Thanks Ron (RKInner)
for taking the time to help my roommate and I out. Have a good conference. Just a quick question. Every time I run the OTL tool I check off the "Use Company-Name White List" and "Skip Microsoft Files" and "LOP Check" and "Purity Check" just as those were checked in the picture in the post to read before starting a thread. So I hope I'm doing the OTL thing right. Let me know if I've totally screwed up. And if I did I'm sorry. I should have made sure before I did anything. I fear I must have made a big mistake by checking those off. And maybe that's why the computer is running slow or the OTL program stalled a bit during the scans. Maybe I'm just over thinking it. Man, did I totally mess up on the OTL tool by checking those off.
OK! I'm going to do the drivers thing. I hope I do it right.
Anyways, here's my OTL and Extras log.
===== Start OTL Log =============
OTL logfile created on: 11/15/2013 10:20:09 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\USFRIENDS\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.87 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 71.49% Memory free
7.92 Gb Paging File | 6.84 Gb Available in Paging File | 86.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.00 Gb Total Space | 242.95 Gb Free Space | 41.53% Space Free | Partition Type: NTFS
Drive D: | 11.17 Gb Total Space | 1.06 Gb Free Space | 9.45% Space Free | Partition Type: NTFS
Computer Name: USFRIENDS | User Name: USFRIENDS | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Users\USFRIENDS\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Modules (No Company Name) ========== MOD - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll ()
MOD - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll ()
========== Services (SafeList) ========== SRV:
64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe (McAfee, Inc.)
SRV:
64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:
64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:
64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:
64bit: - (WDBtnMgrSvc.exe) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
SRV:
64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:
64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV - (TunnelBearMaintenance) -- C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ScsiAccess) -- C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe ()
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (OnlineBackupSchedulerService) -- C:\Program Files (x86)\Charter\Cloud Drive™ Backup\Scheduler\OnlineBackup.SchedulerService.exe ()
SRV - (FilesystemWatcher) -- C:\Program Files (x86)\Charter\Cloud Drive™ Backup\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe (DigiData Corp.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database_106545b\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database_106545b\bin\fbserver.exe (MAGIX®)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies)
========== Driver Services (SafeList) ========== DRV:
64bit: - (tap0901) -- C:\Windows\SysNative\DRIVERS\tap0901.sys (The OpenVPN Project)
DRV:
64bit: - (ssudmdm) -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:
64bit: - (dg_ssudbus) -- C:\Windows\SysNative\DRIVERS\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:
64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:
64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation)
DRV:
64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:
64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:
64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:
64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys (VSO Software)
DRV:
64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:
64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:
64bit: - (PID_PEPI) -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS (Logitech Inc.)
DRV:
64bit: - (CAXHWBS2) -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys (Conexant Systems, Inc.)
DRV:
64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:
64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys (Conexant Systems, Inc.)
DRV:
64bit: - (WDC_SAM) -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys (Western Digital Technologies)
DRV:
64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:
64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:
64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation)
DRV:
64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:
64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:
64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (pfc) -- C:\WINDOWS\SysWOW64\drivers\pfc.sys (Padus, Inc.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...avilion&pf=cndtIE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...avilion&pf=cndtIE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:
64bit: - HKLM\..\SearchScopes\{031F2291-4C2D-4B94-B441-F70122E51373}: "URL" =
http://www.ask.com/w...}&l=dis&o=ushpdIE:
64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7IE:
64bit: - HKLM\..\SearchScopes\{FDC7CCF6-4EAA-4816-8F74-10707DC90A1E}: "URL" =
http://search.yahoo....ing}&fr=hp-pvdtIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comIE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{031F2291-4C2D-4B94-B441-F70122E51373}: "URL" =
http://www.ask.com/w...}&l=dis&o=ushpdIE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7IE - HKLM\..\SearchScopes\{FDC7CCF6-4EAA-4816-8F74-10707DC90A1E}: "URL" =
http://search.yahoo....ing}&fr=hp-pvdt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.msn.com/?...OIE9MSE&PC=UP09IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRCIE - HKCU\..\SearchScopes\{5E88C510-ACA5-4072-9289-0BCA9CE39E99}: "URL" =
http://search.yahoo....p={SearchTerms}IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7IE - HKCU\..\SearchScopes\{D66B0304-EF29-42F9-8C9B-23FB2CC89595}: "URL" =
http://www.google.co...&rlz=1I7GPEA_enIE - HKCU\..\SearchScopes\{FDC7CCF6-4EAA-4816-8F74-10707DC90A1E}: "URL" =
http://search.yahoo....ing}&fr=hp-pvdtIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;127.0.0.1:9421;<local>;*.local
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "
http://www.bing.com/"FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: clickclean%40hotcleaner.com:4.1
FF - prefs.js..extensions.enabledAddons: secureLogin%40blueimp.net:1.0.3
FF - prefs.js..extensions.enabledAddons: %7Bce7e73df-6a44-4028-8079-5927a588c948%7D:1.1.2
FF - prefs.js..extensions.enabledAddons: %7BFCE04E1F-9378-4f39-96F6-5689A9159E45%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B4cc4a13b-94a6-7568-370d-5f9de54a9c7f%7D:2.4
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.14
FF - prefs.js..extensions.enabledAddons: %7Bd37dc5d0-431d-44e5-8c91-49419370caa1%7D:3.3.26
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - user.js - File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/11/12 17:33:31 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin: C:\Program Files (x86)\Skyhook Wireless\Loki Browser Plugin\versions\3.1.0.05\nploki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\USFRIENDS\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\USFRIENDS\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\USFRIENDS\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\USFRIENDS\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files (x86)\Webshots\3.1.5.7617\Firefox [2011/02/13 14:05:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/08 08:23:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/08 08:23:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/15 21:23:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/05 19:10:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Users\USFRIENDS\AppData\Roaming\Move Networks [2009/11/17 19:21:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/15 21:23:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/05 19:10:45 | 000,000,000 | ---D | M]
[2012/07/04 11:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Extensions
[2009/09/13 23:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Extensions\
[email protected][2009/11/15 18:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Extensions\
[email protected][2013/11/15 06:18:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions
[2013/06/01 08:59:05 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013/10/21 05:17:29 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013/08/27 16:31:11 | 000,000,000 | ---D | M] (Empty Cache Button) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
[2013/11/15 06:18:25 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2013/06/01 10:31:50 | 000,000,000 | ---D | M] (Click&Clean) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\
[email protected][2013/06/08 10:33:14 | 000,012,140 | ---- | M] () (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\
[email protected][2013/08/30 05:54:43 | 000,355,782 | ---- | M] () (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\
[email protected][2013/06/01 10:39:39 | 000,083,379 | ---- | M] () (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\
[email protected][2013/08/14 17:41:59 | 000,049,720 | ---- | M] () (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\
[email protected][2013/06/07 19:15:30 | 000,073,612 | ---- | M] () (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
[2013/10/09 18:11:30 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/09 00:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/05 19:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/05 19:11:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/08 08:23:13 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2007/12/17 09:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npkimi.dll
[2013/06/08 08:22:11 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
http://google.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\google\chrome\application\22.0.1229.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Imikimi.com Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npkimi.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
CHR - plugin: Loki Plugin (Enabled) = C:\Program Files (x86)\Skyhook Wireless\Loki Browser Plugin\versions\3.1.0.05\nploki.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\USFRIENDS\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\USFRIENDS\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Keeper Web App = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnglfciifmgnafcgkkngkeopldlialb\7.2_0\
CHR - Extension: HootSuite Hootlet = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\4.0.10_0\
CHR - Extension: YouTube = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\10.0_0\
CHR - Extension: Google Calendar = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Click&Clean = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\
CHR - Extension: Pinterest = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0\
CHR - Extension: JavaScript Popup Blocker = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol\1.2.4_0\
CHR - Extension: Cloud Reader = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\
CHR - Extension: Forecastfox = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\
CHR - Extension: Secure Gmail by Streak = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jngdnjdobadbdemillgljnnbpomnfokn\1.4_0\
CHR - Extension: Shareaholic for Pinterest = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc\2.0.2_0\
CHR - Extension: Google Mail Multi-Account Checker = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpnehokodklgijkcakcfmccgpanipfp\2.0.24_0\
CHR - Extension: Google Wallet = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Pin Search | Image Search on Pinterest = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\okiaciimfpgbpdhnfdllhdkicpmdoakm\1.0.14_0\
CHR - Extension: Click&Clean App = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\
CHR - Extension: Gmail = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013/02/09 18:29:56 | 000,580,592 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 15615 more lines...
O2:
64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:
64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:
64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:
64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:
64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:
64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4:
64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:
64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:
64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:
64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:
64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Online Backup Auto Update] C:\Program Files (x86)\Charter\Cloud Drive™ Backup\Auto Update\OnlineBackup.UpdateSystemTray.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Vault Explorer Cache Watcher] C:\Program Files (x86)\Charter\Cloud Drive™ Backup\vewatch.exe (DigiData Corp.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[S0].txt ()
O4 - Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk = C:\Users\USFRIENDS\AppData\Local\Apps\2.0\GY2P6X9A.C64\ZGR7DZ6N.C95\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
O4 - Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Charter Cloud Drive™ Backup.lnk = C:\WINDOWS\SysWOW64\schtasks.exe (Microsoft Corporation)
O4 - Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\USFRIENDS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Utility Application.lnk = C:\Users\USFRIENDS\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronics Co. Ltd.)
O4 - Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files (x86)\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7}
http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DACA66BD-C660-440D-9EFB-D8274ED0C9E3}: DhcpNameServer = 192.168.0.1
O18:
64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:
64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:
64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\USFRIENDS\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\USFRIENDS\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0e07bc14-470d-11e1-b66f-001fc6e8a92f}\Shell - "" = AutoRun
O33 - MountPoints2\{0e07bc14-470d-11e1-b66f-001fc6e8a92f}\Shell\AutoRun\command - "" = K:\setup.exe -a
O33 - MountPoints2\{274c3a63-444f-11e2-922d-001fc6e8a92f}\Shell - "" = AutoRun
O33 - MountPoints2\{274c3a63-444f-11e2-922d-001fc6e8a92f}\Shell\AutoRun\command - "" = K:\VZW_Software_upgrade_assistant_installer.exe
O33 - MountPoints2\{33aa1b69-2639-11e0-acca-001fc6e8a92f}\Shell - "" = AutoRun
O33 - MountPoints2\{33aa1b69-2639-11e0-acca-001fc6e8a92f}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{4f3e1418-31cc-11e0-b7e4-001fc6e8a92f}\Shell - "" = AutoRun
O33 - MountPoints2\{4f3e1418-31cc-11e0-b7e4-001fc6e8a92f}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{8e423621-ceb4-11de-bc95-001fc6e8a92f}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe
O33 - MountPoints2\{b6f71f0b-7bfc-11e0-b1b9-001fc6e8a92f}\Shell - "" = AutoRun
O33 - MountPoints2\{b6f71f0b-7bfc-11e0-b1b9-001fc6e8a92f}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{cea2e9a4-ae17-11de-823e-001fc6e8a92f}\Shell\AutoRun\command - "" = J:\slacker.synclauncher.exe
O33 - MountPoints2\{cea2e9a4-ae17-11de-823e-001fc6e8a92f}\Shell\slacker\command - "" = J:\slacker.synclauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^Users^USFRIENDS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\USFRIENDS\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^USFRIENDS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk - C:\Program Files (x86)\Webshots\3.1.5.7617\Launcher.exe - (Webshots.com)
MsConfig:64bit - StartUpReg:
7C50DB8299355D1DEB14345803194DF0AEF2E6A0._service_run - hkey= - key= - File not found
MsConfig:64bit - StartUpReg:
Akamai NetSession Interface - hkey= - key= - C:\Users\USFRIENDS\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
MsConfig:64bit - StartUpReg:
Logitech Vid - hkey= - key= - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg:
LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig:64bit - StartUpReg:
Memeo AutoSync - hkey= - key= - C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
MsConfig:64bit - StartUpReg:
QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg:
Spotify Web Helper - hkey= - key= - C:\Users\USFRIENDS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
MsConfig:64bit - StartUpReg:
swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - StartUpReg:
TkBellExe - hkey= - key= - c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg:
TomTomHOME.exe - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
SafeBootMin:
64bit: AppMgmt - Service
SafeBootMin:
64bit: Base - Driver Group
SafeBootMin:
64bit: Boot Bus Extender - Driver Group
SafeBootMin:
64bit: Boot file system - Driver Group
SafeBootMin:
64bit: File system - Driver Group
SafeBootMin:
64bit: Filter - Driver Group
SafeBootMin:
64bit: HelpSvc - Service
SafeBootMin:
64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:
64bit: PCI Configuration - Driver Group
SafeBootMin:
64bit: PNP Filter - Driver Group
SafeBootMin:
64bit: Primary disk - Driver Group
SafeBootMin:
64bit: sacsvr - Service
SafeBootMin:
64bit: SCSI Class - Driver Group
SafeBootMin:
64bit: System Bus Extender - Driver Group
SafeBootMin:
64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:
64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:
64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:
64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:
64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:
64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:
64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:
64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:
64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:
64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:
64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:
64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:
64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:
64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:
64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:
64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:
64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:
64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:
64bit: AppMgmt - Service
SafeBootNet:
64bit: Base - Driver Group
SafeBootNet:
64bit: Boot Bus Extender - Driver Group
SafeBootNet:
64bit: Boot file system - Driver Group
SafeBootNet:
64bit: File system - Driver Group
SafeBootNet:
64bit: Filter - Driver Group
SafeBootNet:
64bit: HelpSvc - Service
SafeBootNet:
64bit: Messenger - Service
SafeBootNet:
64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:
64bit: NDIS Wrapper - Driver Group
SafeBootNet:
64bit: NetBIOSGroup - Driver Group
SafeBootNet:
64bit: NetDDEGroup - Driver Group
SafeBootNet:
64bit: Network - Driver Group
SafeBootNet:
64bit: NetworkProvider - Driver Group
SafeBootNet:
64bit: PCI Configuration - Driver Group
SafeBootNet:
64bit: PNP Filter - Driver Group
SafeBootNet:
64bit: PNP_TDI - Driver Group
SafeBootNet:
64bit: Primary disk - Driver Group
SafeBootNet:
64bit: rdsessmgr - Service
SafeBootNet:
64bit: sacsvr - Service
SafeBootNet:
64bit: SCSI Class - Driver Group
SafeBootNet:
64bit: Streams Drivers - Driver Group
SafeBootNet:
64bit: System Bus Extender - Driver Group
SafeBootNet:
64bit: TDI - Driver Group
SafeBootNet:
64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:
64bit: WudfUsbccidDriver - Driver
SafeBootNet:
64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:
64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:
64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:
64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:
64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:
64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:
64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:
64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:
64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:
64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:
64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:
64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:
64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:
64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:
64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:
64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:
64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:
64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:
64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:
64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:
64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:
64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:
64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:
64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:
64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:
64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:
64bit: {3CE02F38-C912-44CF-B02E-60F7964E61FF} - BingPack
ActiveX:
64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:
64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:
64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:
64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:
64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:
64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:
64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:
64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:
64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:
64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:
64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:
64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:
64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:
64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:
64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:
64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:
64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:
64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:
64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:
64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:
64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:
64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:
64bit: >{3c717892-e1cd-470f-a19d-a40c88fb113f} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FDB7C09A-0D14-F9A6-3B48-241F930C482F} - Microsoft Windows Media Player
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
Drivers32:
64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:
64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivXNetworks, Inc.)
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
========== Files/Folders - Created Within 30 Days ========== [2013/11/15 21:53:44 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/15 21:45:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/15 21:19:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/15 13:20:38 | 001,957,794 | ---- | C] (Farbar) -- C:\Users\USFRIENDS\Desktop\FRST64.exe
[2013/11/15 13:18:49 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\USFRIENDS\Desktop\JRT.exe
[2013/11/14 11:22:25 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/14 11:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/14 11:21:13 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\USFRIENDS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/14 10:34:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\USFRIENDS\Desktop\OTL (1).exe
[2013/11/10 12:25:20 | 000,000,000 | ---D | C] -- C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TunnelBear
[2013/11/09 00:02:24 | 000,000,000 | ---D | C] -- C:\Users\USFRIENDS\AppData\Roaming\Oracle
[2013/11/09 00:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/08 23:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/05 19:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/18 18:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/10/18 18:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2009/07/17 16:02:21 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\USFRIENDS\AppData\Roaming\pcouffin.sys
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013/11/15 21:44:54 | 000,711,020 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/15 21:44:54 | 000,608,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/15 21:44:54 | 000,105,680 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/15 21:30:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/15 13:20:52 | 001,957,794 | ---- | M] (Farbar) -- C:\Users\USFRIENDS\Desktop\FRST64.exe
[2013/11/15 13:18:55 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\USFRIENDS\Desktop\JRT.exe
[2013/11/15 13:16:39 | 001,085,542 | ---- | M] () -- C:\Users\USFRIENDS\Desktop\AdwCleaner.exe
[2013/11/15 02:05:42 | 000,001,356 | ---- | M] () -- C:\Users\USFRIENDS\AppData\Local\d3d9caps.dat
[2013/11/15 00:54:53 | 000,216,064 | ---- | M] () -- C:\Users\USFRIENDS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/14 19:39:54 | 000,502,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/14 11:22:26 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/14 11:19:38 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\USFRIENDS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/14 10:33:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USFRIENDS\Desktop\OTL (1).exe
[2013/11/14 09:59:14 | 000,002,908 | ---- | M] () -- C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk
[2013/11/14 09:23:21 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/14 09:23:21 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/14 09:22:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/10 12:25:21 | 000,001,752 | ---- | M] () -- C:\Users\USFRIENDS\Desktop\TunnelBear.lnk
[2013/11/08 23:19:35 | 000,000,955 | ---- | M] () -- C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/11/07 02:45:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/30 17:17:18 | 000,000,973 | ---- | M] () -- C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
[2013/10/28 08:40:15 | 000,154,935 | ---- | M] () -- C:\Users\USFRIENDS\Desktop\Survey Form_v4.pdf
[2013/10/18 18:51:14 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/10/18 18:51:14 | 000,001,875 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/10/17 09:54:15 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files Created - No Company Name ========== [2013/11/15 13:16:28 | 001,085,542 | ---- | C] () -- C:\Users\USFRIENDS\Desktop\AdwCleaner.exe
[2013/11/14 11:22:26 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/10 12:25:21 | 000,001,752 | ---- | C] () -- C:\Users\USFRIENDS\Desktop\TunnelBear.lnk
[2013/10/28 08:40:19 | 000,154,935 | ---- | C] () -- C:\Users\USFRIENDS\Desktop\Survey Form_v4.pdf
[2013/02/09 11:00:37 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/12/19 17:39:20 | 000,359,029 | ---- | C] () -- C:\Users\USFRIENDS\.TransferManager.db
[2012/03/01 19:42:32 | 000,000,375 | ---- | C] () -- C:\Users\USFRIENDS\Documents - Shortcut.lnk
[2011/03/05 22:30:43 | 000,001,356 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Local\d3d9caps.dat
[2011/01/09 10:02:36 | 000,216,064 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/03 21:54:56 | 000,152,772 | ---- | C] () -- C:\Users\USFRIENDS\hosts.zip
[2010/06/11 08:53:09 | 000,024,226 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Roaming\UserTile.png
[2009/07/17 16:02:21 | 000,099,384 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Roaming\inst.exe
[2009/07/17 16:02:21 | 000,007,859 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Roaming\pcouffin.cat
[2009/07/17 16:02:21 | 000,001,167 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Roaming\pcouffin.inf
[2009/07/11 16:06:46 | 000,000,358 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Roaming\wklnhst.dat
[2009/06/25 05:38:28 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ========== [2006/11/02 07:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 09:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/10 23:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 18:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ========== [2011/02/11 15:45:17 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Alex Inc
[2011/03/27 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Amazon
[2009/07/07 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Blackberry Desktop
[2012/05/12 23:24:09 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Canon
[2009/11/04 19:08:23 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\DassaultSystemes
[2011/06/24 21:54:21 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\DigiData
[2013/11/14 09:59:40 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Dropbox
[2011/10/01 10:12:17 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\EasyMP3Downloader
[2009/08/17 01:18:12 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\FileZilla
[2012/06/16 09:59:41 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\FVD Suite
[2009/09/13 23:29:43 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Greyfirst
[2013/02/15 16:08:03 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\KeeperData
[2010/12/25 10:00:11 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Leadertech
[2010/08/07 09:01:12 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\MAGIX
[2010/01/24 11:18:52 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Memeo
[2012/07/03 23:56:48 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\MusicNet
[2010/08/06 15:15:11 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Netscape
[2012/12/18 06:14:47 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\ooVoo Details
[2011/10/28 19:55:20 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Opera
[2013/11/09 00:02:24 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Oracle
[2011/04/13 16:44:46 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\OverDrive
[2010/08/06 20:12:49 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Photodex
[2010/09/16 17:50:16 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Research In Motion
[2010/01/24 08:17:21 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Smilebox(198)
[2013/10/30 13:32:20 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Spotify
[2009/07/11 16:06:49 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Template
[2009/11/15 18:45:21 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\TomTom
[2009/07/17 18:58:27 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Vso
[2011/01/16 19:44:42 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\WD
[2011/02/13 14:09:52 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Webshots
[2010/03/24 19:50:04 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\YouSendIt
========== Purity Check ========== ========== Custom Scans ========== ========== Drive Information ========== Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD64 00AAKS-65A7B SCSI Disk Device
Partitions: 2
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic USB SD Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic USB CF Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic USB SM Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic USB MS Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 585.00GB
Starting Offset: 32256
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 11.00GB
Starting Offset: 628139957760
Hidden sectors: 0
< %SYSTEMDRIVE%\*.exe >[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
< %systemroot%\assembly\GAC_32\*.ini > < %systemroot%\assembly\GAC_64\*.ini > < %SYSTEMDRIVE%\*.exe >[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
< %ALLUSERSPROFILE%\Application Data\*.exe > < %APPDATA%\*. >[2011/12/24 21:07:06 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Adobe
[2011/02/11 15:45:17 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Alex Inc
[2011/03/27 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Amazon
[2013/06/04 16:17:40 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Apple Computer
[2009/07/07 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Blackberry Desktop
[2012/05/12 23:24:09 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Canon
[2013/06/02 11:01:19 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\CyberLink
[2009/11/04 19:08:23 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\DassaultSystemes
[2011/06/24 21:54:21 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\DigiData
[2009/09/07 15:58:00 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\DivX
[2010/07/31 13:10:21 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Download Manager
[2013/11/14 09:59:40 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Dropbox
[2011/10/01 10:12:17 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\EasyMP3Downloader
[2009/08/17 01:18:12 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\FileZilla
[2012/06/16 09:59:41 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\FVD Suite
[2012/09/21 18:25:16 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Google
[2009/09/13 23:29:43 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Greyfirst
[2009/06/24 17:59:41 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Hewlett-Packard
[2009/06/24 17:51:38 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\HP TCS
[2009/06/24 17:58:29 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Identities
[2012/11/23 08:45:44 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\InstallShield
[2013/02/15 16:08:03 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\KeeperData
[2010/12/25 10:00:11 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Leadertech
[2009/07/31 02:03:41 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Macromedia
[2010/08/07 09:01:12 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\MAGIX
[2011/02/23 16:40:42 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Malwarebytes
[2006/11/02 07:07:25 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Media Center Programs
[2010/01/24 11:18:52 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Memeo
[2012/12/14 23:52:36 | 000,000,000 | --SD | M] -- C:\Users\USFRIENDS\AppData\Roaming\Microsoft
[2009/11/17 19:21:33 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Move Networks
[2013/11/10 00:32:10 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla
[2012/07/03 23:56:48 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\MusicNet
[2010/08/06 15:15:11 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Netscape
[2012/12/18 06:14:47 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\ooVoo Details
[2011/10/28 19:55:20 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Opera
[2013/11/09 00:02:24 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Oracle
[2011/04/13 16:44:46 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\OverDrive
[2010/08/06 20:12:49 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Photodex
[2013/06/09 09:56:18 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Real
[2013/06/08 08:25:07 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\RealNetworks
[2010/09/16 17:50:16 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Research In Motion
[2009/09/21 19:51:37 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Roxio
[2012/06/17 18:39:24 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Skype
[2011/06/06 15:09:37 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\skypePM
[2010/01/24 08:17:21 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Smilebox(198)
[2013/10/30 13:32:20 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Spotify
[2009/06/24 17:59:09 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Symantec
[2009/07/11 16:06:49 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Template
[2009/11/15 18:45:21 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\TomTom
[2013/04/11 03:51:30 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Verizon
[2013/04/11 03:47:49 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Verizon_AR
[2009/07/17 18:58:27 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Vso
[2011/01/16 19:44:42 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\WD
[2011/02/13 14:09:52 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Webshots
[2009/06/25 18:35:10 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Yahoo!
[2010/03/24 19:50:04 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\YouSendIt
< MD5 for: ATAPI.SYS >[2008/01/20 18:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/10 23:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/10 23:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
< MD5 for: CSRSS.EXE >[2008/01/20 18:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\SysNative\csrss.exe
[2008/01/20 18:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_b5027f5b9c731f82\csrss.exe
< MD5 for: EXPLORER.EXE >[2008/10/28 22:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/28 22:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 19:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/10 23:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\WINDOWS\explorer.exe
[2009/04/10 23:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 18:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/28 22:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\SysWOW64\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/29 21:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 18:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 18:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 18:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
< MD5 for: MSWSOCK.DLL >[2008/01/20 18:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\WINDOWS\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/10 22:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\WINDOWS\SysWOW64\mswsock.dll
[2009/04/10 22:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 18:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/10 23:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SysNative\mswsock.dll
[2009/04/10 23:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll
< MD5 for: NAPINSP.DLL >[2008/01/20 18:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\SysNative\NapiNSP.dll
[2008/01/20 18:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_083bdc4c478e57f6\NapiNSP.dll
[2008/01/20 18:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\WINDOWS\SysWOW64\NapiNSP.dll
[2008/01/20 18:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\WINDOWS\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll
< MD5 for: NLAAPI.DLL >[2008/01/20 18:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\SysNative\nlaapi.dll
[2008/01/20 18:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_c3a4914ac347b69b\nlaapi.dll
[2008/01/20 18:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\WINDOWS\SysWOW64\nlaapi.dll
[2008/01/20 18:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_cdf93b9cf7a87896\nlaapi.dll
< MD5 for: PNRPNSP.DLL >[2008/01/20 18:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\WINDOWS\SysWOW64\pnrpnsp.dll
[2008/01/20 18:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_d7f25b890f32c83a\pnrpnsp.dll
[2008/01/20 18:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\SysNative\pnrpnsp.dll
[2008/01/20 18:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_cd9db136dad2063f\pnrpnsp.dll
< MD5 for: SERVICES.EXE >[2008/01/20 18:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/10 23:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
[2009/04/10 23:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/10 22:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\SysWOW64\services.exe
[2009/04/10 22:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 18:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
< MD5 for: SVCHOST.EXE >[2008/01/20 18:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\SysWOW64\svchost.exe
[2008/01/20 18:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 18:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 18:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\WINDOWS\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe
< MD5 for: USER32.DLL >[2008/01/20 18:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\WINDOWS\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008/01/20 18:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009/04/10 22:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\WINDOWS\SysWOW64\user32.dll
[2009/04/10 22:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009/04/10 23:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SysNative\user32.dll
[2009/04/10 23:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\WINDOWS\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
< MD5 for: USERINIT.EXE >[2008/01/20 18:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\SysWOW64\userinit.exe
[2008/01/20 18:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 18:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 18:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/04/10 23:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/10 23:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 18:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\SysWOW64\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 18:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WINRNR.DLL >[2008/01/20 18:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\SysNative\winrnr.dll
[2008/01/20 18:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_b56cee730873a8a0\winrnr.dll
[2008/01/20 18:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_b758677f059573ec\winrnr.dll
[2009/04/10 22:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\WINDOWS\SysWOW64\winrnr.dll
[2009/04/10 22:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\WINDOWS\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 01:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\WINDOWS\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_594e52ef5016376a\winrnr.dll
< MD5 for: WSHELPER.DLL >[2006/11/02 01:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\WINDOWS\SysWOW64\wshelper.dll
[2006/11/02 01:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_6af84843e4192e9a\wshelper.dll
[2006/11/02 03:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\SysNative\wshelper.dll
[2006/11/02 03:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\wshelper.dll
< dir C:\ /S /A:L /C > Volume in drive C is HP
Volume Serial Number is 0A01-AEC1
Directory of C:\
06/24/2009 05:45 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
06/24/2009 05:45 PM <JUNCTION> Application Data [C:\ProgramData]
06/24/2009 05:45 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
06/24/2009 05:45 PM <JUNCTION> Documents [C:\Users\Public\Documents]
06/24/2009 05:45 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
06/24/2009 05:45 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
06/24/2009 05:45 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
06/24/2009 05:45 PM <SYMLINKD> All Users [C:\ProgramData]
06/24/2009 05:45 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
06/24/2009 05:45 PM <JUNCTION> Application Data [C:\ProgramData]
06/24/2009 05:45 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
06/24/2009 05:45 PM <JUNCTION> Documents [C:\Users\Public\Documents]
06/24/2009 05:45 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
06/24/2009 05:45 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
06/24/2009 05:45 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\USFRIENDS
06/24/2009 05:48 PM <JUNCTION> Application Data [C:\Users\USFRIENDS\AppData\Roaming]
06/24/2009 05:48 PM <JUNCTION> Cookies [C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Cookies]
06/24/2009 05:48 PM <JUNCTION> Local Settings [C:\Users\USFRIENDS\AppData\Local]
06/24/2009 05:48 PM <JUNCTION> My Documents [C:\Users\USFRIENDS\Documents]
06/24/2009 05:48 PM <JUNCTION> NetHood [C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/24/2009 05:48 PM <JUNCTION> PrintHood [C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/24/2009 05:48 PM <JUNCTION> Recent [C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Recent]
06/24/2009 05:48 PM <JUNCTION> SendTo [C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\SendTo]
06/24/2009 05:48 PM <JUNCTION> Start Menu [C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu]
06/24/2009 05:48 PM <JUNCTION> Templates [C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\USFRIENDS\AppData\Local
06/24/2009 05:48 PM <JUNCTION> Application Data [C:\Users\USFRIENDS\AppData\Local]
06/24/2009 05:48 PM <JUNCTION> History [C:\Users\USFRIENDS\AppData\Local\Microsoft\Windows\History]
06/24/2009 05:48 PM <JUNCTION> Temporary Internet Files [C:\Users\USFRIENDS\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\USFRIENDS\AppData\LocalLow
06/11/2011 06:46 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\USFRIENDS\Documents
06/24/2009 05:48 PM <JUNCTION> My Music [C:\Users\USFRIENDS\Music]
06/24/2009 05:48 PM <JUNCTION> My Pictures [C:\Users\USFRIENDS\Pictures]
06/24/2009 05:48 PM <JUNCTION> My Videos [C:\Users\USFRIENDS\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
06/24/2009 05:45 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
06/24/2009 05:45 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
06/24/2009 05:45 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
06/24/2009 05:45 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
06/24/2009 05:45 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/24/2009 05:45 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/24/2009 05:45 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
06/24/2009 05:45 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
06/24/2009 05:45 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
06/24/2009 05:45 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
06/24/2009 05:45 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
06/24/2009 05:45 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
06/24/2009 05:45 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
06/24/2009 05:45 PM <JUNCTION> My Music [C:\Users\Default\Music]
06/24/2009 05:45 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
06/24/2009 05:45 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
06/24/2009 05:45 PM <JUNCTION> My Music [C:\Users\Public\Music]
06/24/2009 05:45 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
06/24/2009 05:45 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\WINDOWS\System32\config\systemprofile
06/30/2009 02:52 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06/30/2009 02:52 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
06/30/2009 02:52 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
06/30/2009 02:52 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
06/30/2009 02:52 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/30/2009 02:52 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/30/2009 02:52 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
06/30/2009 02:52 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
06/30/2009 02:52 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
06/30/2009 02:52 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\WINDOWS\System32\config\systemprofile\AppData\Local
06/30/2009 02:52 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
06/30/2009 02:52 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
06/30/2009 02:52 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\WINDOWS\System32\config\systemprofile\Documents
06/30/2009 02:52 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
06/30/2009 02:52 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
06/30/2009 02:52 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\WINDOWS\SysWOW64\config\systemprofile
06/30/2009 02:52 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06/30/2009 02:52 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
06/30/2009 02:52 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
06/30/2009 02:52 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
06/30/2009 02:52 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/30/2009 02:52 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/30/2009 02:52 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
06/30/2009 02:52 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
06/30/2009 02:52 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
06/30/2009 02:52 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local
06/30/2009 02:52 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
06/30/2009 02:52 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
06/30/2009 02:52 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\WINDOWS\SysWOW64\config\systemprofile\Documents
06/30/2009 02:52 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
06/30/2009 02:52 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
06/30/2009 02:52 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
83 Dir(s) 260,868,083,712 bytes free
< C:\Windows\assembly\tmp\U\*.* /s >[2006/11/02 07:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 07:42:03 | 000,032,568 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/26 15:38:34 | 000,000,438 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E73B303C-948D-4079-81F1-CF26613284D5}.job
[2009/08/14 18:07:00 | 000,000,880 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job
[2009/08/14 18:16:06 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/08/14 18:16:06 | 000,000,898 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/06/15 22:50:19 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/06/25 04:45:17 | 000,000,617 | ---- | C] () -- C:\Windows\Tasks\OnlineBackupManager.job
[2013/10/09 14:29:13 | 000,000,864 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3694992828-362353423-1709206159-1000Core1cec53efb70193c.job
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Celtx\uninstall\helper.exe" /HideShortcuts [2009/06/12 08:14:34 | 000,495,872 | ---- | M] (celtx.com)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Celtx\uninstall\helper.exe" /ShowShortcuts [2009/06/12 08:14:34 | 000,495,872 | ---- | M] (celtx.com)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Celtx\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/06/12 08:14:34 | 000,495,872 | ---- | M] (celtx.com)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\shell\open\command\\: C:\Program Files (x86)\Celtx\celtx.exe [2009/06/12 08:14:30 | 008,530,944 | ---- | M] (Greyfirst Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Celtx\celtx.exe" -preferences [2009/06/12 08:14:30 | 008,530,944 | ---- | M] (Greyfirst Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Celtx\celtx.exe" -safe-mode [2009/06/12 08:14:30 | 008,530,944 | ---- | M] (Greyfirst Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/11/05 19:10:55 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/11/05 19:10:55 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/11/05 19:10:55 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2013/11/05 19:11:46 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/11/05 19:11:46 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/11/05 19:11:46 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/08 16:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/08 16:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/08 16:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/10/08 16:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/04/20 18:32:47 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/04/20 18:32:47 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/04/20 18:32:47 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2013/09/22 02:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013/09/22 02:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ShowIconsCommand [2013/04/18 14:14:58 | 000,879,456 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /HideIconsCommand [2013/04/18 14:14:58 | 000,879,456 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ReInstallBrowser [2013/04/18 14:14:58 | 000,879,456 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files (x86)\Opera\Opera.exe" [2013/04/18 14:14:58 | 000,879,456 | ---- | M] (Opera Software)
< hklm\software\clients\startmenuinternet|command /64 /rs >64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/20 18:32:35 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/20 18:32:35 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/20 18:32:35 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/09/22 02:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2013/09/22 02:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.dll /lockedfiles >[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles > < %ProgramFiles%\WINDOWS NT\*.* /s >[2010/06/28 06:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2006/11/02 07:14:04 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/04/10 22:28:24 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
[2006/09/19 03:43:31 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/02/18 10:39:57 | 001,272,752 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/02/18 10:39:57 | 000,980,032 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/02/18 10:39:58 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/02/18 10:39:58 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/02/18 10:40:01 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2006/09/19 03:43:34 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/04/10 22:23:33 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui
< %systemroot%\system32\drivers\*.sys /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:73BDADA8
< End of report >
====== End OTL Log =======================
And here's the Extras Log.
========= Start Extras Log ==============
OTL Extras logfile created on: 11/15/2013 10:20:09 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\USFRIENDS\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.87 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 71.49% Memory free
7.92 Gb Paging File | 6.84 Gb Available in Paging File | 86.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.00 Gb Total Space | 242.95 Gb Free Space | 41.53% Space Free | Partition Type: NTFS
Drive D: | 11.17 Gb Total Space | 1.06 Gb Free Space | 9.45% Space Free | Partition Type: NTFS
Computer Name: USFRIENDS | User Name: USFRIENDS | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- Reg Error: Value error.
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- Reg Error: Value error.
jsfile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = BB 29 5E D0 49 02 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3694992828-362353423-1709206159-1000]
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05005C90-21B2-409F-B940-ADD0149E79F7}" = lport=445 | protocol=6 | dir=in | app=system |
"{05C688B3-A0C6-43D9-AA41-29A71A807A86}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{12374741-18F8-409F-9AFF-C862CAADE707}" = rport=139 | protocol=6 | dir=out | app=system |
"{3E8211E2-1E7C-4273-95C7-8C95D0040E50}" = lport=137 | protocol=17 | dir=in | app=system |
"{57156452-FD87-481E-8F1B-F8FD1E2E5DA5}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{5D2275FC-CAE7-439F-8D31-A58ECE23BD65}" = rport=138 | protocol=17 | dir=out | app=system |
"{6A3C4D63-AFA8-4B65-8AEE-513C100BB4A9}" = rport=137 | protocol=17 | dir=out | app=system |
"{8023CF17-5B9F-4A64-A612-35B34F886932}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |
"{96A7A1EE-3BED-42EC-956C-98B081D273FF}" = lport=138 | protocol=17 | dir=in | app=system |
"{AAAAB55E-599C-4B79-B08C-A8A682CA14F8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B695C325-4B6D-470B-A3D3-8AF7C2C6DD91}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{C0900122-EEE0-4502-A840-91B66C061083}" = lport=139 | protocol=6 | dir=in | app=system |
"{DC60DD8D-5A6B-4F9B-A64F-D2C20079A79A}" = rport=445 | protocol=6 | dir=out | app=system |
"{EFE0670A-90D0-4961-A005-57DBBBEC60FA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F6D9C295-0435-49C0-BC26-9B5867CAD470}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F8FAE70B-BBC7-498C-AF34-4AC40D37CD45}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053512C8-4561-4B00-B491-7D5284BF213B}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{0CEBF583-FBA0-417C-8331-161EBC3178F9}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{0D40D9F5-39D9-410B-8B81-64AE51943E9B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0F17A6A0-C429-415B-B252-CFD9A7F04DC0}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{0F37BE25-30CC-4648-951E-098EC93808FF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1AB77C48-8839-4903-8564-821DE8DD8EA9}" = protocol=17 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\dropbox\bin\dropbox.exe |
"{1AF08051-77FD-4148-9695-78440B8EA893}" = protocol=6 | dir=in | app=c:\program files (x86)\photodex\proshowgold\proshow.exe |
"{20AACDAF-D0E8-4E64-A256-786927DE6992}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{271F677C-11F6-45E6-A2D5-49940C099FBF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{2CAFD8DE-3639-4F5F-90AF-3636A90735FE}" = protocol=17 | dir=in | app=c:\users\USFRIENDS\appdata\local\akamai\netsession_win.exe |
"{369DB9AB-E4E7-401B-8493-A0BD5D8A1F6C}" = protocol=6 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\spotify\spotify.exe |
"{4C0C21F2-E21D-4588-B4EE-623AA356A36E}" = protocol=6 | dir=in | app=c:\users\USFRIENDS\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4C9D31D1-8828-4301-BA70-71A0A5ECE7B2}" = protocol=6 | dir=in | app=c:\users\USFRIENDS\appdata\local\akamai\netsession_win.exe |
"{4DD88A18-FF94-4A7A-BAA0-9D2BD6543356}" = protocol=17 | dir=in | app=c:\program files (x86)\tunnelbear\tbear.exe |
"{56201DD9-2673-465C-8F85-B866825D8F5E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{568D98F1-90BB-41C8-BD71-043DBA7156D0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5DE04733-31F8-4136-8D8E-C64B8EE0F0AB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{66B81860-7E1C-431F-8B78-2A65574BE23C}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{70FE101C-648C-441C-9469-100B76AA0C3B}" = protocol=1 | dir=out |
[email protected],-28544 |
"{75DE5D6B-2612-47CF-978A-59C604D5B2F5}" = protocol=58 | dir=out |
[email protected],-28546 |
"{807413D6-3205-4055-8A69-4BF9D540E077}" = protocol=1 | dir=in |
[email protected],-28543 |
"{83CCEFA7-2255-4D3A-A3ED-460873F352FC}" = protocol=17 | dir=in | app=c:\users\USFRIENDS\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{8A42D2CD-68EC-48A0-A7DA-F98405E017EC}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{8DEA4618-ED3C-433B-ACD3-47F0D3AF3EFC}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{942A2B96-236A-4403-8831-B693DE953B82}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{9D4C68DC-ACFD-4EB0-8F11-D83BB78A0BCA}" = protocol=6 | dir=in | app=c:\users\USFRIENDS\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9EF41C35-43CC-44F8-B8CF-1D55F9015790}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{A37D20F0-D702-42D2-AD22-E37734423AC0}" = protocol=58 | dir=in |
[email protected],-28545 |
"{A8B663B7-ABFE-471F-811E-66371FAB60E2}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{B36B7E82-AF15-4CC1-8F00-678F2793FC32}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BF7149E1-70D7-4277-AAD1-E392B87F4CE8}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{C4C58146-1BF0-4AB6-AA91-7139BC873580}" = protocol=17 | dir=in | app=c:\program files (x86)\photodex\proshowgold\proshow.exe |
"{CACD24F6-7BFA-4D04-AF5F-014B31966461}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{D30F7EC1-AC5E-4887-A82E-3FB6E35C0643}" = protocol=17 | dir=in | app=c:\users\USFRIENDS\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{DE7F81FD-A81F-4C79-BA23-246C7575B174}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EAD73C45-8BBA-442D-AB54-1BF36F7FA91A}" = protocol=17 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\spotify\spotify.exe |
"{EBCF3DDA-243E-4D67-A872-5E95153391CC}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{F09A145A-4311-425F-82BB-7220F72A2C7C}" = protocol=6 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\dropbox\bin\dropbox.exe |
"{F1F3EC05-CB6F-4E24-B4E2-9CBE7B03584F}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{FEBB8766-8CAC-45F8-9F3B-032DABA0D984}" = protocol=6 | dir=in | app=c:\program files (x86)\tunnelbear\tbear.exe |
"TCP Query User{234B8EE9-7975-4DD4-BB4E-A8592D3536AC}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{52A5B5D3-53F5-47F9-9E75-AE85A5BF7E19}C:\program files (x86)\charter\cloud drive™ backup\syncnshare\onlinebackup.syncnshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\charter\cloud drive™ backup\syncnshare\onlinebackup.syncnshare.exe |
"TCP Query User{71813986-996F-4F5F-9097-8810EE6CCEDC}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{7F5A5BF7-4EB7-4AFC-96D6-694ED3E25D6A}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{A12B946C-0584-46A5-9973-E6C89F17ECA4}C:\users\USFRIENDS\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{E00519B6-9EF4-4689-A2E3-C667C95475A4}C:\users\USFRIENDS\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\spotify\spotify.exe |
"TCP Query User{E1421703-866C-4C9A-84C2-200E7F1CBA03}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"TCP Query User{E97500C7-5B10-4750-AA70-3D94DE3FD971}C:\users\USFRIENDS\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{F9574C27-7642-4FAB-B17D-9585ECA086FC}C:\users\USFRIENDS\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\USFRIENDS\appdata\local\akamai\netsession_win.exe |
"UDP Query User{17316C1F-6436-462F-BA16-C90CE5D8A33F}C:\users\USFRIENDS\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\spotify\spotify.exe |
"UDP Query User{385A4979-40B6-4C7B-831F-CA7776D19AFD}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"UDP Query User{534B27EA-164B-481E-B034-24D805977B20}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{543EDF4F-2CAF-47A5-BF91-A9FBD25577BC}C:\users\USFRIENDS\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{6F4B73CA-A521-4409-92C4-3D4EE2AA8815}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{7B812185-24EC-4848-B7A2-73C6861DA541}C:\users\USFRIENDS\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{ED2FE2ED-1166-49AF-93E9-11D9050BD0C2}C:\program files (x86)\charter\cloud drive™ backup\syncnshare\onlinebackup.syncnshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\charter\cloud drive™ backup\syncnshare\onlinebackup.syncnshare.exe |
"UDP Query User{F2F13BF0-19AF-4F0F-AD4F-D7FE594A73F9}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{FE8A3051-069E-409C-8312-98BAEE9FA7AF}C:\users\USFRIENDS\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\USFRIENDS\appdata\local\akamai\netsession_win.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4EF6A3C5-7B7A-453A-A887-7252A1A65596}" = WD Drive Manager (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7A7C7AFC-F624-4c95-9C03-9CC4FD70122A}" = Memeo AutoSync
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{A7D48BF6-8ED8-4B91-8267-34CDE7807D05}_is1" = HP Demo
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2857dbef-0b50-361c-8690-7d505747009f}" = Webshots Desktop
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C74D5C3-EBB9-408E-972F-B9802F13D5E4}" = 3DVIA Shape for Maps
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D674121-9735-4532-8A48-169A1B09EDFE}" = Charter Cloud Drive™ Backup
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6264BE71-3144-47BE-B029-B9701B35A0DD}" = Movie Converter v4
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A75BC59B-10BF-6B87-DCC7-3501F158ACC6}" = Times Reader
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D3D2A5FF-55C2-4A5A-BDAC-A502A66E6B8D}" = Verizon Wireless Software Utility Application for Android - Samsung
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{fba28920-8485-3586-980c-54c863eb45e6}" = Webshots Toolbar for Firefox
"{FD1408CA-47E3-45C8-B7CB-75AEB8F98DA1}" = Verizon Wireless Software Upgrade Assistant - Samsung(ar)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE6FA294-1A34-47D0-B72D-DA15446087AA}_is1" = Pocket version 1.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Akamai" = Akamai NetSession Interface Service
"AVI Codec Pack" = AVI Codec Pack
"Celtx (2.0.2)" = Celtx (2.0.2)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Fly DVD Copier_is1" = Fly DVD Copier Version 4.9
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"Google Calendar Sync" = Google Calendar Sync
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Keeper Password & Data Vault" = Keeper Password & Data Vault
"Logitech Vid" = Logitech Vid HD
"Loki Browser Plugin" = Loki Browser Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MIKSOFT Mobile 3GP converter_is1" = MIKSOFT Mobile 3GP converter
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.15.1748" = Opera 12.15
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Photodex Presenter" = Photodex Presenter
"PROPLUS" = Microsoft Office Professional Plus 2007
"ProShow Gold" = ProShow Gold
"ProShow MediaSource - Family Memories" = ProShow MediaSource - Family Memories
"ProShow Producer" = ProShow Producer
"RealPlayer 16.0" = RealPlayer
"SpiceFX for Movie Maker" = SpiceFX for Movie Maker
"TunnelBear" = TunnelBear 2.1.1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WM Capture" = WM Capture
"WM Recorder" = WM Recorder
"WM_Splitter_1.6.906" = WM Splitter 1.6.906
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"23ab716f18849b6f" = Amazon Cloud Drive
"Akamai" = Akamai NetSession Interface
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"GoogleToolBar" = GoogleToolBar
"MapQuest Toolbar" = MapQuest Toolbar
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Spotify" = Spotify
"WM Capture" = WM Capture
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 11/16/2013 2:15:47 AM | Computer Name = USFRIENDS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_CryptSvc, version 6.0.6001.18000,
time stamp 0x47919291, faulting module ntdll.dll, version 6.0.6002.18881, time
stamp 0x51da3d16, exception code 0xc0000006, fault offset 0x000000000001a1d4, process
id 0x6d0, application start time 0x01cee2900ddc6fc6.
Error - 11/16/2013 2:15:47 AM | Computer Name = USFRIENDS | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Host Process for Windows Services
because of this error. Program: Host Process for Windows Services File: C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT
The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000015 Disk
type: 3
[ System Events ]
Error - 11/16/2013 6:11:47 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.
Error - 11/16/2013 6:11:49 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.
Error - 11/16/2013 6:11:57 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.
Error - 11/16/2013 6:12:05 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.
Error - 11/16/2013 6:12:13 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.
Error - 11/16/2013 6:12:21 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.
Error - 11/16/2013 6:12:29 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.
Error - 11/16/2013 6:12:37 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.
Error - 11/16/2013 6:12:45 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.
Error - 11/16/2013 6:12:53 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.
< End of report >
================= End Extras Log ======
I'll attempt to do the drivers thing. Thanks Ron again!