Malware/adware repeatedly spawns new sessions of IE until computer cra

As the attached OTL log shows this malware spawns new sessions of IE continuously. Trend Micro intercepts them as it recognizes the URLs as being suspicious so IE doesn't actually open a window but the spawned IE sessions once started continue running and eventually the computer crashes as it runs out of all 8GBs of RAM. I have scanned the computer with Malwarebytes, Trend Micro Office, House Call, AVAST, ADWcleaner, and HijackThis as well as OTL. So far nothing has been flagged as spyware/adware or a virus. It may have been delivered by a fake Adobe update notice. One popped up and I, regretfully, clicked download but the window disappeared and nothing was downloaded and I therefore didn't install anything. Other than that I have no idea where it may have come from or what it is. I started having the problem soon after a clicked on that download button.

I have been able to stop the IE sessions from spwaning by disonnecting from the Internet for a while and then reconnecting. It apparently times out after being offline long enough and does not recognize when connection is reestablished. It does not affect other browsers except that both Firefox and Chrome are unable to go to sites like Malewarebytes and HouseCall. They are intercepted with a bogus message saying they are not allowed to go there because of security settings. I was able to get to them using Safari. I didn't try IE.

Last night I had to reset my DSL modem as it became very slow. It worked fine after that and is still working now. I don't know that that was a related problem.

Any help or ideas in solving this will be greatly appreciated.

OTL logfile created on: 12/22/2014 9:08:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ken\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 4.50 Gb Available Physical Memory | 56.28% Memory free
16.00 Gb Paging File | 12.50 Gb Available in Paging File | 78.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 601.42 Gb Total Space | 234.24 Gb Free Space | 38.95% Space Free | Partition Type: NTFS
Drive D: | 330.09 Gb Total Space | 212.64 Gb Free Space | 64.42% Space Free | Partition Type: NTFS
Drive H: | 83.35 Gb Total Space | 51.07 Gb Free Space | 61.27% Space Free | Partition Type: NTFS
Drive P: | 10.00 Gb Total Space | 9.21 Gb Free Space | 92.07% Space Free | Partition Type: NTFS

Computer Name: KEN-HOME | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/12/22 21:07:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Downloads\OTL(1).exe
PRC - [2014/12/20 22:46:46 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
PRC - [2014/12/05 18:18:56 | 000,337,520 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/12/03 00:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/26 19:43:02 | 000,813,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2014/11/19 22:14:18 | 001,114,176 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Users\Ken\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
PRC - [2014/11/14 21:05:47 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/12 16:50:13 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Users\Ken\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/10/29 23:25:46 | 004,673,432 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Ken\AppData\Local\Akamai\netsession_win.exe
PRC - [2014/08/07 07:52:52 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2014/07/15 08:46:00 | 000,786,256 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2014/07/06 19:40:01 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2014/06/20 21:32:30 | 000,389,744 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013/03/08 09:24:22 | 000,708,721 | ---- | M] ( ) -- C:\Program Files (x86)\TSST Korea\FW LiveUpdate\FWManager.exe
PRC - [2011/11/15 17:30:16 | 002,139,400 | ---- | M] () -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2011/10/24 21:36:10 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/09/22 19:29:54 | 005,550,984 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/09/20 09:17:44 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
PRC - [2011/07/12 02:14:25 | 000,331,776 | R--- | M] (VIA Technologies, Inc.) -- C:\VIA_XHCI\usb3Monitor.exe
PRC - [2010/12/06 04:56:42 | 000,390,728 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/10/25 18:41:50 | 000,344,064 | ---- | M] (ITSamples.com) -- C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/07/28 11:28:38 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009/05/27 06:46:44 | 000,007,680 | ---- | M] () -- C:\Program Files\FileBX\Fbx32helper.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

========== Modules (No Company Name) ==========

MOD - [2014/12/20 22:46:45 | 016,843,952 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
MOD - [2014/12/05 18:18:53 | 003,758,192 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/11/19 22:14:30 | 000,438,336 | ---- | M] () -- C:\Users\Ken\AppData\Local\Apps\Evernote\Evernote\libxml2.dll
MOD - [2014/11/19 22:14:30 | 000,320,064 | ---- | M] () -- C:\Users\Ken\AppData\Local\Apps\Evernote\Evernote\libtidy.dll
MOD - [2014/09/25 09:00:41 | 000,081,056 | ---- | M] () -- C:\Users\Ken\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
MOD - [2014/08/13 08:09:24 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2014/06/20 21:32:36 | 003,338,864 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2014/06/20 21:32:34 | 000,158,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/06/20 21:32:34 | 000,023,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2014/05/24 10:41:24 | 000,892,416 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
MOD - [2014/05/24 10:41:24 | 000,091,648 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
MOD - [2013/03/08 09:23:16 | 002,641,920 | ---- | M] () -- C:\Program Files (x86)\TSST Korea\FW LiveUpdate\LiveUpdate.dat
MOD - [2009/05/27 06:46:44 | 000,007,680 | ---- | M] () -- C:\Program Files\FileBX\Fbx32helper.exe
MOD - [2005/06/28 13:59:48 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\PhotoImpression 5\Share\PIHook.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/11/21 20:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/12/26 16:44:44 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE -- (EPSON_PM_RPCV4_05)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/07/03 14:19:06 | 000,263,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe -- (becldr3Service)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/29 21:52:38 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/05/10 14:00:00 | 000,608,864 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2011/12/12 00:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2011/03/09 11:10:40 | 000,288,768 | ---- | M] (WDC) [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/12/20 22:46:46 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/05 18:18:54 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/03 00:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/24 14:22:46 | 000,273,248 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe -- (NeroBackItUpBackgroundService)
SRV - [2014/08/07 07:52:52 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) [On_Demand | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2014/07/15 08:46:00 | 000,786,256 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/11/15 17:30:16 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2011/10/24 21:36:10 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/03/09 11:41:10 | 000,491,920 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:41:08 | 001,066,896 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/12/06 04:58:36 | 001,112,240 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/08 08:38:42 | 000,517,416 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)
SRV - [2010/02/02 17:35:40 | 001,986,448 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2010/02/02 17:33:18 | 001,916,720 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe -- (ntrtscan)
SRV - [2010/01/07 11:44:48 | 000,595,960 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2010/01/07 11:42:22 | 000,917,768 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2007/08/24 14:53:16 | 000,362,992 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2007/08/24 14:53:14 | 000,072,176 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2007/08/24 14:52:48 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007/08/24 14:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007/08/24 14:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/12/20 19:39:25 | 000,043,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2014/11/01 08:48:36 | 000,020,160 | ---- | M] (Glarysoft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GUBootStartup.sys -- (GUBootStartup)
DRV:64bit: - [2014/09/01 00:10:54 | 000,017,600 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV:64bit: - [2013/10/01 20:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/29 22:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2013/04/29 22:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/29 20:48:14 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/28 11:04:11 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV:64bit: - [2012/11/28 11:04:11 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap)
DRV:64bit: - [2012/11/22 11:13:04 | 000,047,240 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2012/10/24 15:53:01 | 000,310,368 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012/10/24 15:52:58 | 000,132,704 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/10 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/07/28 01:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/06/05 10:54:38 | 000,034,088 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SndTAudio.sys -- (SndTAudio)
DRV:64bit: - [2012/06/04 23:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012/05/14 00:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/05/10 16:35:26 | 000,221,184 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2012/05/10 16:35:26 | 000,104,448 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub)
DRV:64bit: - [2012/04/18 10:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2011/12/01 10:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011/12/01 10:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011/11/14 05:01:22 | 000,204,800 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2011/11/14 05:01:12 | 000,256,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2011/10/24 21:36:13 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/10/24 21:36:08 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)
DRV:64bit: - [2011/10/24 21:36:05 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/01/07 11:43:32 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2010/01/07 11:43:20 | 000,201,232 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2010/01/07 11:43:00 | 000,108,048 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 10:56:28 | 000,036,384 | ---- | M] (Glance Networks, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\glancedrv.sys -- (glancedrv)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/05/31 13:17:00 | 001,255,424 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\winaxhcf.sys -- (Winachcf)
DRV:64bit: - [2006/06/19 15:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2013/08/14 14:28:44 | 000,344,864 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2013/08/14 14:28:08 | 000,042,272 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2013/08/14 14:17:34 | 002,260,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/08/18 02:09:04 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{4EEA258A-D253-4A10-80ED-4AB6D40D75F8}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D 0B 32 0E 41 1D D0 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {222464E6-A426-41EB-8055-FF2D523BCFCF}
IE - HKCU\..\SearchScopes\{1CBAAE9E-B3B7-4CEC-B6E7-E7C7571751F8}: "URL" = http://search.callin...ie&p=go&cid=yes
IE - HKCU\..\SearchScopes\{222464E6-A426-41EB-8055-FF2D523BCFCF}: "URL" = http://www.google.co...startPage}&rlz=
IE - HKCU\..\SearchScopes\{33C08B5F-12DC-42D2-A10F-AD113A90C9D2}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{4EEA258A-D253-4A10-80ED-4AB6D40D75F8}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{841EC7C2-5E66-4F76-AD14-F837D900713B}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{84C4AF17-9347-473F-9AEE-3025E1201A26}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{855A6C72-4E9F-4CF5-99EE-DBD979D3A94B}: "URL" = http://search.yahoo....rtPage?}&fr=ie8
IE - HKCU\..\SearchScopes\{DA8EADA9-3CB1-4643-A777-34E203B594CB}: "URL" = http://search.micros...q={searchTerms}
IE - HKCU\..\SearchScopes\{E585937F-DE91-4F9D-86AB-DE08D473B36D}: "URL" = http://www.weather.c...e={searchTerms}
IE - HKCU\..\SearchScopes\{E5BD5D4E-8742-4B89-AEBA-279EB6647576}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:2000

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Twitter,DuckDuckGo"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: " "
FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.9
FF - prefs.js..extensions.enabledAddons: support%40ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.1.0
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.9.1
FF - prefs.js..extensions.enabledAddons: %7Bd91a2be6-3b56-4dfb-97f5-5e48fe3ed473%7D:1.0
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
FF - prefs.js..extensions.enabledAddons: %7B12A60D0F-0077-4F41-81B2-1286DDD278BB%7D:0.8.2
FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2014.07.06.05
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.24
FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.25
FF - prefs.js..extensions.enabledAddons: brief%40mozdev.org:1.7.3
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.6.8
FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.5.2
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.64
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.1.5.1
FF - prefs.js..extensions.enabledAddons: e-webprint%40epson.com:1.21.00
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.21.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.89
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2014/12/04 08:41:26 | 000,000,000 | ---D | M]
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@glance.net/GlanceClient: C:\Program Files (x86)\Glance29\npglance.dll (Glance Networks, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2014/12/04 08:41:26 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ken\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ken\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014/12/18 21:58:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/06 21:51:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/16 16:43:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/12/06 12:17:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.22\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2014/03/25 22:59:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.22\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins

[2011/01/29 18:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions
[2011/01/23 09:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2014/12/16 16:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions
[2013/11/19 17:47:54 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013/11/29 12:39:05 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014/12/16 16:39:13 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2014/09/10 08:51:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/12/09 18:12:51 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2014/02/25 20:37:43 | 000,000,000 | ---D | M] (CSHelper) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
[2011/01/23 08:35:27 | 000,000,000 | ---D | M] () -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2014/02/21 21:19:59 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2007/09/25 18:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\Access Privileges Test
[2007/10/10 13:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\Access Privileges Test-1
[2013/03/23 12:45:19 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\[email protected]
[2011/01/23 08:35:17 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\[email protected]
[2011/01/23 08:35:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\temp
[2014/03/25 23:09:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\SeaMonkey\Profiles\y2pjpppa.default\extensions
[2013/11/16 00:25:45 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Ken\AppData\Roaming\Mozilla\SeaMonkey\Profiles\y2pjpppa.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013/11/16 00:25:45 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\Ken\AppData\Roaming\Mozilla\SeaMonkey\Profiles\y2pjpppa.default\extensions\[email protected]
[2014/06/02 22:45:41 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\[email protected]
[2014/10/11 11:17:36 | 000,244,979 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\[email protected]
[2014/11/21 20:13:11 | 000,113,273 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\[email protected]
[2013/11/23 08:21:00 | 000,196,579 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\[email protected]
[2013/07/03 22:12:21 | 000,328,123 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\[email protected]
[2014/11/28 20:21:51 | 000,137,532 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\[email protected]
[2013/05/05 08:56:30 | 000,114,250 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\[email protected]
[2014/07/22 13:37:37 | 000,179,297 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\[email protected]
[2014/09/25 10:21:52 | 000,450,785 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2014/06/30 09:07:00 | 000,215,733 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\{12A60D0F-0077-4F41-81B2-1286DDD278BB}.xpi
[2014/11/23 08:34:26 | 000,392,877 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2014/11/28 20:26:56 | 000,231,252 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2014/11/06 13:07:33 | 001,004,018 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi
[2014/09/11 09:31:35 | 000,019,453 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\{a7213cf2-fa1e-4373-88ff-255d0abd3020}.xpi
[2013/05/06 09:03:14 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2014/11/12 19:12:37 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/12/15 09:38:27 | 000,004,398 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\chrome\content\reminderfox\utils\rmFxUpdateXPI.xul
[2009/09/06 14:03:11 | 000,001,863 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\searchplugins\searchalot.xml
[2009/07/20 20:07:51 | 000,001,837 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\searchplugins\searchgeek.xml
[2009/06/02 17:25:05 | 000,002,427 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\searchplugins\{688B6F2A-6679-4CEB-A689-3D7DC9DD441E}.xml
[2013/05/23 23:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/05 18:18:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/12/18 21:58:44 | 000,000,000 | ---D | M] (E-Web Print) -- C:\PROGRAM FILES (X86)\EPSON SOFTWARE\E-WEB PRINT\FIREFOX ADD-ON

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\Application\39.0.2171.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npdjvu.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npdeployJava1.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Windows LiveÂ™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ken\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Easy Dock] File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [RUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Ken\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [GUDelayStartup] C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe (Glarysoft Ltd)
O4 - HKCU..\Run: [NetworkIndicator] C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe (ITSamples.com)
O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1419282479 File not found
O4 - Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011/11/17 09:21:28 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Users\Ken\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Clip Image - C:\Users\Ken\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Users\Ken\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Users\Ken\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Users\Ken\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Users\Ken\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Clip Image - C:\Users\Ken\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Users\Ken\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Users\Ken\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Users\Ken\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Users\Ken\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains:   ([]msn in Computer)
O15 - HKCU\..Trusted Domains: connect.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: familytyree.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.226
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74B0E8FE-B604-4F3E-9931-BB4888EB4532}: DhcpNameServer = 192.168.0.1 205.171.2.226
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop Components:1 (Internet Explorer Channel Bar) - 131A6951-7F78-11D0-A979-00C04FD705A2
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1996/01/15 17:57:28 | 000,000,491 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [1997/12/30 19:50:28 | 000,001,055 | ---- | M] () - C:\AUTOEXEC.005 -- [ NTFS ]
O32 - AutoRun File - [1999/03/01 23:27:16 | 000,000,133 | ---- | M] () - C:\autoexec.atc -- [ NTFS ]
O32 - AutoRun File - [2004/01/23 17:24:56 | 000,000,732 | ---- | M] () - C:\AUTOEXEC.NU4 -- [ NTFS ]
O32 - AutoRun File - [1999/03/01 22:50:32 | 000,000,065 | ---- | M] () - C:\AUTOEXEC.PCC -- [ NTFS ]
O32 - AutoRun File - [2004/02/05 19:13:18 | 000,000,927 | ---- | M] () - C:\AUTOEXEC._AV -- [ NTFS ]
O32 - AutoRun File - [2007/08/31 23:47:40 | 000,000,000 | ---- | M] () - C:\.autoreg -- [ NTFS ]
O32 - AutoRun File - [1996/01/15 17:57:28 | 000,000,491 | ---- | M] () - D:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [1997/12/30 19:50:28 | 000,001,055 | ---- | M] () - D:\AUTOEXEC.005 -- [ NTFS ]
O32 - AutoRun File - [1999/03/01 23:27:16 | 000,000,133 | ---- | M] () - D:\autoexec.atc -- [ NTFS ]
O32 - AutoRun File - [2004/03/03 22:28:22 | 000,000,892 | ---- | M] () - D:\AutoExec.bat -- [ NTFS ]
O32 - AutoRun File - [2002/06/20 19:35:42 | 000,000,032 | -HS- | M] () - D:\AUTOEXEC.DOS -- [ NTFS ]
O32 - AutoRun File - [2004/01/23 17:24:56 | 000,000,732 | ---- | M] () - D:\AUTOEXEC.NU4 -- [ NTFS ]
O32 - AutoRun File - [1999/03/01 22:50:32 | 000,000,065 | ---- | M] () - D:\AUTOEXEC.PCC -- [ NTFS ]
O32 - AutoRun File - [2004/02/05 19:13:18 | 000,000,927 | ---- | M] () - D:\AUTOEXEC._AV -- [ NTFS ]
O32 - AutoRun File - [2007/08/31 23:47:40 | 000,000,000 | ---- | M] () - D:\.autoreg -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/12/22 11:10:11 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\LogMeIn Rescue Applet
[2014/12/21 07:15:02 | 000,285,208 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2014/12/21 06:32:30 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2014/12/21 00:02:43 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Dropbox
[2014/12/20 23:25:43 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evernote
[2014/12/20 23:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/12/20 20:04:39 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/20 20:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/12/20 20:04:20 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/20 20:04:20 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/12/20 20:04:20 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/12/20 20:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/12/10 08:35:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014/12/09 17:40:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A
[2014/12/09 17:40:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A
[2014/12/09 17:40:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04
[2014/12/09 17:40:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816
[2014/12/09 17:40:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804
[2014/12/09 17:40:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424
[2014/12/09 17:40:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F
[2014/12/09 17:40:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404
[2014/12/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401
[2014/12/09 17:40:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2014/12/09 17:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2014/12/05 18:50:00 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\firefox restore session
[2014/12/05 12:40:45 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\firefox restore session files
[2014/12/04 08:41:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Earth 3D
[2014/12/02 21:22:59 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\com.jacquielawson.marketadventcalendar2014
[2014/12/02 21:22:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JL Christmas Market
[2014/11/24 13:51:14 | 000,042,016 | ---- | C] (Glance Networks, Inc) -- C:\Windows\SysNative\glancedrv.dll
[2014/11/24 13:51:14 | 000,036,384 | ---- | C] (Glance Networks, Inc) -- C:\Windows\SysNative\drivers\glancedrv.sys
[2014/11/24 13:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glance29
[2014/11/24 07:38:45 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
[2014/11/24 07:38:41 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Amazon Music
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/12/22 21:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/22 20:55:30 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3377353928-491093663-1409737803-1001UA.job
[2014/12/22 15:23:23 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/22 15:08:02 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 5.job
[2014/12/22 14:46:35 | 000,025,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/22 14:46:35 | 000,025,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/22 14:36:53 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/22 14:36:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/22 14:36:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/22 14:36:31 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/22 14:27:18 | 000,000,493 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\TSSTLiveUpdateConfig.ini
[2014/12/21 08:24:18 | 000,000,036 | ---- | M] () -- C:\Users\Ken\AppData\Local\housecall.guid.cache
[2014/12/21 07:27:46 | 000,000,010 | ---- | M] () -- C:\Users\Ken\AppData\Local\sponge.last.runtime.cache
[2014/12/20 22:01:46 | 000,001,113 | ---- | M] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk
[2014/12/20 22:01:46 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 5.lnk
[2014/12/20 21:48:14 | 000,004,736 | ---- | M] () -- C:\Users\Ken\Documents\cc_20141220_214749.reg
[2014/12/20 21:45:20 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/12/20 20:04:28 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/20 19:39:25 | 000,043,664 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014/12/19 11:38:45 | 000,221,884 | ---- | M] () -- C:\Users\Ken\Documents\Wreath_1.jpg
[2014/12/18 22:18:05 | 000,813,464 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/18 22:18:05 | 000,684,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/18 22:18:05 | 000,130,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/16 02:15:29 | 000,002,969 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp.lnk
[2014/12/13 09:57:34 | 000,002,118 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHome.lnk
[2014/12/12 10:42:12 | 000,001,184 | ---- | M] () -- C:\Users\Ken\Desktop\Amazon Music.lnk
[2014/12/12 08:58:01 | 000,002,362 | ---- | M] () -- C:\Users\Ken\Desktop\Google Chrome.lnk
[2014/12/10 22:41:33 | 000,253,430 | ---- | M] () -- C:\Users\Ken\Documents\Tree_1.jpg
[2014/12/09 18:33:52 | 000,000,000 | -H-- | M] () -- C:\Users\Ken\Documents\MultiFrame_V1_1_0_3.zip.part
[2014/12/08 23:05:27 | 000,148,738 | ---- | M] () -- C:\Users\Ken\Documents\Flower_2.jpg
[2014/12/08 22:34:20 | 000,148,425 | ---- | M] () -- C:\Users\Ken\Documents\Flower_1.jpg
[2014/12/05 19:34:16 | 000,116,726 | ---- | M] () -- C:\Users\Ken\Documents\Bauble_1.jpg
[2014/12/05 18:48:20 | 000,001,301 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2014/12/05 13:18:54 | 000,001,058 | ---- | M] () -- C:\Users\Ken\Desktop\Notepad++.lnk
[2014/12/02 21:22:54 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\JL Christmas Market.lnk
[2014/11/25 18:42:08 | 005,459,733 | ---- | M] () -- C:\Users\Ken\Documents\S205 Bobcat Operation Maintenance Manual.pdf
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/12/21 07:27:46 | 000,000,010 | ---- | C] () -- C:\Users\Ken\AppData\Local\sponge.last.runtime.cache
[2014/12/20 21:47:55 | 000,004,736 | ---- | C] () -- C:\Users\Ken\Documents\cc_20141220_214749.reg
[2014/12/20 20:04:28 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/20 19:39:25 | 000,043,664 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014/12/19 11:38:45 | 000,221,884 | ---- | C] () -- C:\Users\Ken\Documents\Wreath_1.jpg
[2014/12/16 02:15:29 | 000,002,969 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp.lnk
[2014/12/13 09:57:34 | 000,002,118 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHome.lnk
[2014/12/10 22:41:33 | 000,253,430 | ---- | C] () -- C:\Users\Ken\Documents\Tree_1.jpg
[2014/12/09 18:33:52 | 000,000,000 | -H-- | C] () -- C:\Users\Ken\Documents\MultiFrame_V1_1_0_3.zip.part
[2014/12/08 23:05:27 | 000,148,738 | ---- | C] () -- C:\Users\Ken\Documents\Flower_2.jpg
[2014/12/08 22:34:20 | 000,148,425 | ---- | C] () -- C:\Users\Ken\Documents\Flower_1.jpg
[2014/12/05 19:34:16 | 000,116,726 | ---- | C] () -- C:\Users\Ken\Documents\Bauble_1.jpg
[2014/12/02 21:22:54 | 000,001,002 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JL Christmas Market.lnk
[2014/12/02 21:22:54 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\JL Christmas Market.lnk
[2014/11/25 18:34:06 | 005,459,733 | ---- | C] () -- C:\Users\Ken\Documents\S205 Bobcat Operation Maintenance Manual.pdf
[2014/11/24 07:38:56 | 000,001,184 | ---- | C] () -- C:\Users\Ken\Desktop\Amazon Music.lnk
[2014/09/23 08:39:32 | 000,000,493 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\TSSTLiveUpdateConfig.ini
[2014/05/04 23:55:38 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Stingers
[2014/05/04 23:55:38 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Static Library
[2014/05/04 23:55:38 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Techno Kit
[2014/05/04 23:55:38 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Synth Textures
[2014/05/04 23:51:26 | 000,000,000 | ---- | C] () -- C:\ProgramData\Screen Saver
[2014/05/04 14:20:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\Standard
[2014/03/08 14:45:52 | 000,020,186 | ---- | C] () -- C:\Users\Ken\gplot1.png
[2014/03/08 14:45:50 | 000,011,302 | ---- | C] () -- C:\Users\Ken\FreqPlotPanel29.png
[2014/03/08 14:45:50 | 000,008,420 | ---- | C] () -- C:\Users\Ken\FreqPlotPanel31.png
[2014/03/08 14:45:49 | 000,011,321 | ---- | C] () -- C:\Users\Ken\FreqPlotPanel25.png
[2014/03/08 14:45:49 | 000,008,427 | ---- | C] () -- C:\Users\Ken\FreqPlotPanel27.png
[2014/03/08 14:45:43 | 000,008,420 | ---- | C] () -- C:\Users\Ken\FreqPlotPanel23.png
[2014/03/08 14:45:42 | 000,011,302 | ---- | C] () -- C:\Users\Ken\FreqPlotPanel21.png
[2014/03/08 14:45:42 | 000,008,427 | ---- | C] () -- C:\Users\Ken\FreqPlotPanel19.png
[2014/03/08 14:45:41 | 000,011,321 | ---- | C] () -- C:\Users\Ken\FreqPlotPanel17.png
[2014/03/08 14:43:24 | 000,020,186 | ---- | C] () -- C:\Users\Ken\gplot.png
[2014/03/08 14:43:21 | 000,008,420 | ---- | C] () -- C:\Users\Ken\FreqPlotPanel15.png
[2014/03/08 14:43:20 | 000,011,302 | ---- | C] () -- C:\Users\Ken\FreqPlotPanel13.png
[2014/03/08 14:43:20 | 000,008,427 | ---- | C] () -- C:\Users\Ken\FreqPlotPanel11.png
[2014/03/08 14:43:19 | 000,011,321 | ---- | C] () -- C:\Users\Ken\FreqPlotPanel9.png
[2014/03/08 14:31:46 | 000,008,420 | ---- | C] () -- C:\Users\Ken\FreqPlotPanel7.png
[2014/03/08 14:31:45 | 000,011,302 | ---- | C] () -- C:\Users\Ken\FreqPlotPanel5.png
[2014/03/08 14:31:45 | 000,008,427 | ---- | C] () -- C:\Users\Ken\FreqPlotPanel3.png
[2014/03/08 14:31:44 | 000,011,321 | ---- | C] () -- C:\Users\Ken\FreqPlotPanel1.png
[2014/03/08 14:17:38 | 000,048,312 | ---- | C] () -- C:\Users\Ken\WFT2010MortalityAnova.htm
[2014/03/08 12:41:46 | 000,000,048 | ---- | C] () -- C:\Windows\TaxACT13.ini
[2013/12/26 16:41:46 | 000,000,045 | ---- | C] () -- C:\Windows\WF-3540.ini
[2013/12/13 09:27:02 | 000,000,106 | RHS- | C] () -- C:\ProgramData\1.15.0.lic
[2013/04/29 20:37:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/04/29 20:37:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/03/21 22:08:34 | 000,111,355 | ---- | C] () -- C:\Users\Ken\WFT2010Mortalityweek3Anova.htm
[2013/03/19 13:37:38 | 000,000,239 | ---- | C] () -- C:\Users\Ken\importxl.sas
[2013/02/08 18:56:49 | 000,000,061 | ---- | C] () -- C:\Windows\TaxACT12.ini
[2013/01/27 16:54:07 | 000,000,091 | ---- | C] () -- C:\Users\Ken\AppData\Local\fusioncache.dat
[2012/12/30 21:04:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\StatusSheet
[2012/12/30 21:04:46 | 000,000,268 | RH-- | C] () -- C:\Users\Ken\AppData\Roaming\Standard
[2012/12/30 21:04:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/12/30 21:04:46 | 000,000,012 | RH-- | C] () -- C:\ProgramData\SystemConfiguration
[2012/12/30 21:02:20 | 000,000,268 | RH-- | C] () -- C:\Users\Ken\AppData\Roaming\Standard Tool
[2012/12/30 21:02:20 | 000,000,268 | RH-- | C] () -- C:\Users\Ken\AppData\Roaming\Sports
[2012/12/30 21:02:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/12/30 21:02:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/12/30 21:01:14 | 000,000,268 | RH-- | C] () -- C:\Users\Ken\AppData\Roaming\Sync Services
[2012/12/30 21:01:14 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Work - Home
[2012/12/30 21:01:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2012/04/17 19:12:59 | 000,018,373 | ---- | C] () -- C:\Users\Ken\MeanPlot5.png
[2012/04/17 19:12:49 | 000,050,092 | ---- | C] () -- C:\Users\Ken\WFT2009Anova.htm
[2012/04/16 09:29:52 | 000,020,348 | ---- | C] () -- C:\Users\Ken\MeanPlot3.png
[2012/04/11 14:38:29 | 000,028,762 | ---- | C] () -- C:\Users\Ken\Anova.htm
[2012/04/06 16:44:50 | 000,010,103 | ---- | C] () -- C:\Users\Ken\pgm.asv
[2012/03/16 11:24:15 | 000,000,213 | ---- | C] () -- C:\Users\Ken\sassw_orig.config
[2012/01/30 19:21:39 | 000,002,485 | ---- | C] () -- C:\Users\Ken\gdbtk.ini
[2012/01/26 21:25:53 | 000,000,251 | ---- | C] () -- C:\Users\Ken\test.dat
[2012/01/26 20:59:02 | 000,000,251 | ---- | C] () -- C:\Users\Ken\mft2011.fileout
[2011/12/21 15:39:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Applications
[2011/12/21 15:39:54 | 000,000,268 | RH-- | C] () -- C:\Users\Ken\AppData\Roaming\Animals
[2011/12/21 15:39:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2011/12/21 15:39:49 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Audio
[2011/12/21 15:39:49 | 000,000,268 | RH-- | C] () -- C:\Users\Ken\AppData\Roaming\Applause and Laugher
[2011/12/21 15:13:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2011/12/21 15:01:52 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011/12/21 14:41:46 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/12/21 14:41:46 | 000,000,000 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\Sound Effects
[2011/12/16 18:30:19 | 000,001,214 | -HS- | C] () -- C:\ProgramData\rmvfhv6g4gok0dbx8afl8b081a3b
[2011/12/15 09:55:05 | 000,001,286 | -HS- | C] () -- C:\ProgramData\411012n4x265a652f306x3jkm4y5
[2011/08/26 15:51:37 | 001,127,309 | ---- | C] () -- C:\Users\Ken\AppData\Local\census.cache
[2011/08/26 15:50:27 | 000,155,450 | ---- | C] () -- C:\Users\Ken\AppData\Local\ars.cache
[2011/08/26 15:37:11 | 000,000,036 | ---- | C] () -- C:\Users\Ken\AppData\Local\housecall.guid.cache
[2011/05/27 18:04:48 | 003,526,096 | ---- | C] () -- C:\Users\Ken\AppData\Local\rx_image.Cache
[2011/05/27 18:04:48 | 000,056,916 | ---- | C] () -- C:\Users\Ken\AppData\Local\rx_audio.Cache
[2011/04/23 21:39:57 | 000,007,041 | ---- | C] () -- C:\Users\Ken\Expt1_pupae_count_Means.rtf
[2011/04/20 20:44:21 | 000,006,144 | ---- | C] () -- C:\Users\Ken\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/25 12:41:37 | 000,000,029 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\default.rss
[2011/02/24 21:54:18 | 000,000,000 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\downloads.m3u
[2011/02/21 17:40:07 | 000,000,478 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2011/02/03 15:19:47 | 000,061,678 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\PFP110JPR.{PB
[2011/02/03 15:19:47 | 000,012,358 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\PFP110JCM.{PB
[2011/01/29 00:35:16 | 000,007,647 | ---- | C] () -- C:\Users\Ken\AppData\Local\Resmon.ResmonCfg
[2011/01/29 00:32:11 | 000,022,688 | ---- | C] () -- C:\Users\Ken\MeanPlot.png
[2011/01/29 00:32:11 | 000,007,070 | ---- | C] () -- C:\Users\Ken\MeanPlot1.png
[2011/01/23 20:09:43 | 000,000,600 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\winscp.rnd
[2009/03/05 23:08:07 | 000,001,024 | ---- | C] () -- C:\Users\Ken\.rnd
[2008/01/07 20:37:05 | 000,000,000 | ---- | C] () -- C:\Users\Ken\tkjni.out
[2008/01/07 20:37:05 | 000,000,000 | ---- | C] () -- C:\Users\Ken\tkjni.err
[2005/12/11 23:50:15 | 000,000,109 | ---- | C] () -- C:\Users\Ken\default.pls
[2005/05/30 15:19:47 | 000,000,600 | ---- | C] () -- C:\Users\Ken\winscp.RND
[2004/10/06 19:42:40 | 000,000,637 | ---- | C] () -- C:\Users\Ken\BrushTips
[2004/09/01 07:06:03 | 000,000,715 | ---- | C] () -- C:\Users\Ken\ssnprefs.xml
[2004/02/24 20:54:09 | 000,000,600 | ---- | C] () -- C:\Users\Ken\PUTTY.RND

========== ZeroAccess Check ==========

[2014/12/15 09:38:32 | 000,000,596 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\dr3cnfk8.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 07:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 07:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 07:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/07/19 14:58:39 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\3020A922-5236-4875-B223-A1D5A19FB08B
[2011/02/13 20:30:41 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\54F7857E-0F40-4A88-8E0E-E5F878BB43D4
[2011/02/13 20:30:42 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\9E907D45-25A0-4AAE-9310-48A84ECC6CAA
[2011/01/26 20:33:16 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Acronis
[2014/12/21 06:33:49 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Amazon
[2014/09/10 00:54:09 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\AnvSoft
[2014/02/14 18:58:21 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Ashampoo
[2012/12/30 20:40:16 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Canon_Inc_IC
[2014/11/09 22:23:24 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\CheckPoint
[2014/02/13 11:04:32 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\CoffeeCup Software
[2011/09/11 20:16:47 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\com.amazon.music.uploader
[2014/12/02 21:23:00 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\com.jacquielawson.marketadventcalendar2014
[2011/05/27 08:34:02 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2011/06/01 21:08:21 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\D795B2AB-548F-4B9A-8298-BB7C6B6F1C79
[2011/08/16 03:13:25 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Downloaded Installations
[2014/12/21 00:02:51 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Dropbox
[2014/03/28 12:15:18 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\EPSON
[2014/11/26 17:48:37 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\FamilyTreeMaker
[2011/10/24 21:36:12 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\FF22CE51-A922-4E13-BFDB-1492AA67EF63
[2014/08/20 01:56:02 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\FileZilla
[2012/09/12 11:35:46 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\FireShot
[2013/04/06 09:21:22 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\GARMIN
[2014/12/21 06:36:03 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\GlarySoft
[2011/02/08 17:41:37 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Hyperionics
[2011/08/23 20:49:21 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\IrfanView
[2013/12/27 10:16:40 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Leader Technologies
[2011/02/03 15:54:21 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Leadertech
[2014/10/21 15:09:47 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\MediaMonkey
[2012/02/04 10:46:46 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\NetSpell
[2014/05/04 10:28:27 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Nikon
[2013/08/06 05:40:25 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Notepad++
[2014/02/17 17:38:32 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\OpenOffice
[2013/07/09 21:34:53 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Oracle
[2011/04/21 12:10:57 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\picpick
[2013/11/22 19:03:08 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\SanDisk
[2011/01/29 00:28:19 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\SAS
[2012/12/19 20:01:02 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Software Update
[2014/03/07 23:16:29 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Sync App Settings
[2011/01/23 19:43:21 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Thunderbird
[2012/12/03 18:57:03 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\TuneUp Software
[2011/03/03 12:42:30 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Windows Live Writer
[2014/01/18 20:56:45 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Youtube Downloader HD

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\Wateranalysis003_sm.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\Untitled.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\Untitled (2).wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\test.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\SonyLCDTV.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\SONY____DVD_RW_DRU-800A_VKY03.dat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\Slideshow0.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\Slideshow0.dat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\Slideshow.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\Slideshow.dat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\sallie_dean4.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\sallie_dean2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\Sable1997 Title.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\Sable1997 Title.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\robsbarn.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\red_20090416.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\red&ken_floor.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\Pasqu021.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\MomsSlideshow.dmss:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\MomsSlideshow.dat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\jurne2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\jurne.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\juliet_stormy_honey1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\img278.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\img277.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\horses_addr_label.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\EESlideshow.dmss:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\EESlideshow.dat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\Dolly bone2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\Dolly bone1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\Classy_in_stall.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\20090517_395.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\20090516_380.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\20090516_379.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\20090516_378.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\20090516_376.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\20090516_373.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\20090516_355.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ken\Documents\2008_1099R_KS Tax_8_30_2010001.jpg:Roxio EMC Stream

< End of report >

Security → Virus, Spyware, Malware Removal → suffering with a bad case of malware :( HELP please [Closed] Started by lukey246 , 01 Aug 2019 Malware adware spyware, malware and 3 more...	2 replies 2,965 views	iMacg3 05 Aug 2019
Security → Virus, Spyware, Malware Removal → clipconverter.cc popups removal [Closed] Started by Labelia , 07 May 2018 malware, adware	2 replies 4,630 views	JSntgRvr 16 May 2018
Security → Virus, Spyware, Malware Removal → Computer slow and closing programs Started by musicianindistress , 25 Mar 2018 Slow, Virus, Adware, Closing and 1 more... 1 2	Hot 22 replies 8,862 views	Bruce1270 01 May 2018
Hardware → Smartphones and Tablets → My phone is installing applications without my permission Started by gody09 , 20 Mar 2018 mobile, adware	2 replies 3,751 views	angelaperryman228 14 Feb 2019
Security → Virus, Spyware, Malware Removal → malware or not? [Solved] Started by lazyoli , 13 Nov 2017 trojan, malware, adware and 2 more...	11 replies 8,233 views	RKinner 19 Nov 2017

Malware/adware repeatedly spawns new sessions of IE until computer cra

#1
kekemp

Posted 23 December 2014 - 08:32 AM

Advertisements

Similar Topics

Also tagged with one or more of these keywords: Adware, IE browser high jacker

suffering with a bad case of malware :( HELP please [Closed]

clipconverter.cc popups removal [Closed]

Computer slow and closing programs

My phone is installing applications without my permission

malware or not? [Solved]

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Malware/adware repeatedly spawns new sessions of IE until computer cra

#1 kekemp Posted 23 December 2014 - 08:32 AM

Advertisements

Similar Topics

Also tagged with one or more of these keywords: Adware, IE browser high jacker

0 user(s) are reading this topic

As Featured On:

Connect With Us

Sign In

#1
kekemp

Posted 23 December 2014 - 08:32 AM