED3D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{581C5857-AC9C-4628-9003-921FC2A1CF1C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{61BD5ACD-C2D5-40DB-9173-19A80BE9A9E4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{671D608F-FD6F-4529-9455-184255F54A9B}" = protocol=6 | dir=in | app=c:\users\conrad bowen\appdata\roaming\dropbox\bin\dropbox.exe |
"{6A2BF287-5916-40FE-8D85-BBBBE6631A51}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{70D25843-F804-40A3-BB69-C4BD7DE60AC3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{764BA1CA-B5B4-4E8F-9D95-48CC1DC66666}" = protocol=6 | dir=in | app=c:\program files (x86)\hp\csiinstaller\3b050369-8d19-413d-9dec-84ff278472eb\installer\hpbcsiinstaller.exe |
"{76664BE4-29CF-4ABD-92E6-50B35C2EE603}" = protocol=17 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwida.exe |
"{770E74F4-DEDC-4CB4-8C38-4B25375FFAC3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BBDC01E-BFE8-47F5-A816-9039CF1E50B1}" = protocol=1 | dir=out | [email protected],-28544 |
"{7C3536C1-29E3-4AC6-BF56-3DF3C010BD71}" = protocol=17 | dir=in | app=c:\program files (x86)\hp\csiinstaller\3b050369-8d19-413d-9dec-84ff278472eb\installer\hpbcsiinstaller.exe |
"{7D1625D2-5554-4FCE-A69E-C16E08CFB0BC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8150641C-AF23-40AE-9952-B1F17A2AE4E5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{863C7FF8-3415-4AD3-BF58-B46CAD66B4C9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{87573E5E-4A5C-4C87-AAE6-8ED33FDA0F60}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8B7D5C5F-ECBF-4503-BD64-AC3F3732AF2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8BC9B67D-7D94-4439-BF4B-4B1958A3533B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{94CC9643-7C41-4AA2-A26F-292BC41E7EC3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9DC1D7FB-197F-445A-A60C-AFA58694549C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A074D917-3EBC-4D58-954A-7A554D7F7F2F}" = protocol=58 | dir=out | [email protected],-28546 |
"{A2637A57-F18D-4CB9-8C4F-A98E1157C9CA}" = protocol=6 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwida.exe |
"{A4B04BDC-658E-43E7-8538-E355570DC512}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A9070BBD-7EDC-4109-A82A-C11F4C6002BC}" = dir=in | app=c:\program files\hp\hp laserjet pro mfp m127-m128\bin\hpnetworkcommunicatorcom.exe |
"{B289ECE7-235E-4196-A366-B2EA55501C17}" = dir=in | app=c:\program files\hp\hp laserjet pro mfp m127-m128\bin\sendafax.exe |
"{B73A4B5D-EE08-445D-91DC-D27CD4131FA5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BA81DB7B-AD5A-4DB3-8740-B89FEA83A903}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA8AFDC5-0752-4421-9A5E-09E2541E0DF2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BC927C32-5918-4809-991B-3A217DFE1FE3}" = protocol=1 | dir=in | [email protected],-28543 |
"{CF22C2A8-33A7-4868-90F2-B695CE1AE5DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7C82CEC-3946-4A7D-A161-0FE90EAB3407}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA35E6D0-922A-4619-85F9-AC9CF23FEA49}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DAD16D3C-299A-40B5-982B-DF8728C9C175}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD0A19E9-D513-47CB-A35C-777C7AC5137E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDAB3094-79A5-42AB-A709-CE710D51E138}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DF008CB5-9EDC-4B5B-BE8D-E8576E1FD9C2}" = protocol=6 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwism.exe |
"{DF0B9268-73CB-4721-8C2D-4FD00B179500}" = dir=in | app=c:\program files (x86)\hp\hp laserjet pro mfp m127-m128\bin\faxapplications.exe |
"{E8CEAA6E-0223-449D-BEC8-7A405E2AE1C6}" = protocol=17 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwism.exe |
"{E8DD5518-41FA-432A-A4EA-02034471D64C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{EC8C0B0B-8C3F-4DE7-AD34-18CB1FF1B71F}" = dir=in | app=c:\program files\hp\hp laserjet pro mfp m127-m128\bin\faxprinterutility.exe |
"{F0BDBDC7-8701-415C-88F8-893266EA5429}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F22A3F70-3DB2-43A0-9AA8-2398E6A82F51}" = protocol=6 | dir=out | app=system |
"{F2393239-7721-4E7C-97A2-9497D03477A3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F650CC98-7C14-4AC4-94C1-EE59199528D3}" = protocol=17 | dir=in | app=c:\users\conrad bowen\appdata\roaming\dropbox\bin\dropbox.exe |
"{F9AF25AE-8B10-4868-88DD-36E78C81F110}" = dir=in | app=c:\program files (x86)\hp\hp laserjet pro mfp m127-m128\bin\ewsproxy.exe |
"{FC53A5A9-61B2-4E51-AFEE-D5025D2AFF68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FEA4F643-6C10-4315-A35F-5596A70CAF4D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{B81F409E-CB76-4C17-AA9B-AE8F63A7A63F}C:\users\conrad bowen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\conrad bowen\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4572DAD1-CE6E-4AE5-B1A1-6FCF2C576BD0}C:\users\conrad bowen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\conrad bowen\appdata\roaming\dropbox\bin\dropbox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{30994599-9734-455F-B51D-7E5E987AFA2A}_is1" = Dynamic Auto-Painter x64 PRO version 3.0.2
"{30E20E5D-5E4E-4874-A35A-952DB3582C29}" = HP Unified IO
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{65072E52-F51B-4280-9DA6-EA5F1EE72C3A}" = HP LaserJet Pro MFP M127-M128 Fax Driver
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C5835004-643A-4EB6-A280-706F9F62F985}" = HP LaserJet Pro MFP M127-M128 Fax
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FD868C71-6CCF-42E2-B90D-0504AB0036FE}" = 64 Bit HP CIO Components Installer
"Bitdefender" = Bitdefender Total Security 2015
"CCleaner" = CCleaner
"doPDF 7 printer_is1" = doPDF 7.3 printer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16CA4BD4-27ED-4DA0-9190-48F69D8AAC25}" = Google Apps Migration For Microsoft Outlook® 3.0.19.44
"{178F0383-A2F1-427C-9881-6EACB8728C76}" = hppLaserJetService
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D5B189-DBDD-4E57-A84B-58C7700E9BB0}" = hppM125LaserJetService
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2C886751-51BD-4A8C-B33A-B4C513AB5B9A}" = HPLJUTM127_128
"{2E92FFC5-4082-40BF-9CA7-0E5D16C811CE}" = Google Apps Sync™ for Microsoft Outlook® 3.5.370.990
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F518061-89DB-4AF0-9A7A-2BF73B60E6F0}" = HP LJ M127128 Scan HP Scan
"{30DD7187-F392-4D83-8AED-D9A2DC64EF15}" = HPLJUTCore
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3b050369-8d19-413d-9dec-84ff278472eb}" = HP LaserJet Pro MFP M127-M128
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}" = HPLJDXPHelper
"{612631AC-0D84-4116-9D8A-D2D63467B7BF}" = HP LaserJet Pro MFP M127-M128 HP Device Toolbox
"{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}" = hpbDSService
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{6470E292-3B55-41DC-B5EB-91C34C5ACB5D}" = hpStatusAlerts
"{66392B7C-C522-450D-97B7-B3E41E170C3B}" = imagePROGRAF Status Monitor
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92374A19-CD4A-498F-92CB-26473EF31FB3}" = hpStatusAlertsM127-M128
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC (x86) WinSXS MSM
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A484CDF7-6B53-4191-95D8-17C6259A965B}" = HP Product FWUpdater
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AC7E7905-8C59-4806-A96D-30936A2B1FC5}" = Citrix Online Launcher
"{B1CB7E99-4685-45CB-867E-2FB58EDA0A39}" = HP Unified IO
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B5409C23-DE0C-4B48-8C8A-50AE38694955}" = HPLJProMFPM127M128
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C403A67A-2C78-478C-A88A-BB27FC90B13F}" = Canon iPF8000 Print Plug-In for Photoshop CS5 x64
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C6640705-7479-4EE5-BC86-879F05F65E74}" = Google Drive
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD23CAA4-8872-4B95-B263-EA46FD82CF19}" = LaserAIO
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}" = LJDXPHelperUI
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF292659-1504-4F78-A737-471E50D8E0A1}" = HPDXP
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F08687B3-BB9A-4CBC-AE6B-BDF4B642E7BA}" = hpbM128DSService
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FAE97B40-E8E2-4B52-9A9E-219C3CCC0107}" = HP LaserJet Pro MFP M127-M128 Fax
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = PDF Pro 10
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hp LaserJet-all-in-one" = hp LaserJet-all-in-one
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROR" = Microsoft Office Professional 2007
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4154370108-1394326414-2424723564-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 6.4.0.1555
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/4/2014 6:00:07 PM | Computer Name = CBsLaptop | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 9/4/2014 6:00:07 PM | Computer Name = CBsLaptop | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 9/4/2014 6:00:07 PM | Computer Name = CBsLaptop | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 9/5/2014 3:42:06 PM | Computer Name = CBsLaptop | Source = MsiInstaller | ID = 1024
Description =
 
Error - 9/8/2014 11:00:39 AM | Computer Name = CBsLaptop | Source = MsiInstaller | ID = 1024
Description =
 
Error - 9/8/2014 5:35:44 PM | Computer Name = CBsLaptop | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time
 stamp: 0x4f35fc1d  Faulting module name: hpzjcd01.dll, version: 8.2.16.0, time stamp:
 0x515df290  Exception code: 0xc0000005  Fault offset: 0x0000000000019f9b  Faulting process
 id: 0x670  Faulting application start time: 0x01cfcb7552e56d0b  Faulting application
 path: C:\windows\System32\spoolsv.exe  Faulting module path: C:\windows\System32\hpzjcd01.dll
Report
 Id: 15f8fd01-37a0-11e4-9669-00266c5a3206
 
Error - 9/8/2014 6:00:02 PM | Computer Name = CBsLaptop | Source = Windows Backup | ID = 4103
Description =
 
Error - 9/9/2014 11:43:57 AM | Computer Name = CBsLaptop | Source = MsiInstaller | ID = 1024
Description =
 
Error - 9/10/2014 2:00:36 AM | Computer Name = CBsLaptop | Source = MsiInstaller | ID = 1024
Description =
 
Error - 9/10/2014 3:06:26 PM | Computer Name = CBsLaptop | Source = MsiInstaller | ID = 1024
Description =
 
[ OSession Events ]
Error - 5/15/2012 7:17:35 AM | Computer Name = CBsLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 59
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/9/2012 10:09:05 PM | Computer Name = CBsLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 153
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 9/21/2012 10:20:24 PM | Computer Name = CBsLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13794
 seconds with 2340 seconds of active time.  This session ended with a crash.
 
Error - 11/15/2012 12:37:47 AM | Computer Name = CBsLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1316
 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error - 1/24/2013 7:04:22 PM | Computer Name = CBsLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 5/9/2013 6:42:11 PM | Computer Name = CBsLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 8/10/2013 1:13:54 AM | Computer Name = CBsLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 55787
 seconds with 5940 seconds of active time.  This session ended with a crash.
 
Error - 9/20/2013 7:12:04 PM | Computer Name = CBsLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14538
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 11/19/2013 5:31:13 PM | Computer Name = CBsLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14797
 seconds with 4320 seconds of active time.  This session ended with a crash.
 
Error - 12/12/2013 1:13:52 PM | Computer Name = CBsLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 8/30/2014 10:59:01 PM | Computer Name = CBsLaptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the VSSERV service.
 
Error - 9/5/2014 12:17:29 AM | Computer Name = CBsLaptop | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
 a preshutdown control.
 
Error - 9/5/2014 12:18:01 AM | Computer Name = CBsLaptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the VSSERV service.
 
Error - 9/5/2014 3:13:56 PM | Computer Name = CBsLaptop | Source = Service Control Manager | ID = 7022
Description = The Bitdefender Virus Shield service hung on starting.
 
Error - 9/8/2014 10:57:57 AM | Computer Name = CBsLaptop | Source = Service Control Manager | ID = 7022
Description = The Bitdefender Virus Shield service hung on starting.
 
Error - 9/8/2014 5:36:15 PM | Computer Name = CBsLaptop | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 9/9/2014 11:32:49 AM | Computer Name = CBsLaptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the VSSERV service.
 
Error - 9/9/2014 10:46:46 PM | Computer Name = CBsLaptop | Source = Service Control Manager | ID = 7034
Description = The HP LaserJet Service service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 9/10/2014 2:03:04 AM | Computer Name = CBsLaptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the VSSERV service.
 
Error - 9/10/2014 3:04:13 PM | Computer Name = CBsLaptop | Source = Service Control Manager | ID = 7022
Description = The Bitdefender Virus Shield service hung on starting.
 
 
< End of report >
 

The computer is really slow turning on now.