Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant download any file without virus warning / Serifef


  • This topic is locked This topic is locked
46 replies to this topic

#1 kevincount

kevincount

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 20 May 2013 - 12:30 PM

Hello,  

I have recently had a problem with downloading files. Any time I try to download the download will complete then a warning comes up stating that the file was infected with a virus and has been deleted.  I have tried different browser with the same results.  I have reset the Internet options security to default with no change.  I have checked that downloads are permited etc.  All with no effect.

 

Also, I cannot open Microsoft securiy essentials.  I was able to run the Microsoft malicious software tool and it reported an infection of Serifef.  supposedly removed it but on rerunning the tool stated the same infection was found. 

I have run Malwarebytes, Avast , and combofix all with no results. 

 

Below is the DDS log as well as the attach.txt file.

 

Any help is appreciated.

 

Kevin

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 1.6.0_31
Run by KC at 11:53:14 on 2013-05-20
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3002.955 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\MVE Cloud\TUXCredProv.exe
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Entitlement Client\v5.3\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MVE_INSTANCE\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intuit\QuickBooks Point of Sale 8.0\DatabaseServer\QBPOSDBService.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Intuit\QuickBooks Point of Sale 8.0\DatabaseServer\QBDBMgrN10.exe
C:\Program Files\Intuit\QuickBooks Point of Sale 8.0\DatabaseServer\QBDBMgrN10.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\MVE Cloud\APPServerClient.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\Explorer.exe
C:\Users\KC\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files\Pandora\Pandora.exe
C:\Program Files\Intuit\QuickBooks Point of Sale 8.0\qbpos.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Users\KC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?hl=en/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AddThis Toolbar BHO: {9EBF8AAF-0A31-4786-909A-97A0EF101743} - c:\program files\addthis toolbar\Toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome\application\26.0.1410.64\npchrome_frame.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - c:\program files\addthis toolbar\Toolbar.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - c:\program files\addthis toolbar\Toolbar.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN316B3HK605KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [PocketCloud Location] c:\program files\wyse\pocketcloud windows companion\WyseBrowser.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\kc\appdata\roaming\micros~1\windows\startm~1\programs\startup\2xclie~1.lnk - c:\program files\mve cloud\APPServerClient.exe
StartupFolder: c:\users\kc\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\kc\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\kc\appdata\roaming\microsoft\windows\start menu\programs\startup\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://wt4.viewnetcam.com:5003/bl_camera.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://iot.webex.com/client/T27LC/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{71D7380C-1BB7-469C-80F9-B70A1721A4A0} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F95850BD-1172-4D4C-AE89-DAD895110F34} : DHCPNameServer = 192.168.1.254
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome\application\26.0.1410.64\npchrome_frame.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - c:\windows\system32\QBPOSProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kc\appdata\roaming\mozilla\firefox\profiles\0yizqsi0.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-08-27 18:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-06-10 12:35; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-20 174664]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-20 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-20 368944]
R2 2X SSO Service;2X SSO Service;c:\program files\mve cloud\TUXCredProv.exe [2012-8-31 712072]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-20 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-20 66336]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Intuit Entitlement Service v5.3;Intuit Entitlement Service v5.3;c:\program files\common files\intuit\entitlement client\v5.3\server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [2008-7-29 20480]
R2 MSSQL$_OPTEK;SQL Server (_OPTEK);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 MSSQL$MVE_INSTANCE;SQL Server (MVE_INSTANCE);c:\program files\microsoft sql server\mssql10_50.mve_instance\mssql\binn\sqlservr.exe [2011-4-24 42872672]
R2 QBPOSDBServiceV8;QBPOS Database Manager v8;c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\QBPOSDBService.exe [2012-12-28 2736864]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-22 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-22 193840]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-19 22856]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-20 49376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2010-1-19 55184]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 100328]
S3 QuickBooksDB19;QuickBooksDB19;c:\progra~1\intuit\quickb~2\qbdbmgrn.exe -hvquickbooksdb19 --> c:\progra~1\intuit\quickb~2\QBDBMgrN.exe -hvQuickBooksDB19 [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-3-24 16168]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 RsFx0151;RsFx0151 Driver;c:\windows\system32\drivers\RsFx0151.sys [2011-6-17 240736]
SUnknown NisSrv;NisSrv; [x]
.
=============== Created Last 30 ================
.

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:01 AM

Posted 21 May 2013 - 03:43 PM

Hello kevincount! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

STEP 1
 

  • Please download RogueKiller and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.

STEP 2

 

  • Please download Junction.zip and save it to your desktop.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Press the Windows Logo in the bottom left corner of your screen.
  • In the 10-16-2011%204-33-46%20PM.png box, enter notepad and press Enter.
  • Navigate to format and make sure that wordwrap is unchecked. <--- important !!!
  • Highlight the contents of the following quotebox, and copy and paste that text into notepad.

     

    @ECHO OFF
    dir /a/b c:\windows\junction.exe >c:\log.txt 2>&1
    junction -s c:\>>c:\log.txt
    echo.End of Scan >>c:\log.txt
    notepad c:\log.txt
  • Select File -> Save.
  • Press the Desktop button on the left side of the save dialog.
  • In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  • Press 10-16-2011%204-36-39%20PM.png.
  • Close Notepad.
  • Right click 10-16-2011%204-34-34%20PM.png on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
  • Press Yes if prompted by User Account Control.
  • A command window opens starting to scan the system. Wait until a log file opens. Upload it here and post the link to the log.

 

 

 

STEP 3

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,
Georgi


cXfZ4wS.png


#3 kevincount

kevincount
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 22 May 2013 - 11:04 AM

Thank you!

 

I have run the programs listed.  I did not press on the 'Fix It' buttons on any of the programs after they completed the scan as you made it very clear that I am to follow your instructions to the letter.  Hopefully that was the correct action.

 

Below is the RK Report:

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : KC [Admin rights]
Mode : Scan -- Date : 05/22/2013 09:03:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3252GSX ATA Device +++++
--- User ---
[MBR] 5e3bc49bc247e08eb7b2f542fa985825
[BSP] c76b7854869366d011f8060bf0bf5bc0 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 294058 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 602232832 | Size: 11183 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SMI USB DISK USB Device +++++
--- User ---
[MBR] f0165a6e666f3bec8888e11282f7043d
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 856 | Size: 961 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Generic- Multi-Card USB Device +++++
--- User ---
[MBR] 8a4a3f84a9eda68451f8bdccda84c484
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_05222013_02d0903.txt >>
RKreport[1]_S_05222013_02d0903.txt



Here is the Frst report.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-05-2013 02
Ran by KC (administrator) on 22-05-2013 09:31:50
Running from C:\Users\KC\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(2X Software Ltd.) C:\Program Files\MVE Cloud\TUXCredProv.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intuit, Inc.) C:\Program Files\Common Files\Intuit\Entitlement Client\v5.3\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MVE_INSTANCE\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Intuit\QuickBooks Point of Sale 8.0\DatabaseServer\QBPOSDBService.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(iAnywhere Solutions, Inc.) C:\Program Files\Intuit\QuickBooks Point of Sale 8.0\DatabaseServer\QBDBMgrN10.exe
(iAnywhere Solutions, Inc.) C:\Program Files\Intuit\QuickBooks Point of Sale 8.0\DatabaseServer\QBDBMgrN10.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
() C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(Wyse Technology.) C:\Program Files\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(2X Software Ltd.) C:\Program Files\MVE Cloud\APPServerClient.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\KC\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Farbar) C:\Users\KC\Desktop\FRST.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2008-10-06] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2008-11-15] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup [1532760 2011-06-15] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on [53248 2008-02-20] (HP)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [PocketCloud Location] C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe [935312 2012-11-05] (Wyse Technology Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [825560 2012-12-18] (Adobe Systems Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM\...\Winlogon: [System]
HKCU\...\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN316B3HK605KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 [1837672 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart [19662744 2013-04-16] (Google)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [ 2008-09-30] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [ 2008-09-30] (Hewlett-Packard)
HKU\QBDataServiceUser19\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [ 2008-09-30] (Hewlett-Packard)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\KC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X Client.lnk
ShortcutTarget: 2X Client.lnk -> C:\Program Files\MVE Cloud\APPServerClient.exe (2X Software Ltd.)
Startup: C:\Users\KC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\KC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
HKLM SearchScopes: DefaultScope {A23B6865-91F4-4D89-B386-7D1A3EFEF156} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM - {83A5C533-9702-4876-BE37-6A946DB0A6E9} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKLM - {A23B6865-91F4-4D89-B386-7D1A3EFEF156} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKCU - {83A5C533-9702-4876-BE37-6A946DB0A6E9} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: AddThis Toolbar BHO - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - AddThis Toolbar - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -AddThis Toolbar - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
PDF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
PDF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
PDF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
PDF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
PDF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
PDF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
PDF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://wt4.viewnetcam.com:5003/bl_camera.cab
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
PDF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
PDF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
PDF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
PDF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://iot.webex.com/client/T27LC/webex/ieatgpc1.cab
PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Windows\system32\QBPOSProtocol.dll (Intuit Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [19968] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\0yizqsi0.default
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.0 - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 - C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin: @real.com/nppl3260;version=15.0.1.13 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.1.13 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.1.13 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.1.13 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Extension: DownloadHelper - C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\0yizqsi0.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: firebug - C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\0yizqsi0.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: rankchecker - C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\0yizqsi0.default\Extensions\rankchecker@seobook.com.xpi
FF Extension: No Name - C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\0yizqsi0.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\0yizqsi0.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
FF Extension: No Name - C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\0yizqsi0.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig?hl=en
CHR RestoreOnStartup: "hxxp://www.google.com/ig?hl=en"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\KC\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\KC\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\KC\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\KC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\KC\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (WPI Detector 1.1) - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Facebook Plugin) - C:\Users\KC\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (QR Creator) - C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaephdgbinagkeepamlbkhkfbiaedabm\1.5_0
CHR Extension: (Entanglement) - C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0
CHR Extension: (Atari - Lunar Lander) - C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aheampccjiggeiflpcjolbabpohbpclg\1.0_0
CHR Extension: (From Dust) - C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj\0.0.0.23_0
CHR Extension: (Google Drive) - C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Chrome Professional - Theme) - C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhapfjmmbkceacadabpamlhofapnhhcd\1.3_0
CHR Extension: (Cloud Book) - C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flilccfmjckbfkglcjijgmghldnddocp\4_0
CHR Extension: (Lord of Ultima) - C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.12_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Poppit) - C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR Extension: (Atari - Missile Command) - C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobnopfjjndfekinfcddimnjbhjdgmbg\1.0_0

========================== Services (Whitelisted) =================

R2 2X SSO Service; C:\Program Files\MVE Cloud\\TUXCredProv.exe [712072 2012-08-31] (2X Software Ltd.)
R2 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
R2 Akamai; c:\program files\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-29] (Akamai Technologies, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 Intuit Entitlement Service v5.3; C:\Program Files\Common Files\Intuit\Entitlement Client\v5.3\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [20480 2008-07-29] (Intuit, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [55184 2010-01-19] (Microsoft Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] ()
R2 MSSQL$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MSSQL$MVE_INSTANCE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MVE_INSTANCE\MSSQL\Binn\sqlservr.exe [42872672 2011-04-24] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation)
R2 MSSQL$_OPTEK; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper100; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [44896 2010-04-03] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] ()
R2 QBPOSDBServiceV8; C:\Program Files\Intuit\QuickBooks Point of Sale 8.0\DatabaseServer\QBPOSDBService.exe [2736864 2012-12-28] (Intuit Inc.)
S3 QuickBooksDB19; C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe [131072 2009-10-01] (Intuit, Inc.)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-04-15] (Skype Technologies S.A.)
S4 SQLAgent$MVE_INSTANCE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MVE_INSTANCE\MSSQL\Binn\SQLAGENT.EXE [367456 2011-04-24] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation)
R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [5010288 2010-03-08] (Wacom Technology, Corp.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] ()
R2 WysePocketCloud; C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [191488 2012-11-05] ()
R2 WyseRemoteAccess; C:\Program Files\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-11-05] (Wyse Technology.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-05-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368944 2013-05-09] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [174664 2013-05-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S4 RsFx0150; C:\Windows\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation)
S4 RsFx0151; C:\Windows\System32\DRIVERS\RsFx0151.sys [240736 2011-06-17] (Microsoft Corporation)
R3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U3 mbr; \??\C:\Users\KC\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-22 09:31 - 2013-05-22 09:31 - 00000000 ____D C:\FRST
2013-05-22 09:30 - 2013-05-21 21:10 - 01318319 ____A (Farbar) C:\Users\KC\Desktop\FRST.exe
2013-05-22 09:11 - 2013-05-22 09:11 - 00000142 ____A C:\Users\KC\Desktop\Fix.bat
2013-05-22 09:08 - 2010-09-07 15:39 - 00150392 ____A (Sysinternals - www.sysinternals.com) C:\Windows\junction.exe
2013-05-22 09:08 - 2006-07-28 09:32 - 00007005 ____N C:\Users\KC\Desktop\Eula.txt
2013-05-22 09:04 - 2013-05-22 09:29 - 00000000 ____D C:\Users\KC\Desktop\Bleeping computers.com reports
2013-05-22 09:03 - 2013-05-22 09:03 - 00002068 ____A C:\Users\KC\Desktop\RKreport[1]_S_05222013_02d0903.txt
2013-05-22 08:59 - 2013-05-22 09:03 - 00000000 ____D C:\Users\KC\Desktop\RK_Quarantine
2013-05-20 11:59 - 2013-05-20 11:59 - 00026501 ____A C:\Users\KC\Documents\DDS.txt
2013-05-20 11:58 - 2013-05-20 11:58 - 00023598 ____A C:\Users\KC\Documents\Attach.txt
2013-05-20 11:57 - 2013-05-20 11:57 - 00026501 ____A C:\Users\KC\Desktop\dds.txt
2013-05-20 11:57 - 2013-05-20 11:57 - 00023598 ____A C:\Users\KC\Desktop\attach.txt
2013-05-20 09:12 - 2013-05-20 09:12 - 00001489 ____A C:\Users\KC\Desktop\Google Drive.lnk
2013-05-20 09:12 - 2013-05-20 09:12 - 00000000 ___SD C:\Users\KC\Google Drive
2013-05-20 08:12 - 2013-05-20 08:12 - 00000000 ____D C:\Users\KC\AppData\LocalGoogle
2013-05-20 08:10 - 2013-05-20 08:10 - 00001829 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-05-20 08:10 - 2013-05-09 03:59 - 00765736 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-20 08:10 - 2013-05-09 03:59 - 00368944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-20 08:10 - 2013-05-09 03:59 - 00174664 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-20 08:10 - 2013-05-09 03:59 - 00066336 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-20 08:10 - 2013-05-09 03:59 - 00056080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-20 08:10 - 2013-05-09 03:59 - 00049760 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2013-05-20 08:10 - 2013-05-09 03:59 - 00049376 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-20 08:10 - 2013-05-09 03:59 - 00029816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-20 08:10 - 2013-05-09 03:58 - 00229648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-20 08:09 - 2013-05-09 03:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-20 08:08 - 2013-05-20 08:08 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-20 08:08 - 2013-05-20 08:08 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-19 17:39 - 2013-05-19 17:39 - 00000000 ____D C:\Users\KC\AppData\Roaming\Malwarebytes
2013-05-19 17:38 - 2013-05-21 20:40 - 00000829 ____A C:\Windows\setupact.log
2013-05-19 17:38 - 2013-05-19 17:38 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-19 17:38 - 2013-05-19 17:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-19 17:38 - 2013-05-19 17:38 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-19 17:38 - 2013-05-19 17:38 - 00000000 ____A C:\Windows\setuperr.log
2013-05-19 17:38 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-19 16:14 - 2013-05-19 16:14 - 00021005 ____A C:\ComboFix.txt
2013-05-19 12:51 - 2013-05-19 12:53 - 02423304 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-19 12:51 - 2013-05-19 12:51 - 00000552 ____A C:\Windows\PFRO.log
2013-05-19 12:39 - 2013-05-19 12:49 - 00000000 ___AD C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ
2013-05-19 12:01 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-19 12:01 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-19 12:01 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-19 12:01 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-19 12:01 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-19 12:01 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-19 12:01 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-19 12:01 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-19 12:00 - 2013-05-19 16:14 - 00000000 ____D C:\Qoobox
2013-05-19 11:56 - 2013-05-19 15:44 - 00000000 ____D C:\Windows\erdnt
2013-05-19 11:19 - 2013-05-19 11:19 - 00135520 ____A C:\Users\KC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-19 11:07 - 2013-05-19 12:38 - 00000000 ___AD C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ
2013-05-19 10:36 - 2013-05-19 10:36 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-05-19 10:26 - 2013-05-22 08:57 - 00052964 ____A C:\Windows\WindowsUpdate.log
2013-05-18 21:37 - 2013-05-18 21:37 - 00001137 ____A C:\Users\Public\Desktop\Norton Security Scan.LNK
2013-05-18 21:37 - 2013-05-18 21:37 - 00000434 ___AH C:\Windows\Tasks\Norton Security Scan for KC.job
2013-05-18 21:37 - 2013-05-18 21:37 - 00000000 ____D C:\Windows\System32\Drivers\NSS
2013-05-18 21:37 - 2013-05-18 21:37 - 00000000 ____D C:\Program Files\Norton Security Scan
2013-05-18 21:36 - 2013-05-18 21:36 - 00549000 ____A (Symantec) C:\Users\KC\Downloads\Setup (1).exe
2013-05-18 21:09 - 2013-05-19 15:55 - 00000000 ____D C:\Windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-05-18 21:09 - 2013-05-18 21:09 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-05-18 21:09 - 2013-05-18 21:09 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-05-18 21:08 - 2013-05-18 21:08 - 00728960 ____A (Enigma Software Group USA, LLC.) C:\Users\KC\Downloads\SpyHunter-Installer.exe
2013-05-18 21:06 - 2013-05-18 21:06 - 00305422 ____A C:\Users\KC\Documents\cc_20130518_210642.reg
2013-05-18 21:05 - 2013-05-18 21:05 - 11091432 ____A (Microsoft Corporation) C:\Users\KC\Downloads\mseinstall.exe
2013-05-18 20:56 - 2013-05-18 20:57 - 00000000 ____D C:\Program Files\CCleaner
2013-05-18 20:56 - 2013-05-18 20:56 - 04316280 ____A (Piriform Ltd) C:\Users\KC\Downloads\ccsetup400.exe
2013-05-18 20:56 - 2013-05-18 20:56 - 00000804 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-05-18 20:53 - 2013-05-18 20:54 - 00000000 ____D C:\Users\KC\AppData\Roaming\QuickScan
2013-05-17 18:30 - 2013-05-18 20:44 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-05-16 03:15 - 2013-05-05 14:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 03:15 - 2013-05-05 14:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 03:01 - 2013-04-04 17:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 03:01 - 2013-04-04 17:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 03:01 - 2013-04-04 17:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 03:01 - 2013-04-04 17:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 03:01 - 2013-04-04 17:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 03:01 - 2013-04-04 17:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 03:01 - 2013-04-04 16:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 03:01 - 2013-04-04 16:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 03:01 - 2013-04-04 16:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 03:01 - 2013-04-04 16:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-16 03:01 - 2013-04-04 16:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 03:01 - 2013-04-04 16:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 03:01 - 2013-04-04 16:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 03:01 - 2013-04-04 16:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 03:41 - 2013-04-15 09:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 03:41 - 2013-04-13 05:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 03:41 - 2013-04-08 20:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-14 13:14 - 2013-05-14 13:14 - 00000000 ____D C:\Program Files\Pandora
2013-05-08 14:01 - 2013-05-08 14:01 - 00000000 ____D C:\Users\KC\Documents\2XPDFStore
2013-05-08 13:58 - 2013-05-08 14:00 - 00000000 ____D C:\Users\KC\2XJava
2013-05-06 10:20 - 2013-05-19 16:38 - 00000000 ____D C:\Users\KC\AppData\Roaming\2XClient
2013-05-06 10:19 - 2013-05-06 10:19 - 00001569 ____A C:\Users\Public\Desktop\MVE Cloud.lnk
2013-05-06 10:19 - 2013-05-06 10:19 - 00000000 ____D C:\Program Files\MVE Cloud
2013-05-03 16:48 - 2013-05-03 16:48 - 00013573 ____A C:\Users\KC\Downloads\LENS PRICES COMPARATIVE 2013.xlsx
2013-05-03 16:39 - 2013-05-03 16:39 - 00013598 ____A C:\Users\KC\Downloads\LENS PRICES 2013.xlsx
2013-05-02 14:22 - 2013-05-02 14:22 - 02040832 ____A C:\Users\KC\Downloads\WindowsVistaGroupPolicySettings.htm
2013-04-30 16:40 - 2013-04-30 16:40 - 00000000 ____D C:\Program Files\Ericom Software
2013-04-30 13:08 - 2013-04-30 13:08 - 00589016 ____A C:\Users\KC\Downloads\remotedesktop_vista_sp1 (1).zip
2013-04-30 10:19 - 2013-04-30 10:19 - 00000519 ____A C:\Users\KC\Downloads\DefaultHosts.zip
2013-04-29 17:25 - 2013-04-29 17:25 - 05487016 ____A (Microsoft Corporation) C:\Users\KC\Downloads\Windows8-UpgradeAssistant.exe
2013-04-29 14:35 - 2006-11-02 01:46 - 00427520 ____A (Microsoft Corporation) C:\Windows\System32\termsrv.dll.bak
2013-04-29 14:32 - 2013-04-29 14:32 - 00182923 ____A C:\Users\KC\Desktop\termsrv.zip
2013-04-29 14:32 - 2013-04-29 14:32 - 00000000 ____D C:\Users\KC\Desktop\termsrv
2013-04-29 14:26 - 2007-03-12 15:29 - 00002312 ____A C:\Users\KC\Desktop\Ultimate.bat
2013-04-29 14:26 - 2007-03-12 15:29 - 00002312 ____A C:\Users\KC\Desktop\Buisness.bat
2013-04-29 14:26 - 2007-03-12 15:26 - 00002394 ____A C:\Users\KC\Desktop\premium.bat
2013-04-29 14:26 - 2007-02-27 10:40 - 00007507 ____A C:\Users\KC\Desktop\termonpremium.reg
2013-04-29 14:26 - 2006-11-02 01:46 - 00427520 ____A (Microsoft Corporation) C:\Users\KC\Desktop\termsrv.dll
2013-04-29 14:03 - 2013-04-29 14:03 - 00585178 ____A C:\Users\KC\Desktop\rdp-x64-x86-sp2.zip
2013-04-29 13:48 - 2013-04-29 13:48 - 00000000 ____D C:\Users\KC\Desktop\rdp-x64-x86-sp2
2013-04-29 13:45 - 2013-04-29 13:46 - 00589016 ____A C:\Users\KC\Downloads\remotedesktop_vista_sp1.zip
2013-04-24 15:43 - 2013-04-24 15:43 - 00000087 ____A C:\Windows\SSOVO.INI

==================== One Month Modified Files and Folders ========

2013-05-22 09:31 - 2013-05-22 09:31 - 00000000 ____D C:\FRST
2013-05-22 09:31 - 2011-12-27 17:04 - 00000000 ____D C:\Users\KC\AppData\Local\7763FC58-9D5A-43A9-8F6F-CBA8FC124F37.aplzod
2013-05-22 09:29 - 2013-05-22 09:04 - 00000000 ____D C:\Users\KC\Desktop\Bleeping computers.com reports
2013-05-22 09:20 - 2010-01-29 11:00 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796131044-1765537854-2342951633-1000UA.job
2013-05-22 09:20 - 2010-01-29 11:00 - 00000844 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796131044-1765537854-2342951633-1000Core.job
2013-05-22 09:11 - 2013-05-22 09:11 - 00000142 ____A C:\Users\KC\Desktop\Fix.bat
2013-05-22 09:08 - 2012-04-12 10:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-22 09:03 - 2013-05-22 09:03 - 00002068 ____A C:\Users\KC\Desktop\RKreport[1]_S_05222013_02d0903.txt
2013-05-22 09:03 - 2013-05-22 08:59 - 00000000 ____D C:\Users\KC\Desktop\RK_Quarantine
2013-05-22 09:02 - 2010-05-11 14:48 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-22 08:57 - 2013-05-19 10:26 - 00052964 ____A C:\Windows\WindowsUpdate.log
2013-05-22 08:57 - 2006-11-02 07:47 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-22 08:57 - 2006-11-02 07:47 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-21 21:10 - 2013-05-22 09:30 - 01318319 ____A (Farbar) C:\Users\KC\Desktop\FRST.exe
2013-05-21 20:40 - 2013-05-19 17:38 - 00000829 ____A C:\Windows\setupact.log
2013-05-21 16:02 - 2010-05-11 14:48 - 00000874 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-20 11:59 - 2013-05-20 11:59 - 00026501 ____A C:\Users\KC\Documents\DDS.txt
2013-05-20 11:58 - 2013-05-20 11:58 - 00023598 ____A C:\Users\KC\Documents\Attach.txt
2013-05-20 11:57 - 2013-05-20 11:57 - 00026501 ____A C:\Users\KC\Desktop\dds.txt
2013-05-20 11:57 - 2013-05-20 11:57 - 00023598 ____A C:\Users\KC\Desktop\attach.txt
2013-05-20 11:52 - 2006-11-02 05:33 - 01137734 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-20 09:12 - 2013-05-20 09:12 - 00001489 ____A C:\Users\KC\Desktop\Google Drive.lnk
2013-05-20 09:12 - 2013-05-20 09:12 - 00000000 ___SD C:\Users\KC\Google Drive
2013-05-20 09:12 - 2009-08-08 22:35 - 00000000 ____D C:\users\KC
2013-05-20 08:12 - 2013-05-20 08:12 - 00000000 ____D C:\Users\KC\AppData\LocalGoogle
2013-05-20 08:12 - 2009-12-27 21:09 - 00000000 ____D C:\Users\KC\AppData\Local\Google
2013-05-20 08:11 - 2009-12-27 21:09 - 00000000 ____D C:\Program Files\Google
2013-05-20 08:10 - 2013-05-20 08:10 - 00001829 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-05-20 08:10 - 2006-11-02 05:23 - 00002577 ____A C:\Windows\System32\config.nt
2013-05-20 08:08 - 2013-05-20 08:08 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-20 08:08 - 2013-05-20 08:08 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-19 17:39 - 2013-05-19 17:39 - 00000000 ____D C:\Users\KC\AppData\Roaming\Malwarebytes
2013-05-19 17:38 - 2013-05-19 17:38 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-19 17:38 - 2013-05-19 17:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-19 17:38 - 2013-05-19 17:38 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-19 17:38 - 2013-05-19 17:38 - 00000000 ____A C:\Windows\setuperr.log
2013-05-19 16:38 - 2013-05-06 10:20 - 00000000 ____D C:\Users\KC\AppData\Roaming\2XClient
2013-05-19 16:14 - 2013-05-19 16:14 - 00021005 ____A C:\ComboFix.txt
2013-05-19 16:14 - 2013-05-19 12:00 - 00000000 ____D C:\Qoobox
2013-05-19 16:11 - 2006-11-02 05:23 - 00000215 ____A C:\Windows\system.ini
2013-05-19 15:55 - 2013-05-18 21:09 - 00000000 ____D C:\Windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-05-19 15:46 - 2006-11-02 06:18 - 00000000 __RHD C:\users\Default
2013-05-19 15:46 - 2006-11-02 06:18 - 00000000 ___RD C:\users\Public
2013-05-19 15:44 - 2013-05-19 11:56 - 00000000 ____D C:\Windows\erdnt
2013-05-19 15:42 - 2012-10-27 12:21 - 00000000 ___RD C:\Users\KC\Dropbox
2013-05-19 15:42 - 2012-10-27 12:14 - 00000000 ____D C:\Users\KC\AppData\Roaming\Dropbox
2013-05-19 15:40 - 2010-03-24 09:26 - 00000000 ____D C:\Users\KC\AppData\Roaming\WTablet
2013-05-19 12:53 - 2013-05-19 12:51 - 02423304 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-19 12:51 - 2013-05-19 12:51 - 00000552 ____A C:\Windows\PFRO.log
2013-05-19 12:51 - 2010-03-25 16:23 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-05-19 12:51 - 2006-11-02 08:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-19 12:50 - 2006-11-02 08:01 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-19 12:50 - 2006-11-02 05:22 - 41680896 ____A C:\Windows\System32\config\COMPON~3.bak
2013-05-19 12:50 - 2006-11-02 05:22 - 22544384 ____A C:\Windows\System32\config\system.bak
2013-05-19 12:50 - 2006-11-02 05:22 - 106430464 ____A C:\Windows\System32\config\software.bak
2013-05-19 12:50 - 2006-11-02 05:22 - 02883584 ____A C:\Windows\System32\config\default.bak
2013-05-19 12:50 - 2006-11-02 05:22 - 00262144 ____A C:\Windows\System32\config\security.bak
2013-05-19 12:50 - 2006-11-02 05:22 - 00262144 ____A C:\Windows\System32\config\sam.bak
2013-05-19 12:49 - 2013-05-19 12:39 - 00000000 ___AD C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ
2013-05-19 12:38 - 2013-05-19 11:07 - 00000000 ___AD C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ
2013-05-19 11:19 - 2013-05-19 11:19 - 00135520 ____A C:\Users\KC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-19 11:04 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\System32\LogFiles
2013-05-19 10:36 - 2013-05-19 10:36 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-05-18 21:37 - 2013-05-18 21:37 - 00001137 ____A C:\Users\Public\Desktop\Norton Security Scan.LNK
2013-05-18 21:37 - 2013-05-18 21:37 - 00000434 ___AH C:\Windows\Tasks\Norton Security Scan for KC.job
2013-05-18 21:37 - 2013-05-18 21:37 - 00000000 ____D C:\Windows\System32\Drivers\NSS
2013-05-18 21:37 - 2013-05-18 21:37 - 00000000 ____D C:\Program Files\Norton Security Scan
2013-05-18 21:37 - 2009-04-22 09:01 - 00000000 ____D C:\ProgramData\Symantec
2013-05-18 21:37 - 2009-04-22 09:01 - 00000000 ____D C:\ProgramData\Norton
2013-05-18 21:36 - 2013-05-18 21:36 - 00549000 ____A (Symantec) C:\Users\KC\Downloads\Setup (1).exe
2013-05-18 21:35 - 2009-11-21 15:08 - 00000000 ____D C:\Windows\Minidump
2013-05-18 21:35 - 2009-04-22 09:08 - 00000000 ____D C:\Windows\panther
2013-05-18 21:09 - 2013-05-18 21:09 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-05-18 21:09 - 2013-05-18 21:09 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-05-18 21:08 - 2013-05-18 21:08 - 00728960 ____A (Enigma Software Group USA, LLC.) C:\Users\KC\Downloads\SpyHunter-Installer.exe
2013-05-18 21:06 - 2013-05-18 21:06 - 00305422 ____A C:\Users\KC\Documents\cc_20130518_210642.reg
2013-05-18 21:06 - 2011-01-26 14:29 - 00002243 ____A C:\Windows\epplauncher.mif
2013-05-18 21:05 - 2013-05-18 21:05 - 11091432 ____A (Microsoft Corporation) C:\Users\KC\Downloads\mseinstall.exe
2013-05-18 20:57 - 2013-05-18 20:56 - 00000000 ____D C:\Program Files\CCleaner
2013-05-18 20:56 - 2013-05-18 20:56 - 04316280 ____A (Piriform Ltd) C:\Users\KC\Downloads\ccsetup400.exe
2013-05-18 20:56 - 2013-05-18 20:56 - 00000804 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-05-18 20:54 - 2013-05-18 20:53 - 00000000 ____D C:\Users\KC\AppData\Roaming\QuickScan
2013-05-18 20:44 - 2013-05-17 18:30 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-05-16 18:45 - 2009-11-10 18:17 - 00013831 ____A C:\Users\KC\Documents\vendor list.xlsx
2013-05-16 18:39 - 2010-04-19 12:04 - 02963804 ____A C:\Users\KC\Documents\Corner Optical Trending.xlsx
2013-05-16 03:56 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-16 03:16 - 2009-04-22 09:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-16 03:03 - 2006-11-02 05:24 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-15 13:08 - 2012-04-12 10:12 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-15 13:08 - 2011-05-16 09:55 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-14 13:14 - 2013-05-14 13:14 - 00000000 ____D C:\Program Files\Pandora
2013-05-14 13:14 - 2009-11-30 23:46 - 00000738 ____A C:\Users\Public\Desktop\Pandora.lnk
2013-05-12 18:50 - 2009-08-28 09:32 - 00000052 ____A C:\Windows\System32\DOErrors.log
2013-05-11 14:58 - 2010-06-27 12:18 - 00580907 ____A C:\Users\KC\Documents\QB POS V8 Inventory Items Export.xls
2013-05-09 11:17 - 2010-11-08 20:49 - 00000000 ____D C:\Users\KC\AppData\Roaming\Mozilla
2013-05-09 10:32 - 2012-09-14 13:26 - 00000000 ____D C:\Users\KC\Documents\Sharon Docs
2013-05-09 03:59 - 2013-05-20 08:10 - 00765736 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-09 03:59 - 2013-05-20 08:10 - 00368944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-09 03:59 - 2013-05-20 08:10 - 00174664 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-09 03:59 - 2013-05-20 08:10 - 00066336 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-09 03:59 - 2013-05-20 08:10 - 00056080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-09 03:59 - 2013-05-20 08:10 - 00049760 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2013-05-09 03:59 - 2013-05-20 08:10 - 00049376 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-09 03:59 - 2013-05-20 08:10 - 00029816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-09 03:58 - 2013-05-20 08:10 - 00229648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-09 03:58 - 2013-05-20 08:09 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-08 14:01 - 2013-05-08 14:01 - 00000000 ____D C:\Users\KC\Documents\2XPDFStore
2013-05-08 14:00 - 2013-05-08 13:58 - 00000000 ____D C:\Users\KC\2XJava
2013-05-06 10:19 - 2013-05-06 10:19 - 00001569 ____A C:\Users\Public\Desktop\MVE Cloud.lnk
2013-05-06 10:19 - 2013-05-06 10:19 - 00000000 ____D C:\Program Files\MVE Cloud
2013-05-05 14:25 - 2013-05-16 03:15 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 14:12 - 2013-05-16 03:15 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-03 16:48 - 2013-05-03 16:48 - 00013573 ____A C:\Users\KC\Downloads\LENS PRICES COMPARATIVE 2013.xlsx
2013-05-03 16:39 - 2013-05-03 16:39 - 00013598 ____A C:\Users\KC\Downloads\LENS PRICES 2013.xlsx
2013-05-02 19:17 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-05-02 19:16 - 2006-11-02 05:22 - 41418752 ____A C:\Windows\System32\config\components_previous
2013-05-02 19:16 - 2006-11-02 05:22 - 22544384 ____A C:\Windows\System32\config\system_previous
2013-05-02 19:16 - 2006-11-02 05:22 - 100925440 ____A C:\Windows\System32\config\software_previous
2013-05-02 19:16 - 2006-11-02 05:22 - 02883584 ____A C:\Windows\System32\config\default_previous
2013-05-02 19:16 - 2006-11-02 05:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-05-02 19:16 - 2006-11-02 05:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2013-05-02 19:15 - 2010-08-31 17:21 - 00000000 ____D C:\Users\Public\Downloads\mojoportal
2013-05-02 19:15 - 2009-08-28 10:57 - 00000000 ____D C:\users\QBDataServiceUser19
2013-05-02 19:15 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\System32\spool
2013-05-02 19:14 - 2009-08-11 14:53 - 00000000 ____D C:\ProgramData\SQL Anywhere 10
2013-05-02 19:13 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration
2013-05-02 14:37 - 2012-11-14 11:47 - 00000000 ____D C:\Windows\pss
2013-05-02 14:22 - 2013-05-02 14:22 - 02040832 ____A C:\Users\KC\Downloads\WindowsVistaGroupPolicySettings.htm
2013-05-02 10:28 - 2009-10-07 11:01 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-30 17:53 - 2009-10-28 11:35 - 00001710 ___AH C:\Users\KC\Documents\Default.rdp
2013-04-30 16:43 - 2009-04-22 08:59 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-04-30 16:40 - 2013-04-30 16:40 - 00000000 ____D C:\Program Files\Ericom Software
2013-04-30 16:31 - 2010-11-08 20:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-04-30 13:08 - 2013-04-30 13:08 - 00589016 ____A C:\Users\KC\Downloads\remotedesktop_vista_sp1 (1).zip
2013-04-30 12:12 - 2009-11-30 23:45 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-04-30 10:19 - 2013-04-30 10:19 - 00000519 ____A C:\Users\KC\Downloads\DefaultHosts.zip
2013-04-29 17:25 - 2013-04-29 17:25 - 05487016 ____A (Microsoft Corporation) C:\Users\KC\Downloads\Windows8-UpgradeAssistant.exe
2013-04-29 16:37 - 2011-11-20 16:16 - 00000310 ____A C:\Windows\Tasks\HPCeeScheduleForKC.job
2013-04-29 14:32 - 2013-04-29 14:32 - 00182923 ____A C:\Users\KC\Desktop\termsrv.zip
2013-04-29 14:32 - 2013-04-29 14:32 - 00000000 ____D C:\Users\KC\Desktop\termsrv
2013-04-29 14:03 - 2013-04-29 14:03 - 00585178 ____A C:\Users\KC\Desktop\rdp-x64-x86-sp2.zip
2013-04-29 13:48 - 2013-04-29 13:48 - 00000000 ____D C:\Users\KC\Desktop\rdp-x64-x86-sp2
2013-04-29 13:46 - 2013-04-29 13:45 - 00589016 ____A C:\Users\KC\Downloads\remotedesktop_vista_sp1.zip
2013-04-29 13:40 - 2009-08-13 19:31 - 00002657 ____A C:\Users\Public\Desktop\QuickBooks Point of Sale 8.0.lnk
2013-04-25 16:58 - 2011-06-07 12:51 - 00000000 ____D C:\Users\KC\Documents\Claims
2013-04-24 15:43 - 2013-04-24 15:43 - 00000087 ____A C:\Windows\SSOVO.INI
2013-04-24 15:35 - 2012-08-05 18:20 - 00000000 ___RD C:\Program Files\Skype
2013-04-24 15:35 - 2012-08-05 18:20 - 00000000 ____D C:\ProgramData\Skype
2013-04-23 16:45 - 2011-06-01 14:45 - 00000742 ____A C:\Users\KC\Desktop\1500SoftPro.lnk
2013-04-22 12:30 - 2010-07-01 14:48 - 00338191 ____A C:\Users\KC\Documents\QB POS V8 Customers Export.xls

Other Malware:
===========
C:\ProgramData\DVD.exe
C:\ProgramData\Karaoke.exe
C:\ProgramData\MobileTV.exe
C:\ProgramData\MPV.exe
C:\Users\KC\gotomypc_438.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-21 13:19

==================== End Of Log ============================



#4 kevincount

kevincount
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 22 May 2013 - 11:06 AM

The requested link

 

http://www.filedropper.com/log_4

 

 

The Attach report is below

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-05-2013 02
Ran by KC at 2013-05-22 09:32:53 Run:
Running from C:\Users\KC\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
2X Client (Version: 10.5.1308)
32 Bit HP CIO Components Installer (Version: 7.1.8)
6400_Help (Version: 1.00.0000)
6500_E709_eDocs (Version: 1.00.0000)
6500_E709_Help (Version: 1.00.0000)
6500_E709n (Version: 140.0.000.000)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
ACT! by Sage 2010 (Version: 12.0.0.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
AddThis Toolbar (Version: 1.514)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.6)
Adobe AIR (Version: 3.6.0.6090)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Community Help (Version: 3.2.1)
Adobe Community Help (Version: 3.2.1.650)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Drive CS4 (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Fonts All (Version: 2.0)
Adobe Illustrator 7.0
Adobe Illustrator 9.0 Tryout
Adobe Illustrator CS4 (Version: 14.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Player (Version: 1.8)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop 6.0 (Version: 6.0)
Adobe Photoshop Elements 9 (Version: 9.0.3.0)
Adobe Photoshop.com Inspiration Browser (Version: 3.07)
Adobe Reader X (10.1.5) (Version: 10.1.5)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Shockwave Player (Version: 11.0)
Adobe SVG Viewer 3.0 (Version:  3.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
ADOS Demo version 1.1 (Version: 1.1)
Akamai NetSession Interface Service
Amazon Kindle
Any Video Converter 3.2.3
AnyForm (Version: 5.0)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Artisteer 2 (Version: 2.4)
Artisteer 4 (Version: 4.0)
AT&T Unified Messaging
AT&T Yahoo! Browser Configuration
Atheros Driver Installation Program (Version: 9.0)
ATT-Management Agent (Version: )
Audible Download Manager (Version: 6.6.0.13)
avast! Free Antivirus (Version: 8.0.1489.0)
Avery Wizard 4.0 (Version: 4.0.103)
Bing Maps 3D (Version: 4.0.903.16005)
Bonjour (Version: 3.0.0.10)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 140.0.000.000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 140.0.213.000)
Carbonite Online Backup Setup (Version: 3.7.3)
CCleaner (Version: 4.00)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
CMS-1500 (5.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.58.1.0)
Connect (Version: 1.0.0.1)
Corel Painter Essentials 2 (Version: 4.0)
CT-S300 x32 v157 (Version: 2.00.0000)
CustomerResearchQFolder (Version: 1.00.0000)
CutePDF Writer 2.8
CyberLink DVD Suite (Version: 6.0.2203)
CyberLink YouCam (Version: 2.0.2328)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 140.0.213.000)
DeviceManagementQFolder (Version: 1.00.0000)
DHTML Editing Component (Version: 6.02.0001)
DocMgr (Version: 140.0.65.000)
DocProc (Version: 140.0.100.000)
DocProcQFolder (Version: 1.00.0000)
Dropbox (Version: 1.6.18)
DVI Remote Rx Entry
eChart Acuity version 2.04
Elements 9 Organizer (Version: 9.0)
Elements STI Installer (Version: 1.0)
ESU for Microsoft Vista (Version: 1.0.0)
eSupportQFolder (Version: 1.00.0000)
Excel Invoice Manager 2.21.1024 (Version: 2.21.1024)
Facebook Plug-In
Fax (Version: 140.0.213.000)
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
FileMaker Pro 12 (Version: 12.0.2.0)
FitLive 1.3.00
GDR 1617 for SQL Server 2008 R2 (KB2494088) (Version: 10.50.1617.0)
Google Chrome (Version: 26.0.1410.64)
Google Chrome Frame (Version: 26.0.1410.64)
Google Drive (Version: 1.9.4536.8202)
Google Earth Plug-in (Version: 7.0.3.8542)
Google Talk Plugin (Version: 3.19.1.13088)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
GoToMeeting 4.8.0.723 (Version: 4.8.0.723)
GPBaseService (Version: 100.0.187.000)
GPBaseService2 (Version: 140.0.212.000)
HDAUDIO Soft Data Fax Modem with SmartCP
HP Active Support Library (Version: 3.1.9.1)
HP Color LaserJet CP2020 Series 1.0 (Version: 1.0)
HP Customer Experience Enhancements (Version: 5.7.0.2664)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Doc Viewer (Version: 1.03.0001)
HP Document Manager 2.0 (Version: 2.0)
HP DVD Play 3.7 (Version: 3.7.0.6310)
HP Games (Version: 1.0.0.80)
HP Help and Support (Version: 2.1.3.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet 6500 E709 Series (Version: 14.0)
HP Officejet 6500 E710n-z Basic Device Software (Version: 22.50.231.0)
HP Officejet 6500 E710n-z Help (Version: 140.0.2.2)
HP Officejet J6400 Series (Version: 1.0)
HP Officejet Pro 8600 Basic Device Software (Version: 28.0.1315.0)
HP Officejet Pro 8600 Help (Version: 28.0.0)
HP Officejet Pro 8600 Product Improvement Study (Version: 28.0.1315.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Print View Software
HP Print View Software (Version: 1.8.0.7)
HP Product Detection (Version: 10.7.9.0)
HP Quick Launch Buttons 6.40 H2 (Version: 6.40 H2)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Total Care Advisor (Version: 2.4.4941.2798)
HP Total Care Setup (Version: 1.1.1983.2818)
HP Update (Version: 5.003.003.001)
HP User Guides 0118 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.00 K2)
HPAsset component for HP Active Support Library (Version: 3.0.1.0)
HPDiagnosticAlert (Version: 1.00.0000)
HPNetworkAssistant (Version: 1.1.70)
hppFonts (Version: 001.001.00061)
hppManualsCP2020 (Version: 001.000.00142)
hppPQVideoCP2020 (Version: 001.000.00148)
HPProductAssistant (Version: 140.0.213.000)
hppTLBXFXCP2020 (Version: 001.012.00091)
HPSSupply (Version: 140.0.212.000)
hpzTLBXFX (Version: 004.012.00146)
I.R.I.S. OCR (Version: 12.3.4.0)
iCloud (Version: 2.1.2.8)
ieSpell (Version: 2.6.4 (build 573))
Intel® Graphics Media Accelerator Driver
Intuit SiteBuilder
iPhone Configuration Utility (Version: 2.1.0.163)
iTunes (Version: 11.0.2.26)
J6400 (Version: 50.0.165.000)
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Java Auto Updater (Version: 2.0.7.1)
Java Media Framework 2.1.1e
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 6 Update 7 (Version: 1.6.0.70)
Jawbone Updater (Version: 0.1)
join.me (Version: 1.3.1.429)
Juno Preloader (Version: 1.0.0)
kuler (Version: 2.0)
Labeler (Version: 6.0)
LabelPrint (Version: 2.5.0926)
LightScribe System Software  1.14.17.1 (Version: 1.14.17.1)
LightScribe Template Labeler (Version: 1.18.15.1)
LionClock 2011 (Version: 4.54)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Market Samurai (Version: 0.87.87)
MarketResearch (Version: 140.0.214.000)
Med Claim
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft IntelliPoint 7.0 (Version: 7.0.260.0)
Microsoft IntelliType Pro 7.0 (Version: 7.0.260.0)
Microsoft Live Search Toolbar (Version: 3.0.541.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.191)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher 2007 Trial (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK (Version: 4.0.50826.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (_OPTEK) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Express Edition (ACT7) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Native Client (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 Policies (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.51.2500.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0)
Microsoft SQL Server Browser (Version: 10.51.2500.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (Version: 10.1.2512.8)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server System CLR Types (Version: 10.50.1750.9)
Microsoft SQL Server VSS Writer (Version: 10.51.2500.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.35191)
Microsoft Visual Web Developer 2010 Express - ENU (Version: 10.0.40219)
Microsoft Web Platform Installer 2.0 (Version: 2.1.1)
Microsoft Works (Version: 9.7.0621)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
muvee Reveal (Version: 7.0.35.6951)
NetWaiting (Version: 2.5.52)
Network (Version: 140.0.215.000)
NetZero Preloader (Version: 1.0.0)
Norton Internet Security (Version: 16.0.0.125)
Norton Security Scan (Version: 4.0.0.48)
NVIDIA Drivers
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Opera 12.14 (Version: 12.14.1738)
Optical Analysis
OpticalOnline 2.0
Optronics VisionWeb Trace Server (Version: 1.10)
Pandora (Version: 2.0.8)
PDF Settings CS4 (Version: 9.0)
Photoshop Camera Raw (Version: 5.0)
Picasa 3 (Version: 3.8)
PocketCloud Windows Companion (Version: 2.5.13)
Power2Go (Version: 6.0.2202)
PowerDirector (Version: 7.0.2201)
ProductContext (Version: 140.0.000.000)
ProductContext (Version: 50.0.165.000)
PSSWCORE (Version: 2.02.0000)
QuickBooks (Version: 19.0.4014.705)
QuickBooks Point of Sale 8.0 (Version: 19.13.916)
QuickBooks Premier: Accountant Edition 2009 (Version: 19.0.4014.705)
QuickTime (Version: 7.73.80.64)
Ray-Ban Rare Prints screensaver Screensaver
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek USB 2.0 Card Reader (Version: 6.0.6000.20133)
RealUpgrade 1.1 (Version: 1.1.0)
Safari (Version: 5.34.57.2)
Scan (Version: 140.0.167.000)
Sehen Erleben (Version: 2.00.0002)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (Version: 10.51.2500.0)
SHAW Lens Designer 1.50.2 (Version: 1.50.2)
Shop for HP Supplies (Version: 14.0)
Skype Click to Call (Version: 6.8.12323)
Skype™ 5.10 (Version: 5.10.116)
SmarterMail Sync for Outlook 2003 and above (Version: 1.0)
SmartFTP Client (Version: 4.0.1138.0)
SmartFTP Client 4.0 Setup Files (remove only) (Version: 4.0)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.214.000)
Sony Sound Forge Audio Studio 9.0 (Version: 9.0.146)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spotify (Version: 0.8.5.1333.g822e0de8)
SPX Art Kids Screensaver
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1)
SQL Server 2008 R2 Management Studio (Version: 10.50.1600.1)
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)
Status (Version: 140.0.256.000)
StuffIt Expander 2010 (Version: 14.0.0)
Suite Shared Configuration CS4 (Version: 1.0)
SupportSoft Assisted Service (Version: 15)
Synaptics Pointing Device Driver (Version: 11.1.3.0)
System Requirements Lab for Intel (Version: 4.4.16.0)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.213.000)
UnloadSupport (Version: 11.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01 (Version: 100.0.128.000)
Virtual City (Version: 2.2.0.90)
Visual Lab Pro
Visual Lab Pro/Calc
Visual Studio 2005 Tools for Office Second Edition Runtime
WCF RIA Services V1.0 SP1 (Version: 4.1.60114.0)
Web Deployment Tool (Version: 1.1.0618)
WebEx
WebReg (Version: 140.0.213.017)
WebTablet IE Plugin (Version: 1.1.0.4)
WebTablet Netscape Plugin (Version: 1.1.0.3)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports  (11/15/2007 5.1.2600.0) (Version: 11/15/2007 5.1.2600.0)
Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02) (Version: 03/30/2010 2.06.02)
Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0) (Version: 11/15/2007 5.1.2600.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinLens3D Basic
WinRAR archiver
WinZip 14.0 (Version: 14.0.8652)
Yahoo! Detect

==================== Restore Points  =========================

07-05-2013 00:31:17 Windows Update
11-05-2013 00:31:27 Windows Update
14-05-2013 00:03:28 Scheduled Checkpoint
16-05-2013 08:00:19 Windows Update
17-05-2013 05:00:04 Scheduled Checkpoint
19-05-2013 19:04:55 Scheduled Checkpoint
19-05-2013 20:54:10 Removed SpyHunter
20-05-2013 13:08:22 avast! Free Antivirus Setup

==================== Faulty Device Manager Devices =============

Name: Officejet 6500 E710n-z
Description: Officejet 6500 E710n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2013 08:57:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43667020

Error: (05/22/2013 08:57:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 43667020

Error: (05/22/2013 08:57:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/22/2013 08:57:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43663151

Error: (05/22/2013 08:57:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 43663151

Error: (05/22/2013 08:57:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/22/2013 08:57:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43661778

Error: (05/22/2013 08:57:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 43661778

Error: (05/22/2013 08:57:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/22/2013 08:57:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43660718

System errors:
=============
Error: (05/22/2013 08:58:25 AM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (05/19/2013 04:11:18 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (05/19/2013 04:05:19 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (05/19/2013 03:55:12 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (05/19/2013 03:52:59 PM) (Source: Service Control Manager) (User: )
Description: XAudioService1

Error: (05/19/2013 03:52:50 PM) (Source: Service Control Manager) (User: )
Description: Skype C2C Service1

Error: (05/19/2013 03:52:50 PM) (Source: Service Control Manager) (User: )
Description: QuickBooksDB191

Error: (05/19/2013 03:52:50 PM) (Source: Service Control Manager) (User: )
Description: SpyHunter 4 Service1

Error: (05/19/2013 00:57:09 PM) (Source: LSM) (User: )
Description: Terminal Service start failed. The relevant status code was Error: 0xc004f012.

Error: (05/19/2013 00:54:13 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (05/09/2013 11:20:45 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2961 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/30/2013 11:51:50 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1803 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/30/2013 11:21:17 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 569 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/05/2013 10:00:55 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 81013 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (04/04/2013 11:30:35 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 175 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/04/2013 11:27:34 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3707 seconds with 1200 seconds of active time.  This session ended with a crash.

Error: (03/23/2013 09:24:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1028 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (03/20/2013 01:52:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 915 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (03/05/2013 00:25:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 86898 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (02/14/2013 04:35:19 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 232371 seconds with 540 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2013-05-22 09:32:27.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-22 09:32:26.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-22 09:32:26.050
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-22 09:32:25.341
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-19 22:15:56.332
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-19 22:15:55.670
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-19 22:15:55.125
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-19 22:15:54.552
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-19 22:15:54.014
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-19 22:15:53.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 3002.45 MB
Available physical RAM: 1383.63 MB
Total Pagefile: 6235.19 MB
Available Pagefile: 3914.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:287.17 GB) (Free:80.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Dec 10 2012) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:0.94 GB) (Free:0.76 GB) FAT
Drive g: () (Removable) (Total:7.39 GB) (Free:0.34 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1A127DC8)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 962 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=962 MB) - (Type=06)

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================



#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:01 AM

Posted 22 May 2013 - 01:43 PM

Hi,

 

 

Download file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


Regards,
Georgi


cXfZ4wS.png


#6 kevincount

kevincount
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 23 May 2013 - 11:48 AM

Report is below.  I did the manual reboot as the program requested.  Restart took longer than typical, also Explorer is no longer responding.  I can download with chrome now though.  System on a whole seems to be running slower.  
 
Hope the info helps.
 
Thank you for your support through this!
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-05-2013 02
Ran by KC at 2013-05-23 10:56:00 Run:2
Running from C:\Users\KC\Desktop
Boot Mode: Normal
 
==============================================
 
C:\Program Files\Microsoft Security Client => Deleting junctions completed successfully.
C:\Program Files\Windows Defender => Deleting junctions completed successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{83A5C533-9702-4876-BE37-6A946DB0A6E9} => Key deleted successfully.
HKCR\CLSID\{83A5C533-9702-4876-BE37-6A946DB0A6E9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{83A5C533-9702-4876-BE37-6A946DB0A6E9} => Key deleted successfully.
HKCR\CLSID\{83A5C533-9702-4876-BE37-6A946DB0A6E9} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9EBF8AAF-0A31-4786-909A-97A0EF101743} => Key deleted successfully.
HKCR\CLSID\{9EBF8AAF-0A31-4786-909A-97A0EF101743} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{B43176CC-4D9E-493B-A636-D9CBFE39C6DA} => Value deleted successfully.
HKCR\CLSID\{B43176CC-4D9E-493B-A636-D9CBFE39C6DA} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B43176CC-4D9E-493B-A636-D9CBFE39C6DA} => Value deleted successfully.
HKCR\CLSID\{B43176CC-4D9E-493B-A636-D9CBFE39C6DA} => Key not found.
catchme => Service deleted successfully.
mbr => Service deleted successfully.
 
 
The system needs a manual reboot. 
 
==== End of Fixlog ====


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:01 AM

Posted 23 May 2013 - 01:21 PM

Hi,

 

 

Please follow the instructions below:

 

  • Please download OTL from the link below:
  • Save it to your desktop/
  • Double click on the otlDesktopIcon.png icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.46625204.png
    - Under File Scans, change File age to 90
    - Change Standard Registry to All
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the customFix.png textbox.
  • Don't copy the word "quoted"

     

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\temp\*.exe
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Local\*.
    %USERPROFILE%\AppData\Local\temp\*.exe
    %USERPROFILE%\AppData\Roaming\*.*
    %USERPROFILE%\AppData\Roaming\*.
    %Public%\Documents\Fonts\*.exe
    %Public%\Documents\Config\*.exe
    %Public%\Documents\*.*
    %ProgramData%\*.*
    %ProgramData%\*.
    %CommonProgramFiles%\*.*
    %CommonProgramFiles%\ComObjects*.exe
    %commonprogramfiles(x86)%\*.*
    %ProgramFiles(x86)%\*.*
    %ProgramFiles(x86)%\*.
    %programdata%\Microsoft\Windows\DRM\*.tmp
    %programdata%\Microsoft\DRM\*.tmp
    %systemroot%\system32\config\systemprofile\AppData\Local\*.*
    %systemroot%\system32\config\systemprofile\AppData\Roaming\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.*
    %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb
    %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb
    %windir%\temp\*.exe
    %windir%\*.
    %windir%\installer\*.
    %windir%\system32\*.
    %windir%\sysnative\*.
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\syswow64\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\syswow64\drivers\*.sys /90
    %systemroot%\syswow64\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %SYSTEMDRIVE%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC\*.ini
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    %SystemRoot%\assembly\GAC_MSIL\*.ini
    wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /s
    HKEY_CLASSES_ROOT\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\Directory\Shellex\CopyHookHandlers\MSCopy /s
    HKEY_CURRENT_USER\Software\MSOLoad /s
    bcdedit /enum all /v >C:\boot.txt /c
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    consrv.dll
    services.exe
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    atapi.sys
    iaStor.sys
    serial.sys
    volsnap.sys
    disk.sys
    redbook.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    csc.sys
    tcpip.sys
    dfsc.sys
    hlp.dat
    str.sys
    crexv.ocx
    /md5stop
  • Push the runscanbutton.png button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

 

 

Regards,

Georgi


cXfZ4wS.png


#8 kevincount

kevincount
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 23 May 2013 - 02:58 PM

OTL.txt part one.
 
OTL logfile created on: 5/23/2013 1:38:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\KC\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.93 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 39.63% Memory free
6.08 Gb Paging File | 3.60 Gb Available in Paging File | 59.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 78.58 Gb Free Space | 27.36% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.82 Gb Free Space | 16.68% Space Free | Partition Type: NTFS
Drive E: | 136.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 961.33 Mb Total Space | 780.41 Mb Free Space | 81.18% Space Free | Partition Type: FAT
Drive G: | 7.39 Gb Total Space | 0.34 Gb Free Space | 4.57% Space Free | Partition Type: FAT32
 
Computer Name: CO-PC | User Name: KC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/23 13:35:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KC\Desktop\OTL.exe
PRC - [2013/05/14 13:14:10 | 000,142,336 | ---- | M] () -- C:\Program Files\Pandora\Pandora.exe
PRC - [2013/05/09 03:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/03 15:57:07 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/03/12 02:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\KC\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/12/28 17:44:02 | 002,736,864 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks Point of Sale 8.0\DatabaseServer\QBPOSDBService.exe
PRC - [2012/12/18 09:28:26 | 000,825,560 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/12/18 07:28:10 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/05 16:06:00 | 000,935,312 | ---- | M] (Wyse Technology Inc.) -- C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
PRC - [2012/11/05 16:02:52 | 001,436,160 | ---- | M] (Wyse Technology.) -- C:\Program Files\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
PRC - [2012/11/05 16:01:14 | 000,191,488 | ---- | M] () -- C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
PRC - [2012/10/17 05:05:54 | 001,837,672 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
PRC - [2012/10/17 05:05:10 | 000,673,384 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
PRC - [2012/08/31 16:08:02 | 000,712,072 | ---- | M] (2X Software Ltd.) -- C:\Program Files\MVE Cloud\TUXCredProv.exe
PRC - [2011/12/22 08:48:12 | 000,984,936 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/12/22 07:31:08 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/09/30 04:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/03/08 15:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
PRC - [2009/10/01 03:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/08/18 18:55:56 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/06/13 20:34:12 | 000,136,496 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks Point of Sale 8.0\DatabaseServer\QBDBMgrN10.exe
PRC - [2008/02/08 09:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/16 03:45:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll
MOD - [2013/05/16 03:42:40 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll
MOD - [2013/05/14 13:14:10 | 000,142,336 | ---- | M] () -- C:\Program Files\Pandora\Pandora.exe
MOD - [2013/04/09 03:57:07 | 000,390,096 | ---- | M] () -- C:\Users\KC\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
MOD - [2013/04/09 03:57:05 | 004,050,896 | ---- | M] () -- C:\Users\KC\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 03:56:15 | 000,598,480 | ---- | M] () -- C:\Users\KC\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 03:56:14 | 000,124,368 | ---- | M] () -- C:\Users\KC\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 03:56:13 | 001,606,096 | ---- | M] () -- C:\Users\KC\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/01/10 05:12:52 | 000,447,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9cb358ccfff52108c71cda635a0b01de\UIAutomationClient.ni.dll
MOD - [2013/01/10 04:54:30 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/01/10 04:53:55 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013/01/10 04:52:38 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/01/10 04:52:31 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012/12/18 09:28:24 | 002,897,640 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2012/11/05 15:59:56 | 000,056,832 | ---- | M] () -- C:\Program Files\Wyse\PocketCloud Windows Companion\ServerNetworkInterface.dll
MOD - [2012/11/05 15:59:16 | 000,058,880 | ---- | M] () -- C:\Program Files\Wyse\PocketCloud Windows Companion\WyseWebServerLib.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/05/15 13:08:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/04/20 14:02:09 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/29 13:51:30 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/28 17:44:02 | 002,736,864 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Intuit\QuickBooks Point of Sale 8.0\DatabaseServer\QBPOSDBService.exe -- (QBPOSDBServiceV8)
SRV - [2012/12/18 07:28:10 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/05 16:02:52 | 001,436,160 | ---- | M] (Wyse Technology.) [Auto | Running] -- C:\Program Files\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe -- (WyseRemoteAccess)
SRV - [2012/11/05 16:01:14 | 000,191,488 | ---- | M] () [Auto | Running] -- C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe -- (WysePocketCloud)
SRV - [2012/08/31 16:08:02 | 000,712,072 | ---- | M] () [Auto | Running] -- C:\Program Files\MVE Cloud\\TUXCredProv.exe -- (2X SSO Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/22 07:31:08 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/11/16 11:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/09/30 04:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/03/08 15:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2010/01/19 17:49:14 | 000,055,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2009/11/17 13:52:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/01 03:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe -- (QuickBooksDB19)
SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/08/18 18:55:56 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/07/29 11:26:38 | 000,020,480 | ---- | M] (Intuit, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Entitlement Client\v5.3\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe -- (Intuit Entitlement Service v5.3)
SRV - [2008/02/08 09:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/05/09 03:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/09 03:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 03:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 03:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 03:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 03:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 03:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 03:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/06/17 21:28:18 | 000,240,736 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0151.sys -- (RsFx0151)
DRV - [2010/09/26 21:13:10 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2010/02/02 15:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/02 15:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/01/24 14:32:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/09/21 15:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/09/02 04:09:24 | 000,176,128 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/05/08 20:14:21 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/10/03 04:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/07/29 05:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2008/06/29 09:52:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {A23B6865-91F4-4D89-B386-7D1A3EFEF156}
IE - HKLM\..\SearchScopes\{A23B6865-91F4-4D89-B386-7D1A3EFEF156}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en/
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\..\SearchScopes,DefaultScope = {018D5425-4862-4922-B326-5BAE82700E5B}
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\..\SearchScopes\{018D5425-4862-4922-B326-5BAE82700E5B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\..\SearchScopes\{A23B6865-91F4-4D89-B386-7D1A3EFEF156}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1002\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.14
FF - prefs.js..extensions.enabledAddons: rankchecker@seobook.com:1.8.24
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.4
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:15.0.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.22
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/05/11 14:30:59 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\KC\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\KC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\KC\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\KC\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\KC\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\KC\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/27 18:35:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/10 12:35:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/01/11 12:42:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/05/02 19:14:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/20 08:10:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/20 14:02:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/04 11:36:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/10 12:35:21 | 000,000,000 | ---D | M]
 
[2010/11/08 20:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KC\AppData\Roaming\mozilla\Extensions
[2010/11/08 20:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KC\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/05/03 17:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KC\AppData\Roaming\mozilla\Firefox\Profiles\0yizqsi0.default\extensions
[2013/03/06 15:12:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\KC\AppData\Roaming\mozilla\Firefox\Profiles\0yizqsi0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/04/30 16:31:11 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\KC\AppData\Roaming\mozilla\firefox\profiles\0yizqsi0.default\extensions\firebug@software.joehewitt.com.xpi
[2013/05/03 17:04:26 | 000,158,969 | ---- | M] () (No name found) -- C:\Users\KC\AppData\Roaming\mozilla\firefox\profiles\0yizqsi0.default\extensions\rankchecker@seobook.com.xpi
[2012/02/29 11:31:46 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\KC\AppData\Roaming\mozilla\firefox\profiles\0yizqsi0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/03/06 15:12:07 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\KC\AppData\Roaming\mozilla\firefox\profiles\0yizqsi0.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2013/05/03 17:04:27 | 001,360,815 | ---- | M] () (No name found) -- C:\Users\KC\AppData\Roaming\mozilla\firefox\profiles\0yizqsi0.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/04/29 16:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/24 15:35:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/20 14:02:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/24 15:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/04/24 15:35:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/20 14:02:11 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2012/04/01 18:24:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2013/02/15 17:31:48 | 000,186,432 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2012/01/05 11:50:51 | 000,150,696 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2012/11/09 12:48:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2012/11/09 12:48:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2012/11/09 12:48:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2012/11/09 12:48:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2012/11/09 12:48:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2012/11/09 12:48:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2012/11/09 12:48:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2012/01/05 11:51:39 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2012/01/05 11:50:40 | 000,108,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2013/04/20 14:01:46 | 000,001,607 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2013/04/20 14:01:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/20 14:01:46 | 000,001,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2013/04/20 14:01:46 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2013/04/20 14:01:46 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2013/04/20 14:01:46 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2013/04/20 14:01:46 | 000,001,309 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\KC\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\KC\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\KC\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\KC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\KC\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: WPI Detector 1.1 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\KC\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: QR Creator = C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaephdgbinagkeepamlbkhkfbiaedabm\1.5_0\
CHR - Extension: Entanglement = C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Atari - Lunar Lander = C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aheampccjiggeiflpcjolbabpohbpclg\1.0_0\
CHR - Extension: From Dust = C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj\0.0.0.23_0\
CHR - Extension: Google Drive = C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Chrome Professional - Theme = C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhapfjmmbkceacadabpamlhofapnhhcd\1.3_0\
CHR - Extension: Cloud Book = C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flilccfmjckbfkglcjijgmghldnddocp\4_0\
CHR - Extension: Lord of Ultima = C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.12_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Poppit = C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Atari - Missile Command = C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobnopfjjndfekinfcddimnjbhjdgmbg\1.0_0\
 
O1 HOSTS File: ([2013/05/19 15:40:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PocketCloud Location] C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe (Wyse Technology Inc.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1796131044-1765537854-2342951633-1001..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-1796131044-1765537854-2342951633-1001..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1796131044-1765537854-2342951633-1002..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-1796131044-1765537854-2342951633-1002..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\KC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X Client.lnk = C:\Program Files\MVE Cloud\APPServerClient.exe (2X Software Ltd.)
O4 - Startup: C:\Users\KC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\KC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\KC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1796131044-1765537854-2342951633-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1796131044-1765537854-2342951633-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1796131044-1765537854-2342951633-1001\..Trusted Ranges: Range1 ([http] in )
O15 - HKU\S-1-5-21-1796131044-1765537854-2342951633-1002\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://wt4.viewnetcam.com:5003/bl_camera.cab (Bl_camera Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab (SysInfo Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://iot.webex.com/client/T27LC/webex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71D7380C-1BB7-469C-80F9-B70A1721A4A0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F95850BD-1172-4D4C-AE89-DAD895110F34}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Windows\System32\QBPOSProtocol.dll (Intuit Inc.)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\KC\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\KC\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\TSpkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe - (Audible, Inc.)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Act! Preloader - hkey= - key= - C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
MsConfig - StartUpReg: Act.Outlook.Service - hkey= - key= - C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: CarboniteSetupLite - hkey= - key= - C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: HP Health Check Scheduler - hkey= - key= - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: IntelliPoint - hkey= - key= - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: itype - hkey= - key= - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: QPService - hkey= - key= - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {38DC9877-C3DA-FE57-1A16-63A1D00C85C4} - Browser Customizations
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7833E832-B004-5A5F-7ED0-C0D1EE41740A} - Browser Customizations
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\System32\Adobe
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll ()
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/05/23 13:35:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\KC\Desktop\OTL.exe
[2013/05/23 11:14:00 | 000,000,000 | ---D | C] -- C:\Users\KC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2X Remote Desktops & Applications
[2013/05/22 09:31:26 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/22 09:30:41 | 001,318,319 | ---- | C] (Farbar) -- C:\Users\KC\Desktop\FRST.exe
[2013/05/22 09:08:23 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\junction.exe
[2013/05/22 09:04:57 | 000,000,000 | ---D | C] -- C:\Users\KC\Desktop\Bleeping computers.com reports
[2013/05/22 08:59:33 | 000,000,000 | ---D | C] -- C:\Users\KC\Desktop\RK_Quarantine
[2013/05/20 09:12:34 | 000,000,000 | --SD | C] -- C:\Users\KC\Google Drive
[2013/05/20 08:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/05/20 08:10:53 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/05/20 08:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/05/20 08:10:52 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/05/20 08:10:48 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/05/20 08:10:47 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/05/20 08:10:46 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/05/20 08:10:37 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/05/20 08:10:36 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/05/20 08:09:32 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/20 08:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/05/20 08:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/05/19 17:39:36 | 000,000,000 | ---D | C] -- C:\Users\KC\AppData\Roaming\Malwarebytes
[2013/05/19 17:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/19 17:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/19 17:38:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/19 17:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/19 16:13:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/19 12:39:06 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ
[2013/05/19 12:01:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/19 12:01:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/19 12:01:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/19 12:00:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/19 11:56:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/19 11:07:41 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ
[2013/05/19 10:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/05/18 21:37:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2013/05/18 21:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2013/05/18 21:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2013/05/18 21:37:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0400000.030
[2013/05/18 21:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/05/18 21:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/05/18 21:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/05/18 20:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/05/18 20:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/05/18 20:53:55 | 000,000,000 | ---D | C] -- C:\Users\KC\AppData\Roaming\QuickScan
[2013/05/17 18:30:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2013/05/16 03:15:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/16 03:01:13 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/16 03:01:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/16 03:01:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/16 03:01:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/16 03:01:12 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/16 03:01:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/16 03:01:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/15 03:41:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/15 03:41:26 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/05/14 13:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Pandora
[2013/05/08 14:01:16 | 000,000,000 | ---D | C] -- C:\Users\KC\Documents\2XPDFStore
[2013/05/08 13:58:37 | 000,000,000 | ---D | C] -- C:\Users\KC\2XJava
[2013/05/06 10:20:16 | 000,000,000 | ---D | C] -- C:\Users\KC\AppData\Roaming\2XClient
[2013/05/06 10:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2X
[2013/05/06 10:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\MVE Cloud
[2013/04/30 16:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ericom Software
[2013/04/29 14:32:41 | 000,000,000 | ---D | C] -- C:\Users\KC\Desktop\termsrv
[2013/04/29 14:26:59 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Users\KC\Desktop\termsrv.dll
[2013/04/29 13:48:05 | 000,000,000 | ---D | C] -- C:\Users\KC\Desktop\rdp-x64-x86-sp2
[2013/04/20 14:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/04/20 14:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/04/18 14:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013/04/10 02:23:03 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/04/10 02:23:02 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/04/10 02:23:02 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/04/10 02:22:58 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/04/06 14:04:50 | 000,000,000 | ---D | C] -- C:\Users\KC\AppData\Roaming\RealNetworks
[2013/04/05 10:53:49 | 000,000,000 | ---D | C] -- C:\Users\KC\Documents\Articles
[2013/04/04 10:54:45 | 000,000,000 | ---D | C] -- C:\Users\KC\Documents\New Folder (3)
[2013/03/22 04:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/21 13:42:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/11 18:18:07 | 000,000,000 | ---D | C] -- C:\Users\KC\AppData\Roaming\ieSpell
[2013/03/08 11:17:54 | 000,000,000 | ---D | C] -- C:\Users\KC\AppData\Roaming\Opera
[2013/03/08 11:17:54 | 000,000,000 | ---D | C] -- C:\Users\KC\AppData\Local\Opera
[2013/03/08 11:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2013/03/07 14:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qioptiq
[2013/03/07 14:39:47 | 000,282,624 | ---- | C] (Virtual Media Technology Pty Ltd) -- C:\Windows\System32\hdk3ctnt.dll
[2013/03/07 14:39:47 | 000,184,320 | ---- | C] (Virtual Media Technology P/L) -- C:\Windows\System32\hdk3anim.dll
[2013/03/07 14:39:47 | 000,057,880 | ---- | C] (Outrider Systems, Inc.) -- C:\Windows\System32\spin32.ocx
[2013/03/07 14:39:47 | 000,040,960 | ---- | C] (Virtual Media Technology P/L) -- C:\Windows\System32\hdk3html.dll
[2013/03/07 14:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Qioptiq
[2013/03/01 13:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/03/01 13:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/03/01 13:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/26 17:52:40 | 000,000,000 | ---D | C] -- C:\Users\KC\AppData\Local\Macromedia
[2013/02/25 12:38:04 | 000,580,712 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\HPDiscoPM5912.dll
[2010/10/08 11:37:34 | 021,046,160 | ---- | C] (Sage Software                                                ) -- C:\Users\KC\AppData\Roaming\ACT1200HotFix_SS.exe
[2010/09/25 13:54:36 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\KC\gotomypc_438.exe
[2010/07/17 12:59:07 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2010/07/17 12:59:07 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2010/07/17 12:59:07 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2010/07/17 12:59:06 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2013/05/23 13:35:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KC\Desktop\OTL.exe
[2013/05/23 13:20:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1796131044-1765537854-2342951633-1000UA.job
[2013/05/23 13:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/23 13:07:27 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 13:07:27 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 13:03:17 | 000,372,911 | ---- | M] () -- C:\Users\KC\Documents\CO dispencing desk.pdf
[2013/05/23 13:02:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/23 11:12:54 | 000,001,772 | ---- | M] () -- C:\Users\KC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X Client.lnk
[2013/05/23 11:08:22 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/23 11:07:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/23 11:07:20 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/23 09:20:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1796131044-1765537854-2342951633-1000Core.job
[2013/05/22 09:11:20 | 000,000,142 | ---- | M] () -- C:\Users\KC\Desktop\Fix.bat
[2013/05/21 21:10:24 | 001,318,319 | ---- | M] (Farbar) -- C:\Users\KC\Desktop\FRST.exe
[2013/05/20 11:52:27 | 000,913,252 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/20 11:52:27 | 000,219,348 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/20 09:12:39 | 000,001,489 | ---- | M] () -- C:\Users\KC\Desktop\Google Drive.lnk
[2013/05/20 08:10:54 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/05/20 08:10:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/05/19 17:38:56 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/19 15:40:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/19 12:53:24 | 002,423,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/18 21:37:42 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for KC.job
[2013/05/18 21:37:40 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.LNK
[2013/05/18 21:06:54 | 000,305,422 | ---- | M] () -- C:\Users\KC\Documents\cc_20130518_210642.reg
[2013/05/18 21:06:32 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/05/18 20:56:53 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/05/15 13:08:38 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/15 13:08:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/14 13:14:14 | 000,000,738 | ---- | M] () -- C:\Users\Public\Desktop\Pandora.lnk
[2013/05/09 03:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/05/09 03:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/05/09 03:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/05/09 03:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/05/09 03:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/05/09 03:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/05/09 03:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/05/09 03:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/05/09 03:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/09 03:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/05/06 10:19:36 | 000,001,569 | ---- | M] () -- C:\Users\Public\Desktop\MVE Cloud.lnk
[2013/05/05 14:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/02 10:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/04/30 17:53:27 | 000,001,710 | -H-- | M] () -- C:\Users\KC\Documents\Default.rdp
[2013/04/29 16:37:12 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKC.job
[2013/04/29 14:32:25 | 000,182,923 | ---- | M] () -- C:\Users\KC\Desktop\termsrv.zip
[2013/04/29 14:03:55 | 000,585,178 | ---- | M] () -- C:\Users\KC\Desktop\rdp-x64-x86-sp2.zip
[2013/04/29 13:40:23 | 000,002,657 | ---- | M] () -- C:\Users\Public\Desktop\QuickBooks Point of Sale 8.0.lnk
[2013/04/24 15:43:27 | 000,000,087 | ---- | M] () -- C:\Windows\SSOVO.INI
[2013/04/23 16:45:55 | 000,000,766 | ---- | M] () -- C:\Users\KC\Application Data\Microsoft\Internet Explorer\Quick Launch\1500SoftPro.lnk
[2013/04/23 16:45:55 | 000,000,742 | ---- | M] () -- C:\Users\KC\Desktop\1500SoftPro.lnk
[2013/04/18 14:10:10 | 000,000,948 | ---- | M] () -- C:\Users\KC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/18 14:09:35 | 000,000,910 | ---- | M] () -- C:\Users\KC\Desktop\Dropbox.lnk
[2013/04/13 05:56:44 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/04/10 10:04:17 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/04/09 20:16:12 | 000,002,029 | ---- | M] () -- C:\Users\KC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/09 20:16:12 | 000,002,027 | ---- | M] () -- C:\Users\KC\Desktop\Google Chrome.lnk
[2013/04/08 20:36:18 | 002,049,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/04/08 17:18:23 | 000,000,327 | ---- | M] () -- C:\Users\KC\Documents\reprev.opt
[2013/04/08 09:40:50 | 000,000,938 | ---- | M] () -- C:\Users\KC\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2013/04/04 17:11:34 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/04/04 17:02:59 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/04/04 17:01:35 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/04 16:59:49 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/04 16:58:51 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/04/04 16:56:41 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/04 16:50:34 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/03 10:07:16 | 000,002,305 | ---- | M] () -- C:\Users\KC\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2013/04/02 11:03:19 | 000,569,468 | ---- | M] () -- C:\Users\KC\Documents\Divorce Invite open date 2.pdf
[2013/04/02 10:55:42 | 000,559,138 | ---- | M] () -- C:\Users\KC\Documents\Divorce Invite open date.pdf
[2013/04/02 10:55:19 | 000,384,000 | ---- | M] () -- C:\Users\KC\Documents\Divorce Invite 04 19 13.pub
[2013/04/02 10:42:18 | 000,186,215 | ---- | M] () -- C:\Users\KC\Desktop\Divorce Invite 04 19 13 (2)_Page_2.jpg
[2013/04/02 10:42:17 | 000,133,103 | ---- | M] () -- C:\Users\KC\Desktop\Divorce Invite 04 19 13 (2)_Page_1.jpg
[2013/04/02 10:40:01 | 000,530,461 | ---- | M] () -- C:\Users\KC\Desktop\Divorce Invite 04 19 13 (2).pdf
[2013/03/20 14:45:26 | 000,686,972 | ---- | M] () -- C:\Users\KC\Documents\Corner Optical Postcard 022912.pdf
[2013/03/20 13:42:28 | 000,002,664 | ---- | M] () -- C:\Users\KC\Documents\coaster dude.jpg
[2013/03/20 13:42:05 | 000,066,048 | ---- | M] () -- C:\Users\KC\Documents\coaster dude.pub
[2013/03/18 16:41:59 | 000,122,767 | ---- | M] () -- C:\Users\KC\Documents\Scan0002.pdf
[2013/03/15 10:39:56 | 000,114,036 | ---- | M] () -- C:\Users\KC\Documents\Scan0001.pdf
[2013/03/11 08:25:50 | 003,603,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/03/11 08:25:50 | 003,551,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/03/08 22:45:04 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/03/08 11:17:43 | 000,001,614 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2013/03/07 22:53:50 | 000,376,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/03/07 19:23:27 | 000,003,169 | ---- | M] () -- C:\Users\KC\Documents\wp-config.php
[2013/03/04 11:20:25 | 000,930,350 | ---- | M] () -- C:\Users\KC\Documents\Scan.pdf
[2013/03/01 13:14:56 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/28 06:56:25 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0400000.030\isolate.ini
[2013/02/25 12:37:59 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
[2013/02/25 12:37:59 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
[2013/02/25 12:30:54 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


#9 kevincount

kevincount
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 23 May 2013 - 03:00 PM

part two

 

 

========== Files Created - No Company Name ==========
 
[2013/05/23 13:03:17 | 000,372,911 | ---- | C] () -- C:\Users\KC\Documents\CO dispencing desk.pdf
[2013/05/22 09:11:20 | 000,000,142 | ---- | C] () -- C:\Users\KC\Desktop\Fix.bat
[2013/05/20 09:12:39 | 000,001,489 | ---- | C] () -- C:\Users\KC\Desktop\Google Drive.lnk
[2013/05/20 08:10:54 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/05/20 08:10:45 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/05/20 08:10:43 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/05/19 17:38:56 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/19 12:51:22 | 002,423,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/19 12:01:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/19 12:01:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/19 12:01:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/19 12:01:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/19 12:01:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/19 10:22:50 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/18 21:37:42 | 000,000,434 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for KC.job
[2013/05/18 21:37:40 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.LNK
[2013/05/18 21:37:33 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0400000.030\isolate.ini
[2013/05/18 21:06:45 | 000,305,422 | ---- | C] () -- C:\Users\KC\Documents\cc_20130518_210642.reg
[2013/05/18 20:56:53 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/05/06 10:20:17 | 000,001,772 | ---- | C] () -- C:\Users\KC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X Client.lnk
[2013/05/06 10:19:36 | 000,001,569 | ---- | C] () -- C:\Users\Public\Desktop\MVE Cloud.lnk
[2013/04/29 14:32:25 | 000,182,923 | ---- | C] () -- C:\Users\KC\Desktop\termsrv.zip
[2013/04/29 14:26:59 | 000,007,507 | ---- | C] () -- C:\Users\KC\Desktop\termonpremium.reg
[2013/04/29 14:26:59 | 000,002,394 | ---- | C] () -- C:\Users\KC\Desktop\premium.bat
[2013/04/29 14:26:59 | 000,002,312 | ---- | C] () -- C:\Users\KC\Desktop\Ultimate.bat
[2013/04/29 14:26:59 | 000,002,312 | ---- | C] () -- C:\Users\KC\Desktop\Buisness.bat
[2013/04/29 14:03:47 | 000,585,178 | ---- | C] () -- C:\Users\KC\Desktop\rdp-x64-x86-sp2.zip
[2013/04/24 15:43:27 | 000,000,087 | ---- | C] () -- C:\Windows\SSOVO.INI
[2013/04/10 10:04:16 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/04/02 10:56:18 | 000,569,468 | ---- | C] () -- C:\Users\KC\Documents\Divorce Invite open date 2.pdf
[2013/04/02 10:55:41 | 000,559,138 | ---- | C] () -- C:\Users\KC\Documents\Divorce Invite open date.pdf
[2013/04/02 10:55:19 | 000,384,000 | ---- | C] () -- C:\Users\KC\Documents\Divorce Invite 04 19 13.pub
[2013/04/02 10:42:17 | 000,186,215 | ---- | C] () -- C:\Users\KC\Desktop\Divorce Invite 04 19 13 (2)_Page_2.jpg
[2013/04/02 10:42:16 | 000,133,103 | ---- | C] () -- C:\Users\KC\Desktop\Divorce Invite 04 19 13 (2)_Page_1.jpg
[2013/04/02 10:40:01 | 000,530,461 | ---- | C] () -- C:\Users\KC\Desktop\Divorce Invite 04 19 13 (2).pdf
[2013/03/20 14:45:26 | 000,686,972 | ---- | C] () -- C:\Users\KC\Documents\Corner Optical Postcard 022912.pdf
[2013/03/20 13:42:27 | 000,002,664 | ---- | C] () -- C:\Users\KC\Documents\coaster dude.jpg
[2013/03/20 13:40:55 | 000,066,048 | ---- | C] () -- C:\Users\KC\Documents\coaster dude.pub
[2013/03/18 16:41:58 | 000,122,767 | ---- | C] () -- C:\Users\KC\Documents\Scan0002.pdf
[2013/03/15 10:39:55 | 000,114,036 | ---- | C] () -- C:\Users\KC\Documents\Scan0001.pdf
[2013/03/08 11:17:43 | 000,001,626 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013/03/08 11:17:43 | 000,001,614 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2013/03/07 19:23:27 | 000,003,169 | ---- | C] () -- C:\Users\KC\Documents\wp-config.php
[2013/03/04 11:20:24 | 000,930,350 | ---- | C] () -- C:\Users\KC\Documents\Scan.pdf
[2013/03/01 13:14:56 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/25 12:37:59 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
[2013/02/25 12:37:59 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
[2013/02/25 12:30:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/12/20 12:17:32 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p30].bmp
[2012/12/20 12:17:30 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p29].bmp
[2012/12/20 12:17:28 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p28].bmp
[2012/12/20 12:17:26 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p27].bmp
[2012/12/20 12:17:25 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p26].bmp
[2012/12/20 12:17:23 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p25].bmp
[2012/12/20 12:17:20 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p24].bmp
[2012/12/20 12:17:18 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p23].bmp
[2012/12/20 12:17:16 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p22].bmp
[2012/12/20 12:17:14 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p21].bmp
[2012/12/20 12:17:10 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p20].bmp
[2012/12/20 12:17:08 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p19].bmp
[2012/12/20 12:17:06 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p18].bmp
[2012/12/20 12:17:05 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p17].bmp
[2012/12/20 12:17:03 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p16].bmp
[2012/12/20 12:17:02 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p15].bmp
[2012/12/20 12:17:00 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p14].bmp
[2012/12/20 12:16:58 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p13].bmp
[2012/12/20 12:16:57 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p12].bmp
[2012/12/20 12:16:55 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p11].bmp
[2012/12/20 12:16:53 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p10].bmp
[2012/12/20 12:16:52 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p09].bmp
[2012/12/20 12:16:50 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p08].bmp
[2012/12/20 12:16:48 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p07].bmp
[2012/12/20 12:16:47 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p06].bmp
[2012/12/20 12:16:45 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p05].bmp
[2012/12/20 12:16:44 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p04].bmp
[2012/12/20 12:16:42 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p03].bmp
[2012/12/20 12:16:40 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p02].bmp
[2012/12/20 12:16:38 | 000,964,854 | ---- | C] () -- C:\Users\KC\AppData\Local\[j0046]-[p01].bmp
[2012/06/07 11:12:49 | 000,169,385 | ---- | C] () -- C:\Windows\hppins10.dat
[2012/06/07 11:12:49 | 000,005,186 | ---- | C] () -- C:\Windows\hppmdl10.dat
[2012/06/07 10:29:15 | 000,005,924 | ---- | C] () -- C:\Windows\hppmdl10.dat.temp
[2012/06/07 10:28:59 | 000,000,623 | ---- | C] () -- C:\Windows\System32\hppapr10.dat
[2012/04/20 11:29:59 | 000,186,853 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2012/04/19 10:50:49 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/04/19 10:50:48 | 000,001,644 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/04/16 17:28:00 | 000,000,042 | ---- | C] () -- C:\Windows\msacc20.ini
[2012/04/16 17:01:00 | 000,000,032 | ---- | C] () -- C:\Windows\GRAPH5.INI
[2012/04/16 17:00:58 | 000,000,108 | ---- | C] () -- C:\Windows\I-LITE.INI
[2010/10/08 12:11:05 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/01/21 16:22:06 | 000,023,929 | ---- | C] () -- C:\Users\KC\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010/01/13 16:34:33 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/11/10 00:00:52 | 000,000,680 | ---- | C] () -- C:\Users\KC\AppData\Local\d3d9caps.dat
[2009/10/08 11:20:16 | 000,012,948 | ---- | C] () -- C:\Users\KC\AppData\Roaming\Tab Separated Values (Windows).CAL
[2009/09/11 08:26:36 | 000,029,696 | ---- | C] () -- C:\Users\KC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/27 06:05:46 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2010/10/08 11:48:42 | 000,000,000 | ---D | M] -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Desktop
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/08/05 17:35:56 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\.minecraft
[2013/05/23 11:14:16 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\2XClient
[2010/10/08 11:37:15 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\ACT
[2011/05/22 21:00:47 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\AnvSoft
[2010/09/03 12:33:24 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Artisteer
[2012/04/02 09:28:56 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Avery
[2010/12/06 16:41:27 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/01 11:39:42 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/12/14 13:20:59 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1
[2009/11/30 23:46:54 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2013/05/23 13:38:57 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Dropbox
[2011/03/01 12:11:21 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\eChart
[2010/11/19 16:39:04 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\EndUserApplication
[2010/12/14 15:57:04 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\ExchangeWise
[2010/03/03 11:48:59 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Facebook
[2012/07/30 09:27:00 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\FileMaker
[2012/07/30 09:38:31 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\FileMaker Pro
[2011/12/01 11:20:14 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Fit3DLive
[2009/09/29 17:16:23 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\GetRightToGo
[2013/03/11 18:18:07 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\ieSpell
[2010/10/08 12:11:03 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\IsolatedStorage
[2010/03/31 10:43:16 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\JawboneUpdater
[2011/09/02 12:03:10 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/12/18 13:02:47 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\muvee Technologies
[2012/04/16 11:37:15 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Office-Kit.com
[2009/09/07 15:13:05 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\OpenOffice.org
[2013/03/08 11:17:54 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Opera
[2012/10/23 14:35:39 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Optical Shop Software 2010 Demo
[2010/02/10 14:40:21 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\PlayFirst
[2009/12/31 14:53:51 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Publish Providers
[2013/05/18 20:54:00 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\QuickScan
[2011/02/21 12:02:45 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\SmartDraw
[2009/12/31 14:52:35 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Sony
[2013/02/07 11:21:02 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Spotify
[2010/02/08 17:43:54 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Virtual City
[2011/02/24 12:16:15 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\webex
[2009/08/09 16:01:59 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\WildTangent
[2012/12/14 18:29:52 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\WysePocketCloud
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2013/05/19 16:14:22 | 000,021,005 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/05/23 11:07:20 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/02 10:25:52 | 000,001,819 | ---- | M] () -- C:\InstallHelper.log
[2009/08/09 10:42:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/08 13:06:44 | 000,000,163 | ---- | M] () -- C:\jmf.log
[2013/05/22 09:28:39 | 000,055,441 | ---- | M] () -- C:\log.txt
[2009/08/09 10:42:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/12/15 12:30:44 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\nphssb.dll
[2009/12/15 12:30:44 | 000,000,247 | ---- | M] () -- C:\nphssb.xpt
[2013/05/23 11:07:17 | 3462,864,896 | -HS- | M] () -- C:\pagefile.sys
[2010/05/16 15:56:36 | 000,000,184 | ---- | M] () -- C:\setup.log
 
< %USERPROFILE%\*.* >
[2010/09/25 13:54:41 | 000,726,008 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\KC\gotomypc_438.exe
[2013/05/23 13:59:58 | 010,485,760 | -HS- | M] () -- C:\Users\KC\ntuser.dat
[2013/05/23 13:59:58 | 000,262,144 | -H-- | M] () -- C:\Users\KC\ntuser.dat.LOG1
[2009/08/08 22:35:54 | 000,000,000 | -H-- | M] () -- C:\Users\KC\ntuser.dat.LOG2
[2013/05/23 11:05:34 | 000,065,536 | -HS- | M] () -- C:\Users\KC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2013/05/23 11:05:34 | 000,524,288 | -HS- | M] () -- C:\Users\KC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/08/08 23:04:16 | 000,524,288 | -HS- | M] () -- C:\Users\KC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009/08/08 22:35:54 | 000,000,020 | -HS- | M] () -- C:\Users\KC\ntuser.ini
 
< %USERPROFILE%\temp\*.exe >
 
< %USERPROFILE%\AppData\Local\*.* >
[2009/08/08 22:44:11 | 000,000,000 | ---- | M] () -- C:\Users\KC\AppData\Local\AtStart.txt
[2012/08/13 10:08:43 | 000,000,680 | ---- | M] () -- C:\Users\KC\AppData\Local\d3d9caps.dat
[2013/02/12 13:11:39 | 000,029,696 | ---- | M] () -- C:\Users\KC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/08 22:44:11 | 000,000,000 | ---- | M] () -- C:\Users\KC\AppData\Local\DSwitch.txt
[2013/05/19 11:19:32 | 000,135,520 | ---- | M] () -- C:\Users\KC\AppData\Local\GDIPFONTCACHEV1.DAT
[2013/05/23 11:05:19 | 001,973,951 | -H-- | M] () -- C:\Users\KC\AppData\Local\IconCache.db
[2009/08/08 22:44:11 | 000,000,000 | ---- | M] () -- C:\Users\KC\AppData\Local\QSwitch.txt
[2012/12/20 12:16:39 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p01].bmp
[2012/12/20 12:16:41 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p02].bmp
[2012/12/20 12:16:43 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p03].bmp
[2012/12/20 12:16:44 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p04].bmp
[2012/12/20 12:16:46 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p05].bmp
[2012/12/20 12:16:48 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p06].bmp
[2012/12/20 12:16:49 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p07].bmp
[2012/12/20 12:16:51 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p08].bmp
[2012/12/20 12:16:53 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p09].bmp
[2012/12/20 12:16:54 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p10].bmp
[2012/12/20 12:16:56 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p11].bmp
[2012/12/20 12:16:58 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p12].bmp
[2012/12/20 12:16:59 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p13].bmp
[2012/12/20 12:17:01 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p14].bmp
[2012/12/20 12:17:03 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p15].bmp
[2012/12/20 12:17:04 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p16].bmp
[2012/12/20 12:17:06 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p17].bmp
[2012/12/20 12:17:07 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p18].bmp
[2012/12/20 12:17:09 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p19].bmp
[2012/12/20 12:17:12 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p20].bmp
[2012/12/20 12:17:15 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p21].bmp
[2012/12/20 12:17:18 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p22].bmp
[2012/12/20 12:17:20 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p23].bmp
[2012/12/20 12:17:22 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p24].bmp
[2012/12/20 12:17:24 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p25].bmp
[2012/12/20 12:17:26 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p26].bmp
[2012/12/20 12:17:27 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p27].bmp
[2012/12/20 12:17:29 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p28].bmp
[2012/12/20 12:17:31 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p29].bmp
[2012/12/20 12:17:33 | 000,964,854 | ---- | M] () -- C:\Users\KC\AppData\Local\[j0046]-[p30].bmp
 
< %USERPROFILE%\AppData\Local\*. >
[2013/05/23 11:21:24 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\7763FC58-9D5A-43A9-8F6F-CBA8FC124F37.aplzod
[2010/12/06 16:39:41 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Adobe
[2012/10/24 05:19:45 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Akamai
[2011/10/18 14:45:34 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Amazon
[2009/09/03 20:25:41 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Apple
[2012/08/03 10:12:10 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Apple Computer
[2009/09/20 10:21:04 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Apple_Inc
[2009/08/08 22:35:54 | 000,000,000 | -HSD | M] -- C:\Users\KC\AppData\Local\Application Data
[2010/01/29 11:00:39 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Apps
[2013/04/12 10:07:44 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Axialis
[2012/04/25 16:21:30 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\CutePDF Writer
[2012/04/13 14:33:29 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Deployment
[2012/07/30 10:53:36 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\FileMaker
[2012/11/14 12:13:10 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\FixItCenter
[2012/11/05 11:53:19 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Glance
[2012/11/05 11:53:19 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Glance27
[2013/05/20 08:12:04 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Google
[2011/03/11 14:46:14 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Help
[2009/08/28 09:41:16 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Hewlett-Packard
[2009/08/08 22:35:54 | 000,000,000 | -HSD | M] -- C:\Users\KC\AppData\Local\History
[2013/02/25 13:22:39 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\HP
[2009/08/13 16:57:00 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Intuit
[2010/08/03 11:35:17 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Intuit_Inc
[2010/05/11 14:31:21 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\IsolatedStorage
[2012/04/13 14:55:44 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\join.me
[2013/02/26 17:52:40 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Macromedia
[2013/04/29 15:17:36 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Microsoft
[2012/06/21 11:53:29 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Microsoft Corporation
[2011/10/07 10:58:34 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Microsoft Games
[2010/02/01 15:27:34 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Microsoft Help
[2010/11/08 20:49:16 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Mozilla
[2013/03/08 11:17:54 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Opera
[2012/06/23 12:03:09 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\PackageAware
[2010/07/18 22:21:53 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\QuickPlay
[2010/12/06 11:23:22 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Real
[2009/08/08 22:51:38 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Seven Zip
[2010/01/13 16:40:52 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\ShippingAssistant
[2010/09/28 17:18:30 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\SmarterTools
[2009/12/31 14:52:35 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Sony
[2013/02/07 11:20:44 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Spotify
[2013/05/23 13:59:46 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\Temp
[2009/08/08 22:35:54 | 000,000,000 | -HSD | M] -- C:\Users\KC\AppData\Local\Temporary Internet Files
[2009/10/20 14:54:52 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\VirtualStore
[2011/02/17 13:09:58 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\WinZip
[2012/04/13 11:20:46 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Local\ZocDocAlerter
 
< %USERPROFILE%\AppData\Local\temp\*.exe >
 
< %USERPROFILE%\AppData\Roaming\*.* >
[2010/10/08 11:38:10 | 021,046,160 | ---- | M] (Sage Software                                                ) -- C:\Users\KC\AppData\Roaming\ACT1200HotFix_SS.exe
[2010/10/08 12:10:58 | 000,000,000 | -H-- | M] () -- C:\Users\KC\AppData\Roaming\ActUpdate.log
[2012/04/20 11:58:23 | 000,001,106 | ---- | M] () -- C:\Users\KC\AppData\Roaming\ConvAPIPlugin.log
[2010/12/14 15:18:33 | 000,023,929 | ---- | M] () -- C:\Users\KC\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010/10/08 11:51:17 | 000,030,528 | ---- | M] () -- C:\Users\KC\AppData\Roaming\NGEN_AppLog_Install.txt
[2011/01/25 11:39:32 | 000,009,179 | ---- | M] () -- C:\Users\KC\AppData\Roaming\NGEN_AppLog_Uninstall.txt
[2009/10/08 11:34:24 | 000,012,948 | ---- | M] () -- C:\Users\KC\AppData\Roaming\Tab Separated Values (Windows).CAL
 
< %USERPROFILE%\AppData\Roaming\*. >
[2012/08/05 17:35:56 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\.minecraft
[2013/05/23 11:14:16 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\2XClient
[2010/10/08 11:37:15 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\ACT
[2011/03/10 16:33:11 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Adobe
[2011/05/22 21:00:47 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\AnvSoft
[2011/12/27 17:03:35 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Apple Computer
[2010/09/03 12:33:24 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Artisteer
[2012/04/02 09:28:56 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Avery
[2010/12/06 16:41:27 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/01 11:39:42 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/12/14 13:20:59 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1
[2009/11/30 23:46:54 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010/10/08 11:25:46 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\CyberLink
[2011/11/10 16:40:54 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Download Manager
[2013/05/23 13:38:57 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Dropbox
[2011/03/01 12:11:21 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\eChart
[2010/11/19 16:39:04 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\EndUserApplication
[2010/12/14 15:57:04 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\ExchangeWise
[2010/03/03 11:48:59 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Facebook
[2012/07/30 09:27:00 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\FileMaker
[2012/07/30 09:38:31 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\FileMaker Pro
[2011/12/01 11:20:14 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Fit3DLive
[2009/09/29 17:16:23 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\GetRightToGo
[2011/03/11 14:46:14 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Help
[2009/11/23 14:55:36 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Hewlett-Packard
[2012/04/20 11:59:33 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\HP
[2009/08/08 22:38:04 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\HP TCS
[2013/02/25 12:38:13 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\HpUpdate
[2009/08/08 22:43:41 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Identities
[2013/03/11 18:18:07 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\ieSpell
[2009/10/20 14:50:19 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\InstallShield
[2010/10/08 12:11:03 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\IsolatedStorage
[2010/03/31 10:43:16 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\JawboneUpdater
[2009/10/27 16:32:19 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Macromedia
[2013/05/19 17:39:36 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Malwarebytes
[2011/09/02 12:03:10 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Media Center Programs
[2013/03/08 11:43:35 | 000,000,000 | --SD | M] -- C:\Users\KC\AppData\Roaming\Microsoft
[2013/05/09 11:17:25 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Mozilla
[2010/12/18 13:02:47 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\muvee Technologies
[2012/04/16 11:37:15 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Office-Kit.com
[2009/09/07 15:13:05 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\OpenOffice.org
[2013/03/08 11:17:54 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Opera
[2012/10/23 14:35:39 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Optical Shop Software 2010 Demo
[2010/02/10 14:40:21 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\PlayFirst
[2009/12/31 14:53:51 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Publish Providers
[2013/05/18 20:54:00 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\QuickScan
[2012/01/05 11:51:48 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Real
[2013/04/06 14:04:50 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\RealNetworks
[2012/11/14 11:30:53 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Skype
[2011/02/21 12:02:45 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\SmartDraw
[2010/09/25 11:54:42 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\SmartFTP
[2009/12/31 14:52:35 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Sony
[2013/02/07 11:21:02 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Spotify
[2010/02/08 17:43:54 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Virtual City
[2011/02/24 12:16:15 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\webex
[2009/08/09 16:01:59 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\WildTangent
[2010/05/14 11:00:56 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\WinRAR
[2013/05/23 11:10:16 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\WTablet
[2012/12/14 18:29:52 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\WysePocketCloud
[2009/11/09 12:54:47 | 000,000,000 | ---D | M] -- C:\Users\KC\AppData\Roaming\Yahoo!
 
< %Public%\Documents\Fonts\*.exe >
 
< %Public%\Documents\Config\*.exe >
 
< %Public%\Documents\*.* >
[2008/01/20 21:43:21 | 000,000,280 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
 
< %ProgramData%\*.* >
[2013/02/25 12:30:54 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2010/07/17 12:59:07 | 002,989,660 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2012/11/14 11:30:43 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/08/12 16:33:33 | 000,000,021 | ---- | M] () -- C:\ProgramData\hpqp.txt
[2012/06/07 11:17:00 | 000,009,825 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/07/17 12:59:06 | 002,331,174 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2012/11/14 11:33:12 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/01/13 16:34:33 | 000,000,133 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/07/17 12:59:08 | 003,063,561 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2010/07/17 12:59:07 | 002,864,396 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2013/04/10 10:04:17 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/05/27 06:09:01 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/04/22 10:11:38 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/05/27 06:08:04 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/04/22 10:06:05 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/05/27 06:06:15 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/05/27 06:08:38 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/04/22 10:04:25 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/04/22 10:11:10 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/05/27 06:09:11 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 
< %ProgramData%\*. >
[2010/10/08 13:54:58 | 000,000,000 | ---D | M] -- C:\ProgramData\ACT
[2013/02/25 12:30:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2009/11/17 14:00:53 | 000,000,000 | ---D | M] -- C:\ProgramData\ALM
[2010/03/24 09:28:09 | 000,000,000 | ---D | M] -- C:\ProgramData\AppData
[2009/09/03 21:04:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2009/09/03 20:28:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/12/09 15:01:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Applications
[2009/05/27 05:34:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Atheros
[2013/05/20 08:08:58 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2009/08/13 15:54:32 | 000,000,000 | ---D | M] -- C:\ProgramData\COMMON FILES
[2011/02/23 12:05:30 | 000,000,000 | ---D | M] -- C:\ProgramData\CyberLink
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/02/23 15:18:34 | 000,000,000 | ---D | M] -- C:\ProgramData\eBay
[2010/07/17 12:59:06 | 000,000,000 | ---D | M] -- C:\ProgramData\ENU
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/07/30 09:28:49 | 000,000,000 | ---D | M] -- C:\ProgramData\FileMaker
[2009/11/17 14:03:37 | 000,000,000 | ---D | M] -- C:\ProgramData\FLEXnet
[2011/06/11 10:16:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Google
[2009/11/23 14:53:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Hewlett-Packard
[2009/11/19 11:07:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Homestead
[2013/02/25 12:32:26 | 000,000,000 | ---D | M] -- C:\ProgramData\HP
[2012/04/20 11:47:54 | 000,000,000 | ---D | M] -- C:\ProgramData\HP Product Assistant
[2009/08/28 10:57:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Intuit
[2010/12/22 14:38:09 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2012/07/12 14:07:19 | 000,000,000 | ---D | M] -- C:\ProgramData\LionClock Software
[2013/05/19 17:38:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2012/10/29 10:03:58 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2013/04/29 15:17:36 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2013/05/16 03:16:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012/07/31 13:11:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Motive
[2013/04/20 14:02:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2010/12/16 17:07:05 | 000,000,000 | ---D | M] -- C:\ProgramData\muvee Technologies
[2013/05/18 21:37:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton
[2009/04/22 09:01:01 | 000,000,000 | ---D | M] -- C:\ProgramData\NortonInstaller
[2009/08/28 09:28:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Office Genuine Advantage
[2012/04/16 11:37:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Office-Kit.com
[2010/02/10 14:40:21 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayFirst
[2010/11/15 08:58:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Real
[2011/11/10 16:59:40 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/10/08 11:49:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Sage Software, Inc
[2013/04/24 15:35:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2013/05/02 19:14:31 | 000,000,000 | ---D | M] -- C:\ProgramData\SQL Anywhere 10
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/04/05 10:04:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2013/05/18 21:37:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Symantec
[2012/07/04 15:49:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/04/19 15:57:55 | 000,000,000 | ---D | M] -- C:\ProgramData\UB-04 Software, Inc
[2012/05/02 11:04:26 | 000,000,000 | ---D | M] -- C:\ProgramData\VS
[2011/02/24 12:16:48 | 000,000,000 | ---D | M] -- C:\ProgramData\WebEx
[2009/11/09 12:57:43 | 000,000,000 | ---D | M] -- C:\ProgramData\WEBREG
[2012/12/05 15:22:18 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2009/09/28 09:50:09 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2009/11/17 13:30:00 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
 
< %CommonProgramFiles%\*.* >
 
< %CommonProgramFiles%\ComObjects*.exe >
Invalid Environment Variable: commonprogramfiles(x86)
Invalid Environment Variable: ProgramFiles(x86)
Invalid Environment Variable: ProgramFiles(x86)
 
< %programdata%\Microsoft\Windows\DRM\*.tmp >
 
< %programdata%\Microsoft\DRM\*.tmp >
 
< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >
[2008/06/06 12:30:00 | 000,001,356 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
[2006/11/02 08:01:48 | 000,000,006 | -HS- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\desktop.ini
[2012/05/02 11:11:40 | 000,134,728 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
 
< %systemroot%\system32\config\systemprofile\AppData\Roaming\*.* >
[2009/04/22 10:16:32 | 000,000,006 | -HS- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Roaming\desktop.ini
 
< %windir%\SysWOW64\config\systemprofile\AppData\Local\*.* >
 
< %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.* >
 
< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb >
 
< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb >
 
< %windir%\temp\*.exe >
 
< %windir%\*. >
[2013/05/19 16:05:29 | 000,000,000 | ---D | M] -- C:\Windows\AppPatch
[2013/05/16 03:56:57 | 000,000,000 | R-SD | M] -- C:\Windows\assembly
[2008/01/20 21:32:37 | 000,000,000 | ---D | M] -- C:\Windows\Boot
[2006/11/02 07:37:35 | 000,000,000 | ---D | M] -- C:\Windows\Branding
[2009/10/07 08:37:15 | 000,000,000 | ---D | M] -- C:\Windows\braveheart
[2006/11/02 07:37:35 | 000,000,000 | ---D | M] -- C:\Windows\Cursors
[2013/05/19 11:07:18 | 000,000,000 | ---D | M] -- C:\Windows\Debug
[2008/01/20 21:34:51 | 000,000,000 | ---D | M] -- C:\Windows\DigitalLocker
[2011/02/04 11:41:32 | 000,000,000 | ---D | M] -- C:\Windows\Downloaded Installations
[2013/05/18 20:53:55 | 000,000,000 | --SD | M] -- C:\Windows\Downloaded Program Files
[2013/05/19 15:55:45 | 000,000,000 | ---D | M] -- C:\Windows\E89498D814304A2BA76A4A71326981E9.TMP
[2012/01/11 04:18:46 | 000,000,000 | ---D | M] -- C:\Windows\ehome
[2011/03/11 14:38:26 | 000,000,000 | ---D | M] -- C:\Windows\en-US
[2013/05/19 15:44:35 | 000,000,000 | ---D | M] -- C:\Windows\erdnt
[2012/06/23 12:42:06 | 000,000,000 | R-SD | M] -- C:\Windows\Fonts
[2006/11/02 05:22:47 | 000,000,000 | ---D | M] -- C:\Windows\Globalization
[2006/11/02 07:42:30 | 000,000,000 | ---D | M] -- C:\Windows\Help
[2011/04/23 07:26:35 | 000,000,000 | ---D | M] -- C:\Windows\Hewlett-Packard
[2009/11/09 12:49:15 | 000,000,000 | ---D | M] -- C:\Windows\hpoj6500e709
[2009/09/22 19:21:27 | 000,000,000 | ---D | M] -- C:\Windows\IME
[2013/05/20 11:52:26 | 000,000,000 | ---D | M] -- C:\Windows\inf
[2013/05/20 08:12:16 | 000,000,000 | -HSD | M] -- C:\Windows\Installer
[2008/01/20 21:34:51 | 000,000,000 | ---D | M] -- C:\Windows\L2Schemas
[2012/07/12 14:07:19 | 000,000,000 | ---D | M] -- C:\Windows\LionClock 2011
[2006/11/02 05:23:02 | 000,000,000 | ---D | M] -- C:\Windows\LiveKernelReports
[2013/05/18 21:35:15 | 000,000,000 | ---D | M] -- C:\Windows\Logs
[2012/11/14 11:52:17 | 000,000,000 | ---D | M] -- C:\Windows\MATS
[2006/11/02 07:37:35 | 000,000,000 | R-SD | M] -- C:\Windows\Media
[2013/05/16 03:56:57 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET
[2013/05/18 21:35:14 | 000,000,000 | ---D | M] -- C:\Windows\Minidump
[2006/11/02 05:23:07 | 000,000,000 | ---D | M] -- C:\Windows\ModemLogs
[2008/01/20 21:34:54 | 000,000,000 | ---D | M] -- C:\Windows\MSAgent
[2012/04/16 17:00:57 | 000,000,000 | ---D | M] -- C:\Windows\MSAPPS
[2006/11/02 06:18:35 | 000,000,000 | ---D | M] -- C:\Windows\nap
[2011/05/05 13:50:36 | 000,000,000 | R--D | M] -- C:\Windows\Offline Web Pages
[2011/03/07 11:32:05 | 000,000,000 | ---D | M] -- C:\Windows\Options
[2013/05/18 21:35:59 | 000,000,000 | ---D | M] -- C:\Windows\panther
[2009/08/09 09:19:13 | 000,000,000 | ---D | M] -- C:\Windows\PCHEALTH
[2006/11/02 07:37:35 | 000,000,000 | ---D | M] -- C:\Windows\Performance
[2006/11/02 06:18:36 | 000,000,000 | ---D | M] -- C:\Windows\PLA
[2011/05/05 13:50:36 | 000,000,000 | ---D | M] -- C:\Windows\PolicyDefinitions
[2013/05/23 11:10:04 | 000,000,000 | ---D | M] -- C:\Windows\Prefetch
[2006/11/02 06:18:36 | 000,000,000 | ---D | M] -- C:\Windows\Provisioning
[2013/05/02 14:37:10 | 000,000,000 | ---D | M] -- C:\Windows\pss
[2013/05/02 19:13:42 | 000,000,000 | ---D | M] -- C:\Windows\registration
[2012/12/13 04:55:10 | 000,000,000 | ---D | M] -- C:\Windows\rescache
[2006/11/02 06:18:36 | 000,000,000 | ---D | M] -- C:\Windows\Resources
[2006/11/02 05:24:41 | 000,000,000 | ---D | M] -- C:\Windows\SchCache
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Windows\schemas
[2006/11/02 06:18:36 | 000,000,000 | ---D | M] -- C:\Windows\security
[2006/11/02 07:47:53 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles
[2009/09/22 19:21:35 | 000,000,000 | ---D | M] -- C:\Windows\servicing
[2008/06/06 12:31:14 | 000,000,000 | ---D | M] -- C:\Windows\Setup
[2009/09/29 17:14:01 | 000,000,000 | ---D | M] -- C:\Windows\ShellNew
[2013/05/19 10:28:33 | 000,000,000 | ---D | M] -- C:\Windows\SoftwareDistribution
[2006/11/02 07:42:30 | 000,000,000 | ---D | M] -- C:\Windows\Speech
[2010/10/09 03:01:47 | 000,000,000 | ---D | M] -- C:\Windows\SQL9_KB970892_ENU
[2010/07/02 10:34:15 | 000,000,000 | ---D | M] -- C:\Windows\Sun
[2012/04/16 17:00:58 | 000,000,000 | ---D | M] -- C:\Windows\system
[2013/05/20 11:52:27 | 000,000,000 | ---D | M] -- C:\Windows\System32
[2006/11/02 06:18:49 | 000,000,000 | ---D | M] -- C:\Windows\tapi
[2013/05/18 21:37:42 | 000,000,000 | ---D | M] -- C:\Windows\Tasks
[2013/05/23 14:00:14 | 000,000,000 | ---D | M] -- C:\Windows\Temp
[2011/01/26 14:28:39 | 000,000,000 | ---D | M] -- C:\Windows\Temp96240988-1D30-D4D8-A020-A3E8BFCA1E28-Signatures
[2006/11/02 05:23:06 | 000,000,000 | ---D | M] -- C:\Windows\tracing
[2013/02/25 16:54:27 | 000,000,000 | ---D | M] -- C:\Windows\twain_32
[2009/04/22 09:09:52 | 000,000,000 | ---D | M] -- C:\Windows\Users
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Windows\Web
[2006/11/02 07:42:32 | 000,000,000 | ---D | M] -- C:\Windows\WindowsMobile
[2013/05/16 03:15:32 | 000,000,000 | ---D | M] -- C:\Windows\winsxs
 
< %windir%\installer\*. >
[2009/04/22 09:59:56 | 000,000,000 | -HSD | M] -- C:\Windows\installer\$PatchCache$
[2010/05/16 16:00:45 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0054A0F6-00C9-4498-B821-B5C9578F433E}
[2010/12/06 14:19:32 | 000,000,000 | ---D | M] -- C:\Windows\installer\{007F778D-F15C-4EAB-AE92-071D21FAF632}
[2009/11/17 13:55:11 | 000,000,000 | ---D | M] -- C:\Windows\installer\{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
[2009/05/27 06:10:08 | 000,000,000 | ---D | M] -- C:\Windows\installer\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
[2012/05/02 11:05:11 | 000,000,000 | ---D | M] -- C:\Windows\installer\{05855322-BE43-41FE-B583-D3AE0C326D58}
[2010/06/05 10:17:51 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
[2010/12/06 14:25:14 | 000,000,000 | ---D | M] -- C:\Windows\installer\{08D2E121-7F6A-43EB-97FD-629B44903403}
[2009/11/17 13:55:01 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
[2009/05/27 06:05:04 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
[2010/08/30 14:31:38 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0F37D969-1260-419E-B308-EF7D29ABDE20}
[2012/05/01 03:03:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}
[2012/01/08 21:57:04 | 000,000,000 | ---D | M] -- C:\Windows\installer\{130E5108-547F-4482-91EE-F45C784E08C7}
[2013/01/24 11:59:49 | 000,000,000 | ---D | M] -- C:\Windows\installer\{1453ED8B-A6BD-4CC1-8497-2F53EE82ED5B}
[2009/04/22 10:15:50 | 000,000,000 | ---D | M] -- C:\Windows\installer\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}
[2012/10/11 03:09:51 | 000,000,000 | ---D | M] -- C:\Windows\installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
[2011/10/01 14:58:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{185292F7-7C0A-4F72-B2CC-CBEBD40B050E}
[2012/07/30 09:28:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{198945E2-E089-4094-A63D-166DBE8B87DF}
[2013/05/20 08:12:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}
[2009/04/22 10:11:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}
[2010/08/30 14:33:43 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2012098D-EEE9-4769-8DD3-B038050854D4}
[2010/12/18 13:35:16 | 000,000,000 | ---D | M] -- C:\Windows\installer\{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}
[2009/04/22 10:17:28 | 000,000,000 | ---D | M] -- C:\Windows\installer\{228C6B46-64E2-404E-898A-EF0830603EF4}
[2013/03/01 13:15:13 | 000,000,000 | ---D | M] -- C:\Windows\installer\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}
[2012/04/01 18:24:34 | 000,000,000 | ---D | M] -- C:\Windows\installer\{26A24AE4-039D-4CA4-87B4-2F83216031FF}
[2012/04/26 03:11:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
[2011/03/17 03:05:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
[2010/05/11 14:31:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2D87E961-577B-492B-AD54-1368680FB9A7}
[2013/03/22 04:59:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}
[2009/10/07 08:45:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{34BFB099-07B2-4E95-A673-7362D60866A2}
[2009/04/22 10:13:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{352310C3-E46B-42D3-8F32-54721FDD72D9}
[2009/11/17 13:59:29 | 000,000,000 | ---D | M] -- C:\Windows\installer\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
[2009/12/16 09:38:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3700194C-C5DD-439A-BE06-A66960CA4C70}
[2013/02/20 04:03:29 | 000,000,000 | ---D | M] -- C:\Windows\installer\{390DD8BB-BB57-4942-A029-2D913E4E9D74}
[2012/06/23 12:18:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3A9FC03D-C685-4831-94CF-4EDFD3749497}
[2013/05/06 10:19:52 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3ADE0E5D-C790-4FF3-86C9-ADC2251FE61D}
[2009/04/22 10:05:48 | 000,000,000 | ---D | M] -- C:\Windows\installer\{40BF1E83-20EB-11D8-97C5-0009C5020658}
[2010/12/06 14:23:05 | 000,000,000 | ---D | M] -- C:\Windows\installer\{433EACD8-4747-4A6A-826A-FFA9F39B0D40}
[2010/12/22 15:53:40 | 000,000,000 | ---D | M] -- C:\Windows\installer\{43523FEF-9D8E-4572-BB11-0E914D366E0A}
[2013/03/01 13:05:56 | 000,000,000 | ---D | M] -- C:\Windows\installer\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}
[2013/02/25 12:40:13 | 000,000,000 | ---D | M] -- C:\Windows\installer\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}
[2011/10/01 14:58:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}
[2011/10/01 14:57:25 | 000,000,000 | ---D | M] -- C:\Windows\installer\{48B08845-0CB0-45EC-893C-15319ADDA312}
[2010/06/10 12:35:29 | 000,000,000 | ---D | M] -- C:\Windows\installer\{49A143E9-4A6A-43E7-86B1-388194C79248}
[2012/06/24 03:13:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}
[2013/04/04 11:32:32 | 000,000,000 | ---D | M] -- C:\Windows\installer\{50120000-1105-0000-0000-0000000FF1CE}
[2009/10/07 08:44:39 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}
[2012/04/26 03:10:25 | 000,000,000 | ---D | M] -- C:\Windows\installer\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
[2009/11/17 13:54:51 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
[2010/10/08 11:48:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{58795EE4-FCF7-43A4-A5F6-269E69D0CD0B}
[2010/08/30 13:04:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{59996900-0E6C-45B7-8C39-C64CB98462E4}
[2013/04/12 11:37:13 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5DDB3393-E08B-447E-925F-6C00B95D0FE7}
[2012/01/08 21:56:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{600AB648-F79B-41EC-B426-A49A7DB121EA}
[2009/04/22 10:13:05 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}
[2010/09/25 11:52:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{65601901-7C80-4C4D-A4C8-566D9957C0F7}
[2009/11/23 13:54:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6616D7A3-EF4E-40E1-B4CE-45E84A89EF77}
[2009/11/17 13:57:42 | 000,000,000 | ---D | M] -- C:\Windows\installer\{67F0E67A-8E93-4C2C-B29D-47C48262738A}
[2011/03/14 10:04:01 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}
[2011/07/22 10:18:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}
[2010/12/09 15:03:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6C64AB8C-F78B-45C0-98E3-6DE9702E0225}
[2012/04/26 03:07:18 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}
[2013/02/25 12:39:08 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}
[2009/08/13 15:54:10 | 000,000,000 | ---D | M] -- C:\Windows\installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}
[2011/03/17 03:01:48 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}
[2012/05/02 11:16:44 | 000,000,000 | ---D | M] -- C:\Windows\installer\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}
[2011/07/06 13:28:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
[2011/10/12 14:22:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{79155F2B-9895-49D7-8612-D92580E0DE5B}
[2013/02/25 12:39:32 | 000,000,000 | ---D | M] -- C:\Windows\installer\{79ACC31A-87EA-472A-853E-5AC6A97CE569}
[2009/08/09 09:13:25 | 000,000,000 | ---D | M] -- C:\Windows\installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
[2009/11/17 14:01:22 | 000,000,000 | ---D | M] -- C:\Windows\installer\{87532CAB-7932-4F84-8937-823337622807}
[2012/05/02 11:17:11 | 000,000,000 | ---D | M] -- C:\Windows\installer\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}
[2013/03/13 03:04:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2012/12/14 18:28:50 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8C8C169B-D493-42C7-A975-7C1E0E4C5847}
[2012/11/29 18:47:47 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8CC68433-5837-4075-B81F-EA7E4F14CE60}
[2013/02/25 12:38:08 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8EAB4100-B343-41AE-A880-418746998209}
[2010/06/10 12:35:28 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}
[2013/04/04 11:32:57 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90120000-0020-0409-0000-0000000FF1CE}
[2013/04/04 11:34:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90120000-006E-0409-0000-0000000FF1CE}
[2013/05/16 03:16:16 | 000,000,000 | ---D | M] -- C:\Windows\installer\{91120000-0012-0000-0000-0000000FF1CE}
[2013/05/16 03:08:28 | 000,000,000 | ---D | M] -- C:\Windows\installer\{91120000-0019-0000-0000-0000000FF1CE}
[2012/07/04 15:48:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{91FBF15A-234C-4493-B440-7A3B4FE88AEC}
[2013/04/12 11:36:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{925F1DB6-E86E-4378-9091-D1F68B0583C9}
[2011/10/21 12:00:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}
[2012/04/20 11:50:21 | 000,000,000 | ---D | M] -- C:\Windows\installer\{92A51949-EE4C-466D-AAF0-99E74A49A63F}
[2010/12/06 14:24:39 | 000,000,000 | ---D | M] -- C:\Windows\installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
[2011/10/01 15:00:34 | 000,000,000 | ---D | M] -- C:\Windows\installer\{93968FB2-C67A-4A9B-80C2-5D4D9393058E}
[2010/08/30 14:45:04 | 000,000,000 | ---D | M] -- C:\Windows\installer\{93998800-1608-403F-9A51-420A77D23C25}
[2010/04/27 12:53:12 | 000,000,000 | ---D | M] -- C:\Windows\installer\{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}
[2013/04/04 11:40:43 | 000,000,000 | ---D | M] -- C:\Windows\installer\{95120000-00AF-0409-0000-0000000FF1CE}
[2009/04/22 10:13:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{96384578-C6A2-4EC6-92CD-B62A60713040}
[2012/10/02 03:04:47 | 000,000,000 | ---D | M] -- C:\Windows\installer\{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}
[2012/04/16 12:18:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{9A2F0810-369F-4E86-9072-973FBE1679C5}
[2009/04/22 10:31:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}
[2012/06/21 11:30:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}
[2013/03/05 12:38:46 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-1033-F400-7760-000000000005}
[2013/05/02 19:15:09 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}
[2009/09/08 21:15:10 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-7AD7-5464-3428-900000000004}
[2010/01/02 11:03:57 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-7AD7-5760-0000-900000000003}
[2010/08/30 14:33:11 | 000,000,000 | ---D | M] -- C:\Windows\installer\{ACE28263-76A4-4BF5-B6F4-8BD719595969}
[2010/06/05 10:17:05 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
[2012/11/09 12:48:46 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}
[2010/07/29 10:44:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AFAC914D-9E83-4A89-8ABE-427521C82CCF}
[2013/04/24 15:35:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B6CF2967-C81E-40C0-9815-C05774FEF120}
[2012/11/14 11:52:22 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}
[2010/04/09 14:59:18 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B946D46E-1302-48B4-84EE-B74C3191D975}
[2009/10/07 08:45:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}
[2011/10/01 15:00:27 | 000,000,000 | ---D | M] -- C:\Windows\installer\{BF9BF038-FE03-429D-9B26-2FA0FD756052}
[2012/04/20 11:50:22 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C29C1940-CB85-4F3B-906C-33FEE0E67103}
[2009/11/17 13:55:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C52E3EC1-048C-45E1-8D53-10B0C6509683}
[2009/11/23 14:50:47 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C59587F6-A0BC-40A7-AFE9-E7E368FDB742}
[2009/04/22 10:04:21 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
[2011/04/22 12:33:25 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C73F2967-062E-48F2-A462-D335B8950183}
[2012/06/08 12:47:45 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}
[2009/04/22 10:10:47 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
[2012/04/20 11:52:57 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}
[2009/11/17 13:29:47 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}
[2009/04/22 10:17:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}
[2010/12/06 14:24:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D1A19B02-817E-4296-A45B-07853FD74D57}
[2012/06/23 12:18:06 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}
[2010/08/30 14:45:34 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}
[2012/12/21 12:46:21 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D6B3114F-945B-4980-BF7A-AF12E9161A0F}
[2009/08/13 19:32:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D71D57E0-11FB-4D6F-9930-95214AF70DBB}
[2010/12/06 14:24:46 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
[2012/05/02 11:05:40 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}
[2009/05/27 06:10:57 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}
[2012/06/23 12:17:55 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}
[2011/06/01 14:52:11 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DEA7B1A4-24EC-4347-9742-EE28DEFF3625}
[2013/03/01 13:07:55 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}
[2010/09/09 09:30:21 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}
[2009/11/23 13:54:30 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EB59768B-8E82-45E8-8225-2BC9CE355481}
[2010/01/18 18:46:30 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EE55714B-B67C-4D08-97AE-0CF4AC5A3A77}
[2012/08/05 18:20:27 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}
[2010/04/27 12:54:43 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}
[2010/06/05 10:17:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
[2013/05/06 10:19:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F501F381-12A7-4EAB-A4C9-F36F63CF76FC}
[2009/12/31 14:42:39 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F655FEC2-EB66-4B94-8F51-B2A8EE6FE374}
[2009/11/26 14:35:16 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
[2009/09/18 17:37:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
 
< %windir%\system32\*. >
[2010/08/30 13:31:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\0409
[2010/08/30 14:44:41 | 000,000,000 | ---D | M] -- C:\Windows\system32\1033
[2010/08/12 15:50:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\Adobe
[2009/09/22 19:21:23 | 000,000,000 | ---D | M] -- C:\Windows\system32\AdvancedInstallers
[2009/11/14 10:10:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\ar-SA
[2009/11/14 10:10:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\bg-BG
[2009/09/22 19:20:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\Boot
[2006/11/02 07:42:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\Branding
[2009/09/22 19:21:26 | 000,000,000 | ---D | M] -- C:\Windows\system32\ca-ES
[2013/05/16 03:15:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot
[2013/05/16 03:02:21 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot2
[2013/05/02 19:15:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\CodeIntegrity
[2009/08/09 18:57:18 | 000,000,000 | ---D | M] -- C:\Windows\system32\COLOR
[2008/01/20 21:34:49 | 000,000,000 | ---D | M] -- C:\Windows\system32\com
[2013/05/19 12:49:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\config
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\cs-CZ
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\da-DK
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\de-DE
[2013/05/22 09:06:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\drivers
[2009/04/22 09:11:34 | 000,000,000 | ---D | M] -- C:\Windows\system32\DriverStore
[2012/09/14 13:51:21 | 000,000,000 | ---D | M] -- C:\Windows\system32\DRVSTORE
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\el-GR
[2009/09/22 19:21:23 | 000,000,000 | ---D | M] -- C:\Windows\system32\en
[2012/12/13 04:34:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\en-US
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\es-ES
[2009/11/14 10:10:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\et-EE
[2009/09/22 19:21:24 | 000,000,000 | ---D | M] -- C:\Windows\system32\eu-ES
[2009/09/21 07:52:52 | 000,000,000 | ---D | M] -- C:\Windows\system32\EventProviders
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\fi-FI
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\fr-FR
[2013/04/10 10:04:16 | 000,000,000 | -H-D | M] -- C:\Windows\system32\GroupPolicy
[2006/11/02 05:23:01 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicyUsers
[2009/11/14 10:10:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\he-IL
[2009/11/14 10:10:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\hr-HR
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\hu-HU
[2008/01/20 21:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\ias
[2008/01/20 21:34:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\icsxml
[2006/11/02 06:18:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\IME
[2010/08/31 14:29:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\inetsrv
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\it-IT
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\ja-JP
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\ko-KR
[2009/05/27 05:37:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\Lang
[2006/11/02 07:37:35 | 000,000,000 | ---D | M] -- C:\Windows\system32\licensing
[2013/05/19 11:04:49 | 000,000,000 | ---D | M] -- C:\Windows\system32\LogFiles
[2009/11/14 10:10:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\lt-LT
[2009/11/14 10:10:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\lv-LV
[2009/04/22 10:00:21 | 000,000,000 | ---D | M] -- C:\Windows\system32\Macromed
[2009/09/22 19:21:23 | 000,000,000 | ---D | M] -- C:\Windows\system32\manifeststore
[2006/11/02 07:47:46 | 000,000,000 | --SD | M] -- C:\Windows\system32\Microsoft
[2013/05/16 03:33:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\migration
[2009/09/22 19:21:21 | 000,000,000 | ---D | M] -- C:\Windows\system32\migwiz
[2013/05/18 20:44:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\MpEngineStore
[2013/05/02 19:17:03 | 000,000,000 | ---D | M] -- C:\Windows\system32\Msdtc
[2006/11/02 07:42:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\MUI
[2009/11/14 10:10:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\nb-NO
[2009/09/08 21:07:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\NDF
[2006/11/02 06:18:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\networklist
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\nl-NL
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\nn-NO
[2009/09/22 19:21:24 | 000,000,000 | ---D | M] -- C:\Windows\system32\oobe
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\pl-PL
[2006/11/02 07:42:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\Printing_Admin_Scripts
[2009/11/14 10:10:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-BR
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-PT
[2008/01/20 21:34:26 | 000,000,000 | ---D | M] -- C:\Windows\system32\ras
[2006/11/02 06:18:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\RemInst
[2009/08/08 22:37:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\restore
[2009/11/14 10:10:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\ro-RO
[2010/08/30 14:48:10 | 000,000,000 | ---D | M] -- C:\Windows\system32\RsFx
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\ru-RU
[2009/09/22 19:21:23 | 000,000,000 | ---D | M] -- C:\Windows\system32\setup
[2009/11/14 10:10:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\sk-SK
[2009/11/14 10:10:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\sl-SI
[2006/11/02 07:42:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\slmgr
[2009/09/22 19:21:23 | 000,000,000 | ---D | M] -- C:\Windows\system32\SLUI
[2006/11/02 06:18:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\SMI
[2006/11/02 07:37:35 | 000,000,000 | ---D | M] -- C:\Windows\system32\Speech
[2013/05/02 19:15:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\spool
[2009/11/14 10:10:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\sr-Latn-CS
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\sv-SE
[2009/05/27 06:17:55 | 000,000,000 | ---D | M] -- C:\Windows\system32\sysprep
[2013/05/20 08:10:37 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks
[2009/11/14 10:10:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\th-TH
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\tr-TR
[2009/11/14 10:10:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\uk-UA
[2009/09/22 19:21:21 | 000,000,000 | ---D | M] -- C:\Windows\system32\vi-VN
[2013/05/02 19:16:53 | 000,000,000 | ---D | M] -- C:\Windows\system32\wbem
[2009/04/22 09:11:35 | 000,000,000 | ---D | M] -- C:\Windows\system32\WCN
[2012/04/14 15:04:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\WDI
[2006/11/02 08:02:50 | 000,000,000 | ---D | M] -- C:\Windows\system32\wfp
[2011/02/24 04:04:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\WindowsPowerShell
[2006/11/02 06:18:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\winevt
[2006/11/02 07:42:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\winrm
[2011/01/25 11:33:41 | 000,000,000 | ---D | M] -- C:\Windows\system32\WTablet
[2011/02/04 11:16:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\x64
[2012/05/12 03:40:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\XPSViewer
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-CN
[2009/11/14 10:10:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-HK
[2011/04/04 11:28:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-TW
 
< %windir%\sysnative\*. >
 
< %Temp%\smtmp\1\*.* >
 
< %Temp%\smtmp\2\*.* >
 
< %Temp%\smtmp\3\*.* >
 
< %Temp%\smtmp\4\*.* >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/20 21:24:47 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
< %systemroot%\syswow64\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /90 >
[2013/05/09 03:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswFsBlk.sys
[2013/05/09 03:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswMonFlt.sys
[2013/05/09 03:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswRdr.sys
[2013/05/09 03:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\system32\drivers\aswRvrt.sys
[2013/05/09 03:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSnx.sys
[2013/05/09 03:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSP.sys
[2013/05/09 03:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswTdi.sys
[2013/05/09 03:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\system32\drivers\aswVmm.sys
[2013/04/15 09:20:04 | 000,638,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgkrnl.sys
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2013/03/03 14:07:52 | 001,082,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ntfs.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\syswow64\drivers\*.sys /90 >
 
< %systemroot%\syswow64\drivers\*.sys /lockedfiles >
 
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/12/18 12:46:26 | 000,280,576 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\hpcpp083.DLL
[2010/05/14 14:56:34 | 000,319,488 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\hpfpp02t.dll
[2008/08/12 11:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\hpfpp082.dll
[2007/03/15 15:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
[2008/01/16 18:45:58 | 000,241,664 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\hpzpp5k4.DLL
[2008/01/20 21:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
[2010/10/25 09:50:48 | 000,082,184 | ---- | M] (Microsoft Corporation.) -- C:\Windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
 
< %SYSTEMDRIVE%\*. /rp /s >
 
< %systemroot%\assembly\tmp\*.* /S /MD5 >
 
< %systemroot%\assembly\temp\*.* /S /MD5 >
 
< %systemroot%\assembly\GAC\*.ini >
 
< %systemroot%\assembly\GAC_32\*.ini >
 
< %systemroot%\assembly\GAC_64\*.ini >
 
< %SystemRoot%\assembly\GAC_MSIL\*.ini >
 
< wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
< HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/04/11 01:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >
"" = Microsoft WBEM New Event Subsystem -- [2006/11/02 07:47:46 | 000,000,000 | --SD | M]
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >
"" = Microsoft WBEM New Event Subsystem -- [2006/11/02 07:47:46 | 000,000,000 | --SD | M]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >
"" = MruPidlList
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s >
"" = Start Menu Pin
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/04/11 01:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper -- [2006/11/02 07:47:46 | 000,000,000 | --SD | M]
[HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
< HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >
"" = ShellFolder for CD Burning
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = %SystemRoot%\system32\SHELL32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\MergedFolder]
"Attributes" = 0x0
"AttributeMask" = 0xffffffff
"Location" = @shell32.dll,-12591 -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ConflictOverlayIcon" = %SystemRoot%\system32\imageres.dll,-169 -- [2006/11/02 04:39:37 | 015,821,312 | ---- | M] (Microsoft Corporation)
 
< HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper -- [2006/11/02 07:47:46 | 000,000,000 | --SD | M]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
< HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /s >
 
< HKEY_CLASSES_ROOT\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s >
 
< HKEY_CLASSES_ROOT\Directory\Shellex\CopyHookHandlers\MSCopy /s >
 
< HKEY_CURRENT_USER\Software\MSOLoad /s >
 
< bcdedit /enum all /v >C:\boot.txt /c >
Windows Boot Manager
--------------------
identifier              {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default                 {a9a772cc-33f5-11dd-8dd3-f60ab8d5cad9}
resumeobject            {a9a772cd-33f5-11dd-8dd3-f60ab8d5cad9}
displayorder            {a9a772cc-33f5-11dd-8dd3-f60ab8d5cad9}
toolsdisplayorder       {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout                 30
resume                  No
Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae2-0007e994107d}
device                  ramdisk=[D:]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
path                    \windows\system32\boot\winload.exe
description             HP Recovery Manager
osdevice                ramdisk=[D:]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes
Windows Boot Loader
-------------------
identifier              {a9a772cc-33f5-11dd-8dd3-f60ab8d5cad9}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence        {572bcd55-ffa7-11d9-aae2-0007e994107d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {a9a772cd-33f5-11dd-8dd3-f60ab8d5cad9}
nx                      OptIn
Resume from Hibernate
---------------------
identifier              {a9a772cd-33f5-11dd-8dd3-f60ab8d5cad9}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
Windows Memory Tester
---------------------
identifier              {b2721d73-1db4-4c62-bf78-c548a880142d}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess         Yes
EMS Settings
------------
identifier              {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems                 Yes
Debugger Settings
-----------------
identifier              {4636856e-540f-4170-a130-a84776f4c654}
debugtype               Serial
debugport               1
baudrate                115200
RAM Defects
-----------
identifier              {5189b25c-5558-4bf2-bca4-289b11bd29e2}
Global Settings
---------------
identifier              {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit                 {4636856e-540f-4170-a130-a84776f4c654}
                        {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
                        {5189b25c-5558-4bf2-bca4-289b11bd29e2}
Boot Loader Settings
--------------------
identifier              {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit                 {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
Resume Loader Settings
----------------------
identifier              {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit                 {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
Setup Ramdisk Options
---------------------
identifier              {ae5534e0-a924-466c-b836-758539a3ee3a}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \boot\boot.sdi
 
< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
On computer: CO-PC
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     E   Dec 10 2012  CDFS   DVD-ROM      136 MB  Healthy            
  Volume 1     C                NTFS   Partition    287 GB  Healthy    System  
  Volume 2     D   RECOVERY     NTFS   Partition     11 GB  Healthy            
  Volume 3     G                FAT32  Removable   7576 MB  Healthy       


#10 kevincount

kevincount
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 23 May 2013 - 03:01 PM

Part three Last section.

 

 

< MD5 for: AFD.SYS  >
[2011/04/21 08:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011/04/21 08:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 08:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011/04/21 08:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/20 21:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/10 23:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011/04/21 08:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys
 
< MD5 for: ATAPI.SYS  >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\erdnt\cache\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/04/22 09:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009/04/22 09:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009/04/22 09:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009/04/22 09:18:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\erdnt\cache\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: DFSC.SYS  >
[2009/04/10 23:14:12 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=218D8AE46C88E82014F5D73D0236D9B2 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys
[2011/04/14 09:36:03 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=3A3436F7DFE0E0C58CD5C3B6C9F21634 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.22625_none_89f9ad5afc6b7999\dfsc.sys
[2011/04/14 09:59:03 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=622C41A07CA7E6DD91770F50D532CB6C -- C:\Windows\System32\drivers\dfsc.sys
[2011/04/14 09:59:03 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=622C41A07CA7E6DD91770F50D532CB6C -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys
[2008/01/20 21:24:55 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=9E635AE5E8AD93E2B5989E2E23679F97 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18000_none_879a2ddde61be4de\dfsc.sys
[2011/04/14 09:24:14 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=A3E9FA213F443AC77C7746119D13FEEC -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18633_none_877cca5be63173a0\dfsc.sys
[2011/04/13 08:22:40 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=E20FB30D720810646ED24FB7CA9899A2 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.22899_none_87cb8b40ff7a5041\dfsc.sys
 
< MD5 for: DISK.SYS  >
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 21:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 21:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 04:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys
 
< MD5 for: EVENTLOG.DLL  >
[2007/05/17 23:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/04/22 09:25:20 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/22 09:25:20 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/22 09:25:20 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/22 09:25:20 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: I8042PRT.SYS  >
[2006/11/02 03:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\i8042prt.sys
[2006/11/02 03:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_3dfa3917\i8042prt.sys
[2008/01/20 21:09:47 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\i8042prt.sys
[2008/01/20 21:09:47 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\i8042prt.sys
[2008/01/20 21:23:20 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\drivers\i8042prt.sys
[2008/01/20 21:23:23 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\i8042prt.sys
[2008/01/20 21:23:23 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_f55d5e51\i8042prt.sys
[2008/01/20 21:23:20 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_8b7c4328\i8042prt.sys
[2008/01/20 21:23:23 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\i8042prt.sys
[2008/01/20 21:23:23 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6002.18005_none_9939e6e4d61ab7ca\i8042prt.sys
[2008/01/20 21:23:20 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\i8042prt.sys
[2008/01/20 21:09:47 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\i8042prt.sys
[2008/01/20 21:09:47 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\i8042prt.sys
 
< MD5 for: LSASS.EXE  >
[2009/06/15 07:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009/09/10 09:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009/06/15 07:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009/02/13 02:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2012/06/01 17:37:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=613DEB66A91820F0A41915B40BB8833F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22869_none_a882cf8373379c5f\lsass.exe
[2009/06/15 08:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A3E186B4B935905B829219502557314E -- C:\Windows\erdnt\cache\lsass.exe
[2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A3E186B4B935905B829219502557314E -- C:\Windows\System32\lsass.exe
[2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A3E186B4B935905B829219502557314E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18541_none_a806cc745a10ffad\lsass.exe
[2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A3E186B4B935905B829219502557314E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18643_none_a808ceee5a0f2f82\lsass.exe
[2009/06/15 07:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009/02/12 23:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009/06/15 07:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009/06/15 08:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009/09/09 06:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009/09/10 09:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008/01/20 21:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008/01/20 21:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008/01/20 21:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2011/11/16 08:57:04 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=EBFAEB786C46B407930811F94F08877D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22742_none_a8916b6f732db5f5\lsass.exe
[2009/02/13 03:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe
 
< MD5 for: NETBT.SYS  >
[2008/01/20 21:24:59 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2009/04/10 23:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2009/04/10 23:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\erdnt\cache\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\erdnt\cache\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: SERIAL.SYS  >
[2008/01/20 21:23:26 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_33048ac2\serial.sys
[2008/01/20 21:23:01 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\System32\DriverStore\FileRepository\msports.inf_44880ea7\serial.sys
[2008/01/20 21:23:26 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\winsxs\x86_hiddigi.inf_31bf3856ad364e35_6.0.6001.18000_none_955c449145dbf667\serial.sys
[2008/01/20 21:23:01 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\serial.sys
[2006/11/02 03:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=C70D69A918B178D3C3B06339B40C2E1B -- C:\Windows\System32\drivers\serial.sys
[2006/11/02 03:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=C70D69A918B178D3C3B06339B40C2E1B -- C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_9d4661e2\serial.sys
[2006/11/02 03:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=C70D69A918B178D3C3B06339B40C2E1B -- C:\Windows\System32\DriverStore\FileRepository\msports.inf_ac874de4\serial.sys
 
< MD5 for: SERVICES.EXE  >
[2008/01/20 21:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
 
< MD5 for: TCPIP.SYS  >
[2009/04/22 09:17:11 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009/04/11 01:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011/09/20 16:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2009/12/08 15:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009/08/15 16:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009/08/14 12:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2011/06/17 15:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys
[2012/03/30 07:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
[2010/02/18 06:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010/02/18 09:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009/08/14 09:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2013/01/04 06:28:19 | 000,914,792 | ---- | M] (Microsoft Corporation) MD5=3535CD93F944C00F098E73E12EE7FEB6 -- C:\Windows\erdnt\cache\tcpip.sys
[2013/01/04 06:28:19 | 000,914,792 | ---- | M] (Microsoft Corporation) MD5=3535CD93F944C00F098E73E12EE7FEB6 -- C:\Windows\System32\drivers\tcpip.sys
[2013/01/04 06:28:19 | 000,914,792 | ---- | M] (Microsoft Corporation) MD5=3535CD93F944C00F098E73E12EE7FEB6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.23013_none_b5863efb7cafb1c9\tcpip.sys
[2009/12/08 15:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010/02/18 09:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010/02/18 07:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2009/12/08 15:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2010/06/16 10:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009/08/14 11:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2011/06/17 15:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) MD5=6647FCE6FC4970DAAFE5C64C794513D3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys
[2010/06/16 11:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2013/01/04 06:28:18 | 000,905,576 | ---- | M] (Microsoft Corporation) MD5=74E2D020C47BB2B2FCCBA29A518A7EB4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18764_none_b4c7b8d663b986a2\tcpip.sys
[2010/06/16 10:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011/09/20 16:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2009/04/22 09:17:11 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009/12/08 12:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009/08/14 12:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010/02/18 12:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010/06/16 11:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2010/04/05 12:03:01 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=A6A02EF5B5E40FBD31A1ADC577DA54BB -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys
[2009/12/08 12:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2010/04/05 15:00:48 | 000,910,208 | ---- | M] (Microsoft Corporation) MD5=CC9993701AC57F995554C696DDA49C12 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys
[2010/02/18 09:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009/12/08 15:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2012/03/30 07:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
[2008/01/20 21:25:03 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009/08/14 11:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
 
< MD5 for: USERINIT.EXE  >
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: VOLSNAP.SYS  >
[2006/11/02 04:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 01:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 01:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2012/08/21 06:47:42 | 000,225,664 | ---- | M] (Microsoft Corporation) MD5=559F1DB6586DE2EE8E25E172A0CA9A3C -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.22913_none_181f0c08125e385e\volsnap.sys
[2012/08/21 06:47:42 | 000,224,640 | ---- | M] (Microsoft Corporation) MD5=786DB5771F05EF300390399F626BF30A -- C:\Windows\System32\drivers\volsnap.sys
[2012/08/21 06:47:42 | 000,224,640 | ---- | M] (Microsoft Corporation) MD5=786DB5771F05EF300390399F626BF30A -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_2abeaeba\volsnap.sys
[2012/08/21 06:47:42 | 000,224,640 | ---- | M] (Microsoft Corporation) MD5=786DB5771F05EF300390399F626BF30A -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18679_none_175a8da4f96bddf6\volsnap.sys
[2008/01/20 21:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 21:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys
 
< MD5 for: WININIT.EXE  >
[2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\erdnt\cache\wininit.exe
[2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Documents and Settings] -> c:\Users -> Junction
[C:\ProgramData\Application Data] -> c:\ProgramData -> Junction
[C:\ProgramData\Desktop] -> c:\Users\Public\Desktop -> Junction
[C:\ProgramData\Documents] -> c:\Users\Public\Documents -> Junction
[C:\ProgramData\Favorites] -> c:\Users\Public\Favorites -> Junction
[C:\ProgramData\Start Menu] -> c:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\ProgramData\Templates] -> c:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Users\All Users\Application Data] -> c:\ProgramData -> Junction
[C:\Users\All Users\Desktop] -> c:\Users\Public\Desktop -> Junction
[C:\Users\All Users\Documents] -> c:\Users\Public\Documents -> Junction
[C:\Users\All Users\Favorites] -> c:\Users\Public\Favorites -> Junction
[C:\Users\All Users\Start Menu] -> c:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\Users\All Users\Templates] -> c:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Users\All Users] ->  -> Unknown point type
[C:\Users\Default User] -> c:\Users\Default -> Junction
[C:\Users\Default\AppData\Local\Application Data] -> c:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\AppData\Local\History] -> c:\Users\Default\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\Default\AppData\Local\Temporary Internet Files] -> c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\Default\Application Data] -> c:\Users\Default\AppData\Roaming -> Junction
[C:\Users\Default\Documents\My Music] -> c:\Users\Default\Music -> Junction
[C:\Users\Default\Documents\My Pictures] -> c:\Users\Default\Pictures -> Junction
[C:\Users\Default\Documents\My Videos] -> c:\Users\Default\Videos -> Junction
[C:\Users\Default\Local Settings] -> c:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\My Documents] -> c:\Users\Default\Documents -> Junction
[C:\Users\Default\NetHood] -> c:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\Default\PrintHood] -> c:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\Default\Recent] -> c:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\Default\SendTo] -> c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\Default\Start Menu] -> c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\Default\Templates] -> c:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\KC\AppData\Local\Application Data] -> C:\Users\KC\AppData\Local -> Junction
[C:\Users\KC\AppData\Local\History] -> C:\Users\KC\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\KC\AppData\Local\Temporary Internet Files] -> C:\Users\KC\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\KC\AppData\LocalLow\PlayReady] -> C:\ProgramData\Microsoft\PlayReady -> Junction
[C:\Users\KC\Application Data] -> C:\Users\KC\AppData\Roaming -> Junction
[C:\Users\KC\Cookies] -> C:\Users\KC\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Users\KC\Documents\My Music] -> C:\Users\KC\Music -> Junction
[C:\Users\KC\Documents\My Pictures] -> C:\Users\KC\Pictures -> Junction
[C:\Users\KC\Documents\My Videos] -> C:\Users\KC\Videos -> Junction
[C:\Users\KC\Local Settings] -> C:\Users\KC\AppData\Local -> Junction
[C:\Users\KC\My Documents] -> C:\Users\KC\Documents -> Junction
[C:\Users\KC\NetHood] -> C:\Users\KC\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\KC\PrintHood] -> C:\Users\KC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\KC\Recent] -> C:\Users\KC\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\KC\SendTo] -> C:\Users\KC\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\KC\Start Menu] -> C:\Users\KC\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\KC\Templates] -> C:\Users\KC\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\Public\Documents\My Music] -> c:\Users\Public\Music -> Junction
[C:\Users\Public\Documents\My Pictures] -> c:\Users\Public\Pictures -> Junction
[C:\Users\Public\Documents\My Videos] -> c:\Users\Public\Videos -> Junction
[C:\Users\QBDataServiceUser19\AppData\Local\Application Data] -> C:\Users\QBDataServiceUser19\AppData\Local -> Junction
[C:\Users\QBDataServiceUser19\AppData\Local\History] -> C:\Users\QBDataServiceUser19\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\QBDataServiceUser19\AppData\Local\Temporary Internet Files] -> C:\Users\QBDataServiceUser19\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\QBDataServiceUser19\Application Data] -> C:\Users\QBDataServiceUser19\AppData\Roaming -> Junction
[C:\Users\QBDataServiceUser19\Cookies] -> C:\Users\QBDataServiceUser19\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Users\QBDataServiceUser19\Documents\My Music] -> C:\Users\QBDataServiceUser19\Music -> Junction
[C:\Users\QBDataServiceUser19\Documents\My Pictures] -> C:\Users\QBDataServiceUser19\Pictures -> Junction
[C:\Users\QBDataServiceUser19\Documents\My Videos] -> C:\Users\QBDataServiceUser19\Videos -> Junction
[C:\Users\QBDataServiceUser19\Local Settings] -> C:\Users\QBDataServiceUser19\AppData\Local -> Junction
[C:\Users\QBDataServiceUser19\My Documents] -> C:\Users\QBDataServiceUser19\Documents -> Junction
[C:\Users\QBDataServiceUser19\NetHood] -> C:\Users\QBDataServiceUser19\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\QBDataServiceUser19\PrintHood] -> C:\Users\QBDataServiceUser19\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\QBDataServiceUser19\Recent] -> C:\Users\QBDataServiceUser19\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\QBDataServiceUser19\SendTo] -> C:\Users\QBDataServiceUser19\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\QBDataServiceUser19\Start Menu] -> C:\Users\QBDataServiceUser19\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\QBDataServiceUser19\Templates] -> C:\Users\QBDataServiceUser19\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\QBPOSDBSrvUser\AppData\Local\Application Data] -> C:\Users\QBPOSDBSrvUser\AppData\Local -> Junction
[C:\Users\QBPOSDBSrvUser\AppData\Local\History] -> C:\Users\QBPOSDBSrvUser\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\QBPOSDBSrvUser\AppData\Local\Temporary Internet Files] -> C:\Users\QBPOSDBSrvUser\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\QBPOSDBSrvUser\Application Data] -> C:\Users\QBPOSDBSrvUser\AppData\Roaming -> Junction
[C:\Users\QBPOSDBSrvUser\Cookies] -> C:\Users\QBPOSDBSrvUser\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Users\QBPOSDBSrvUser\Documents\My Music] -> C:\Users\QBPOSDBSrvUser\Music -> Junction
[C:\Users\QBPOSDBSrvUser\Documents\My Pictures] -> C:\Users\QBPOSDBSrvUser\Pictures -> Junction
[C:\Users\QBPOSDBSrvUser\Documents\My Videos] -> C:\Users\QBPOSDBSrvUser\Videos -> Junction
[C:\Users\QBPOSDBSrvUser\Local Settings] -> C:\Users\QBPOSDBSrvUser\AppData\Local -> Junction
[C:\Users\QBPOSDBSrvUser\My Documents] -> C:\Users\QBPOSDBSrvUser\Documents -> Junction
[C:\Users\QBPOSDBSrvUser\NetHood] -> C:\Users\QBPOSDBSrvUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\QBPOSDBSrvUser\PrintHood] -> C:\Users\QBPOSDBSrvUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\QBPOSDBSrvUser\Recent] -> C:\Users\QBPOSDBSrvUser\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\QBPOSDBSrvUser\SendTo] -> C:\Users\QBPOSDBSrvUser\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\QBPOSDBSrvUser\Start Menu] -> C:\Users\QBPOSDBSrvUser\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\QBPOSDBSrvUser\Templates] -> C:\Users\QBPOSDBSrvUser\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 520 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ........Z....Z:1
@Alternate Data Stream - 520 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\ZZ.......Z.....Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZZZZ..Z.....Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZZZZ...Z.ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZZZ.Z.ZZ....Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZZZ.Z...Z..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZZZ..Z......Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZZ.ZZZZZ.ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZZ.ZZZ.Z...ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZZ.ZZZ..Z...Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZZ.ZZ...Z..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZZ...ZZ.ZZ.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZZ....Z.....Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZZ........Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ.ZZZZ.ZZ..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ.ZZZZ..ZZ..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ.ZZ.ZZZZZ.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ.ZZ.Z.Z...ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ.ZZ.Z....Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ.Z.ZZ..Z.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ.Z.Z.ZZZZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ.Z..ZZZZZ..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ.Z..ZZ.Z.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ.Z....Z.Z.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ.Z......ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ..Z...ZZ..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ...ZZZ..Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ....ZZZZ.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ....ZZZ.Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ....Z.Z...ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ.ZZZZZZZZZ.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ.ZZZZ.Z.Z.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ.ZZZZ.Z...Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ.ZZ.ZZZZZ..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ.Z.ZZZZ....ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ.Z.Z.ZZZZ.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ.Z.Z..ZZ.Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ.Z..Z..Z.Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ.Z....ZZZZ..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ.Z....Z.ZZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ.Z.....ZZ..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ.Z.....Z.Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ..ZZZZZZ...ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ..Z.Z......ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ..Z....Z....Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ...Z.Z..Z..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ...Z...Z..Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ....Z.ZZZ.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ......Z.Z..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.ZZZZZZ...Z.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.ZZZZ...Z...ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.ZZZ..ZZ.ZZ..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.ZZZ..ZZ..Z.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.ZZZ...ZZZZ..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.ZZ.ZZ..ZZ.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.ZZ.Z.ZZ..ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.ZZ..ZZZ.ZZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.ZZ..ZZZ..Z.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.ZZ....ZZ.Z.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.Z.ZZZZ..Z.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.Z.ZZZ......ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.Z.ZZ...Z.ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.Z.Z.ZZZ...Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.Z.Z.ZZ..ZZ.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.Z.Z..Z..ZZ.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.Z..ZZ.ZZ.Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.Z..Z..Z..ZZZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.Z...ZZZZZ..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.Z......ZZZZZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.Z......Z.Z.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ..ZZZZZZZ.Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ..ZZZZZ...Z.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ..ZZZZ.ZZ.Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ..ZZZ.Z...ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ..ZZZ..ZZ.ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ..ZZZ..Z....ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ..ZZ.Z.ZZZ.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ..ZZ..ZZ..Z.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ..ZZ.....ZZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ..Z.ZZZZ.....Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ..Z.Z.ZZ..Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ..Z...ZZ..ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ..Z...Z.Z....Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ..Z...Z..Z...Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ...ZZZZ.Z....Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ...ZZ.Z.ZZ..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ...ZZ.Z.Z...ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ....ZZZZZZ...Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ....ZZZ.ZZZ.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ....ZZZ.Z.Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ....Z.ZZZZ.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ....Z..Z.Z.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ....Z....Z..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.....ZZ.ZZ...Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ......ZZ.ZZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZZZZ.Z..Z.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZZZ..ZZ..Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZZZ...ZZZ..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZZZ....Z...Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZZ..ZZ.Z...Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZZ..Z..ZZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZZ......Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZ.ZZZZZ.Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZ.Z.Z.Z....Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZ.Z..Z.Z..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZ..ZZZZZZZZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZ..ZZZ.Z..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZ..ZZ..ZZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZ...ZZZZ.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZ....ZZ.Z.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZ........Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZ.ZZZZZZZ.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZ.ZZZZZZ...ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZ.ZZZ.ZZ.ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZ.ZZ.Z.Z.ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZ.Z.ZZ.ZZ.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZ.Z.Z.ZZZ..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZ.Z..ZZZZZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZ..ZZZ..Z.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZ..ZZ.Z..Z.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZ..ZZ.Z..Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZ..Z.Z..Z.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZ....ZZ.ZZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZ....ZZ..Z.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZ.....ZZZZ..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z.ZZZZZ.....ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z.ZZZZ.Z..ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z.ZZZZ.Z...Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z.ZZZ.ZZ.....Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z.ZZZ....ZZ.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z.ZZZ.....ZZZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z.ZZ..ZZZZZZZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z.ZZ....ZZ...Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z.Z.ZZZZZZZ.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z.Z.ZZZ.ZZZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z.Z.Z.ZZZ.Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z.Z..ZZZZZZZZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z.Z..Z.Z..Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z.Z..Z..Z..Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z.Z..Z....ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z..ZZZZ.Z.ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z..ZZ.Z.Z.Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z..ZZ.Z..ZZ..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z..Z...ZZ...ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z...ZZZZ..Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z...ZZ..ZZ...Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z...Z.Z..ZZ.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z....Z.ZZZZ..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z....Z.Z.ZZ.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..ZZZZZ.Z..ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..ZZZZ.ZZ..Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..ZZZZ...ZZ..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..ZZZ.ZZZZZZZZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..ZZZ.ZZ.ZZZ.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..ZZZ.Z.ZZ.ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..ZZZ.Z.Z.Z.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..ZZ.ZZ.ZZZ.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..ZZ..Z..Z..Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..ZZ...Z.ZZZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..ZZ.........ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..Z.ZZ.Z...Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..Z.ZZ...ZZ..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..Z.Z.ZZZ.....Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..Z.Z.ZZ.Z.Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..Z.Z.ZZ..Z...Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..Z.Z.Z.Z.ZZ..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..Z.Z...Z.Z.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..Z.Z....ZZ.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..Z..ZZZZ.Z.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..Z..ZZ...ZZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..Z..Z.Z...Z.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..Z..Z...Z.Z.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..Z...Z..Z...ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..Z......Z.ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z...ZZZZ.Z..Z.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z...ZZ..ZZ..Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z...ZZ..Z..ZZ..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z...ZZ.....Z..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z...Z.ZZZZZZ..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z...Z.ZZ.ZZ...ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z...Z.ZZ..Z..ZZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z...Z....ZZZ.ZZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z...Z....Z.ZZ.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z....ZZZ..Z...ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z....ZZ.Z.ZZ...Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z....ZZ...Z.Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z....Z.ZZZ.ZZ.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z....Z.Z......ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z....Z..ZZ.Z..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z....Z...Z.ZZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.....ZZZ.Z.Z.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.....Z.ZZZZ...Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.....Z...ZZ.ZZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.......ZZ.Z..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z........ZZ...ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\ZZZZZ....ZZ.ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\ZZZZ.Z.ZZ.ZZZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\ZZZZ..ZZZ...Z.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\ZZZZ.......Z...Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\ZZZ..Z....ZZZZZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\ZZ.ZZ.ZZ..ZZ...Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\ZZ.Z.Z..Z..Z...Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\ZZ....Z..ZZ.ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\ZZ.....ZZZZZ..ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\Z.ZZZZ........ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\Z.Z.ZZ..ZZ.Z...Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\Z.Z.Z....Z.Z.ZZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\Z.Z..Z..Z..ZZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\Z..Z.ZZZ.Z.ZZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\Z..Z.Z.Z...Z.ZZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\Z..Z.Z..ZZZ.Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\Z..Z.Z..ZZ..ZZ.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\Z..Z..ZZ...Z...Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\Z..Z..Z.ZZZZ.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\Z..Z...ZZZZ....Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\Z..Z....Z.Z..ZZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\Z..Z.....Z.Z...Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\Z...Z...ZZZ.Z.ZZ:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\Z....ZZZ..ZZ.Z.Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\Z....Z.Z....Z..Z:1
@Alternate Data Stream - 512 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\Z........ZZZZ..Z:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZZZ.ZZZ.Z.ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZZ.ZZ.ZZ..ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZZ..Z.Z...ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZZ.....ZZ.ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ.ZZZZ...ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ.ZZZ..Z.ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ.ZZ.ZZ.ZZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ.ZZ.....ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ..Z.....ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZZ...ZZ.ZZ.ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ.ZZZZZ...ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ.ZZ.ZZZZ.ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ.ZZ...ZZ.ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ.ZZ...Z.Z.ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ..Z.Z.Z.Z.ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ..Z...ZZ.ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZZ.....ZZ.Z.ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.ZZZZ..ZZZZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.ZZZ.ZZZZ..ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.ZZZ..ZZZZZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.ZZ.ZZZZ..ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.ZZ...Z.ZZ.ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.Z.ZZZ..ZZ.ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.Z.Z.ZZZZ..ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.Z.Z.ZZ....ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.Z.Z...ZZ..ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.Z..Z..ZZ.ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.Z....ZZZ.ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ..ZZZZZZZ.ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ..ZZZZZ..Z.ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ..Z.ZZ.Z...ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ..Z.Z.ZZ.ZZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ...ZZZZZ..ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ....ZZ.Z.ZZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\ZZ.....ZZ...ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZZ.ZZ.ZZ.ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZZ.......ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZ.Z...ZZZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZZ..ZZZZ..ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZ.ZZZ..Z..ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.ZZ.Z.Z.ZZ.ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z.ZZ..Z.Z..ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z.Z.ZZ.ZZZZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z.Z......Z.ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z.Z..Z.ZZZZZ.ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..ZZZZZ.ZZZZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..ZZ.ZZZ.ZZ.ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..ZZ.ZZZ.Z..ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..Z.ZZZZ....ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..Z.ZZZ..ZZZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z..Z....ZZZZZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z...ZZ.....Z.ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z...Z.ZZZZZ.ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z...Z..ZZZ.ZZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z...Z..ZZ...ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z....Z...Z.Z.ZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ\Z......Z....ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\ZZ.ZZZ..Z.Z.ZZZZ:1
@Alternate Data Stream - 504 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ\ZZ.ZZ...ZZ...ZZZ:1
@Alternate Data Stream - 448 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.Z....Z.ZZ.ZZ:1
@Alternate Data Stream - 448 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z..ZZ.Z.ZZ:1
@Alternate Data Stream - 220 bytes -> C:\Users\All Users\Temp:8FF81EB0
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:8FF81EB0
 
< End of report >


#11 kevincount

kevincount
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 23 May 2013 - 03:02 PM

Extras (part 1 of 2)

 

 

OTL Extras logfile created on: 5/23/2013 1:38:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\KC\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.93 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 39.63% Memory free
6.08 Gb Paging File | 3.60 Gb Available in Paging File | 59.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 78.58 Gb Free Space | 27.36% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.82 Gb Free Space | 16.68% Space Free | Partition Type: NTFS
Drive E: | 136.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 961.33 Mb Total Space | 780.41 Mb Free Space | 81.18% Space Free | Partition Type: FAT
Drive G: | 7.39 Gb Total Space | 0.34 Gb Free Space | 4.57% Space Free | Partition Type: FAT32
 
Computer Name: CO-PC | User Name: KC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021A6D01-44B6-4CBD-9913-EB7570B3CBAD}" = lport=3389 | protocol=6 | dir=in | name=term services | 
"{0FAF30C0-C647-4E58-8C61-E5D3DFC2486D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{154C3BC8-A328-4A2D-8B06-2B815F0353A8}" = lport=427 | protocol=17 | dir=in | name=printer | 
"{2E089747-34DB-420E-82AE-FCF4523BB7BF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2FDA996C-A26C-4BCF-ADD6-B93C82162729}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe | 
"{3192CA40-D67D-42F0-B9AC-943D68A8400C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F841380-58EA-433C-8785-4652C342EC15}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4737FDE3-252D-4845-882F-362F609733FE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4DB2C980-DFCC-4DB9-A116-AEAEE652D504}" = lport=8033 | protocol=6 | dir=in | svc=intuit entitlement service v5.3 | app=c:\program files\common files\intuit\entitlement client\v5.3\server\intuit.spc.map.entitlementclient.server.service.exe | 
"{53D3977F-4084-42A8-A1EA-7EB558C41956}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{542BD2B5-42E5-46C2-A6AD-50CC3D3F713C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{55A9F939-3D18-4CC6-AB52-850BB2085F21}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface | 
"{5AE0E2D8-C5C4-4C92-A561-C48B28AEBEB3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5B3ADD28-202E-4742-8B29-C974323E2B70}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5EF061E7-E409-417C-A320-049F123F07FC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6856D7C1-5F0F-43A1-8617-7C745295D791}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6E0817FB-BEF7-4E8E-9C51-42F47ACCCF6F}" = rport=8034 | protocol=6 | dir=out | svc=intuit entitlement service v5.3 | app=c:\program files\common files\intuit\entitlement client\v5.3\server\intuit.spc.map.entitlementclient.server.service.exe | 
"{703D2E56-7F90-43CF-A5FD-7E4AD755E896}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{731B0123-92D0-4AB8-B3C5-69116E2836E3}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{8A9202E6-3881-4772-9493-3F1BD0050E92}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8FC15C2E-6A3E-4C0B-8BBD-A8132C0DA6B7}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe | 
"{968A43A7-A384-4C3A-8656-A928BB175FC5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{99ABF47A-0ED7-4173-BF02-D94FC026AA28}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A1D99F58-BAEE-4079-AF85-8F7F35A7320A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AB944706-A589-4558-9B83-734E4AF90F91}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{ACEAEA7A-80EB-4E84-A3AC-0BC512B9AC73}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B5A03DC6-97FC-4DB1-AB2E-3042C989CB1E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BEED3E58-7886-4A34-B7A4-D1E46C972297}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C9D99DC0-6D50-4964-A6E8-3FFB5ACC908F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CFCA0AEF-52AF-434D-B88D-A7B2729A022E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D116DFD6-FB6F-466A-96BD-3685779907B5}" = lport=8033 | protocol=17 | dir=in | svc=intuit entitlement service v5.3 | app=c:\program files\common files\intuit\entitlement client\v5.3\server\intuit.spc.map.entitlementclient.server.service.exe | 
"{D3D3F7CF-EE8C-465C-BBE2-D71B66970CA4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{DD768E1C-7412-46A7-8EC9-209D30BAF909}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E3EC1C9A-91DC-42B4-831D-417A06B9983A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E58C5B52-6A31-4D74-AD6F-072EEB8DF4DC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EEC818A1-2C6F-4ECA-8E45-9FBCB1EDE8BD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EF0465EC-52A9-4536-B80C-5E88BFE8F02D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{F0F77DE8-6DDD-4716-A866-C4E33ED39C10}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F8A83B63-5E54-4F22-993E-472314B6B1DC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{FEDBEEA6-EE59-454D-BF47-485DE7EE3E15}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BFB1B0-4D1D-40EB-B769-30E6A5046DF0}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"{030C2A4F-EC03-4C18-9CF2-54101EC1F858}" = protocol=6 | dir=in | app=c:\users\kc\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{04E9986F-7363-48EB-925C-93D719CF1E6C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{0B080EBD-E572-4667-B241-A8AA6BF7CD28}" = protocol=17 | dir=in | app=c:\program files\addthis toolbar\troubleshooter.exe | 
"{0C265FCD-FDC0-49FF-A86E-9BDD6210F699}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{0DC466D2-B71D-4855-B2EE-9B5208028E4E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{0F5EB753-E9A0-4ABB-BFF0-3B1AC05C58B9}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{10B18C02-1F00-4B84-9916-B4A4B591F47E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe | 
"{13318ACB-768D-47BF-8D6E-F1CB6A63602C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{13D884B7-290A-4DD9-BF0B-E06854BA6A45}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe | 
"{1460DAC6-84D3-4713-9F17-76E056677D66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{14936185-7395-4548-A12A-388F07AF0EC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{15DDD1AA-219B-4CE8-9A75-F1E581701FFF}" = protocol=6 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\eftsvr.exe | 
"{1C9BB163-358A-4126-8F2E-68FF82BD0C7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1CA6DA7F-BC48-4F31-89C1-D07D5477E254}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{1D0A467E-D183-40AF-8E0A-EB09D40C4849}" = protocol=17 | dir=in | app=c:\program files\addthis toolbar\toolbarupdate.exe | 
"{1E143AA3-2E90-44D6-BC11-D2EEF4606F35}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2467AE64-D54A-4EAB-98D5-CAA464D5684E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{24845DDC-3877-4CD4-80F1-750DC2B327C2}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{24BAAEE7-01C2-4C86-92D8-091FE04D7036}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{26348E9D-02C6-4EF4-97FC-3E879B8245D5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{2EF10CB4-0223-4448-A283-6ABDB26C39D4}" = protocol=6 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\qbposdbservice.exe | 
"{312EF398-A796-4096-BA2B-AA3C4E1A730A}" = protocol=17 | dir=in | app=c:\users\kc\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{31E900F0-2208-4218-BFF0-D0B743876FC9}" = protocol=6 | dir=in | app=c:\users\kc\appdata\local\akamai\netsession_win.exe | 
"{3391A081-1AED-4D5D-B32A-96C34E76091F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{39316198-7F1C-4A35-829F-400ACA5027FE}" = protocol=17 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\qbdbmgrn10.exe | 
"{3B3EA53B-08C9-4A4B-B0CA-0C9CFEC145A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3BD0141D-87EC-4D60-8956-71808AE02C71}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3D39A723-FD0D-44AA-B0CE-AC6A0052FCF2}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\sendafax.exe | 
"{3D42EDC4-CBE6-4FC1-8B94-1717375B5767}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{3DF381F7-CFDD-401A-BD5E-DC843B9B38B9}" = dir=in | app=c:\program files\wyse\pocketcloud windows companion\pocketcloudservice.exe | 
"{3F2C97F1-64B8-493C-BC4A-0C1E2A5AB3F7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{427F2943-542A-40A8-952D-950D49165219}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{46B24018-0B43-4576-BE31-6A3F28EE00CE}" = protocol=6 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe | 
"{48FB3A65-8F96-46D9-AC92-1B10535892C7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4D29BBDD-4642-4316-B1E4-5695EAC01431}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe | 
"{5120093C-D209-4996-BE2B-2605E7046930}" = protocol=6 | dir=in | app=c:\program files\addthis toolbar\troubleshooter.exe | 
"{5326FAAA-19B7-40E0-ACE8-604D5A0BBF1B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5481EBC8-2CB6-4D92-88DE-8606B29BF7D9}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{569FCC82-F60E-4219-8EEE-84E527BDF43F}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{577C0265-48D5-4427-BBF0-39E1516DC4B1}" = protocol=17 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\eftsvr.exe | 
"{58AC3882-06D2-400F-A47C-A660442F7022}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{5D846E92-E98C-4620-B471-12281EB313BB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{634B1C76-4BF4-41E6-BCCF-35D2DF7FAD99}" = protocol=17 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\qbdbmgr10.exe | 
"{63A509EB-D982-4844-9A16-4CFFFA81E70D}" = dir=in | app=e:\setup\hpznui01.exe | 
"{6470FB4A-5782-44D3-B8B0-F572E636D271}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{64927DB3-2A27-4369-8201-C34F633CE9F3}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe | 
"{69B75880-D713-4150-AB6B-EB3BD873532B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe | 
"{6D06B3C3-B973-4F75-A19B-A6053586B46A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{703F1A1B-329C-4EA8-AB9D-12CBECE8BE26}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{70BD1CD5-9C40-4DD9-A4A9-738E5B05BC44}" = protocol=6 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\qbdbmgrn10.exe | 
"{76D37158-8FF9-4E09-91E0-FFA8130FCE8F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{7A340817-1261-41A3-B772-904E4041072B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{7A82566D-F9D0-4337-8B55-C79EEC721A5F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7E236A14-D3D4-4D33-AA88-F8264851CC51}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{867B38A3-8B40-41B2-8C82-A0CC076AFCF2}" = protocol=6 | dir=in | app=c:\program files\addthis toolbar\toolbarupdate.exe | 
"{86A19635-9DDC-4986-B2D7-136E38890237}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{87732881-261A-435D-9913-A822B2F99B1F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{87CA6A5B-7F5A-45BC-8D1E-8933FB440D30}" = protocol=6 | dir=out | app=system | 
"{8B1C9D83-FA4B-45D3-A2B2-459B9AE205BF}" = protocol=6 | dir=in | app=c:\program files\common files\intuit\entitlement client\v5.3\server\intuit.spc.map.entitlementclient.server.service.exe | 
"{98D90B3A-8A53-4603-AFA8-138FFFA5B603}" = protocol=17 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\qbposdbservice.exe | 
"{99827241-3987-4E0A-8552-D3C247480112}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{99F89C3C-4D80-4AD9-B6C7-421AEC8417C1}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\faxapplications.exe | 
"{9A244DA9-62E6-419C-AD7A-124ECFD0A80A}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\digitalwizards.exe | 
"{9C6C973E-4641-4033-848C-5BD2703988C5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A04F0DA3-2D17-402B-B25C-2B70DBE44509}" = dir=in | app=c:\program files\wyse\pocketcloud windows companion\wysebrowser.exe | 
"{A0FBF97A-0F46-4641-BBB2-FED1A87A42B3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{A296F926-32AE-439E-9CD8-53766565A658}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{A3E0455C-7585-4C6F-94FB-98F09ED24FFA}" = protocol=17 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe | 
"{A8C5B86D-C348-4189-846F-6B6120A97CA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AAC61AFC-B6B5-47D2-B812-233D4D21F7A9}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe | 
"{AAE6EF46-CCB5-4F81-A0BE-98A20A5DC950}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{ACDBA771-C70D-4EAA-B9C7-9BB041F18731}" = protocol=17 | dir=in | app=c:\users\kc\appdata\local\akamai\netsession_win.exe | 
"{AD30A8DA-434E-4BCE-A19F-5434180A64A4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{BC79B331-FEA2-4F11-A669-E9E9BF40778F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BDFDA879-9F59-47B6-A72E-87E9EBCD2032}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{C0E4A5DE-024B-43A5-A516-465CF1D6D2BC}" = protocol=6 | dir=in | app=c:\users\kc\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C43B159A-876C-4DAB-AC5E-6AE77FFF37A6}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{C48569C2-0B73-40FA-9E29-BE20083A4E73}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{C722F17E-E078-4CCD-9399-6EE3ED97E68A}" = protocol=6 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\databaseserver\qbdbmgr10.exe | 
"{C7EB794A-7C9D-404C-83C7-A5E1E2315DCA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CD2788DF-26C1-431B-BA71-55E1772B6152}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{D5ED36CC-E6DD-4107-A034-12B2047EACC7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{D8567AAF-9584-4B4D-9D95-E326E1F4FF47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D93C9C79-D3EB-4C9C-B26B-A297D08F50DC}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe | 
"{E0F82440-024B-469A-B5A7-0CA9FA21078A}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{E64C42B5-7873-450B-8A99-C51BF1BF3D94}" = dir=in | app=c:\program files\wyse\pocketcloud windows companion\wyseremoteaccess.exe | 
"{E6FACE7F-A5CE-4AF5-994D-36A37764524D}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"{E9AF2B85-8FE3-454B-B30D-F6AC78190716}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F406520B-B391-4CE9-B7C0-7750A951D66E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{F467BBDC-DFCC-4D48-B44C-97456CC8E3B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F5E0D896-C684-44C9-9047-E5D0C198F5BF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F7837B6B-CC39-42D8-A834-2FF19B8692E6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{F89EE4FD-278F-49D2-BC04-49EDDF40B1C8}" = protocol=17 | dir=in | app=c:\users\kc\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FC7BA803-81FA-443F-82FC-27752F9CFDF8}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{FFAB5155-65D6-400B-9C20-517B7E45830F}" = protocol=17 | dir=in | app=c:\program files\common files\intuit\entitlement client\v5.3\server\intuit.spc.map.entitlementclient.server.service.exe | 
"TCP Query User{04DC4400-66B0-4772-9828-34E275B742C6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{0E554D7E-6BD2-457E-85F3-3A4CD24E4245}C:\wincalc\wincalc.exe" = protocol=6 | dir=in | app=c:\wincalc\wincalc.exe | 
"TCP Query User{22729030-77A9-46EC-BDF2-4F6E8429BB3A}C:\program files\filemaker\filemaker pro 12\filemaker pro.exe" = protocol=6 | dir=in | app=c:\program files\filemaker\filemaker pro 12\filemaker pro.exe | 
"TCP Query User{42A60610-ECCD-4ECF-9B59-931F45DC0F03}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{57F37175-490B-4854-A5A9-AD368E5D4411}C:\users\kc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kc\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{6EE59006-D455-413D-A431-EE7A1D2CCF07}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{6FC26FD1-D2C5-4D1E-813A-EB23781B1A9C}C:\users\kc\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kc\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{8057B939-9088-49E7-A97A-2D50DE113D4A}C:\program files\act\act for windows\actsage.exe" = protocol=6 | dir=in | app=c:\program files\act\act for windows\actsage.exe | 
"TCP Query User{937053D6-49B7-4F4C-9987-FFA711013BE4}C:\program files\hp\toolboxfx\bin\hptlbxfx.exe" = protocol=6 | dir=in | app=c:\program files\hp\toolboxfx\bin\hptlbxfx.exe | 
"TCP Query User{9802F7F0-2E61-409B-8F32-39BEC4620E11}C:\program files\mve cloud\tsclient.exe" = protocol=6 | dir=in | app=c:\program files\mve cloud\tsclient.exe | 
"TCP Query User{9BC5A1D4-B0C7-405C-988C-77000DCBC0AF}C:\program files\act\act for windows\actsage.exe" = protocol=6 | dir=in | app=c:\program files\act\act for windows\actsage.exe | 
"TCP Query User{9D96B1E2-B1FF-452C-AD62-2DD86F41A66F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{ABAA024D-8286-4F5B-817E-F1F9149CC01B}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"TCP Query User{C5B52762-EBCC-48A2-ACF0-55D0D3917CA1}C:\program files\hp\toolboxfx\bin\hptlbxfx.exe" = protocol=6 | dir=in | app=c:\program files\hp\toolboxfx\bin\hptlbxfx.exe | 
"TCP Query User{D8789F67-AC2C-4610-A7CD-78C72ABF6AB2}C:\users\kc\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kc\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{DFF7C6E3-4C20-4F78-A67B-6B54699D69F0}C:\users\kc\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\kc\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{E77A5255-CE1A-43DD-B5F7-E099E56B0F4F}C:\program files\filemaker\filemaker pro 12\filemaker pro.exe" = protocol=6 | dir=in | app=c:\program files\filemaker\filemaker pro 12\filemaker pro.exe | 
"TCP Query User{E9CD55FE-9AAF-4473-92A7-75095777333C}C:\program files\intuit\quickbooks point of sale 8.0\eftsvr.exe" = protocol=6 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\eftsvr.exe | 
"TCP Query User{F48C5D1B-E738-48E1-A761-8B95A930794E}C:\wincalc\wincalc.exe" = protocol=6 | dir=in | app=c:\wincalc\wincalc.exe | 
"TCP Query User{F8631BFD-1EB0-4229-8365-6EA2598B782B}C:\program files\mve cloud\tsclient.exe" = protocol=6 | dir=in | app=c:\program files\mve cloud\tsclient.exe | 
"TCP Query User{FA5493CE-3C7F-4B8A-963E-56CF66A76742}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{19A8B800-5165-497B-AEA2-4672BA2FD7AC}C:\users\kc\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kc\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{26FFB226-F5C1-4963-B811-8283EBDB87AE}C:\wincalc\wincalc.exe" = protocol=17 | dir=in | app=c:\wincalc\wincalc.exe | 
"UDP Query User{44A84676-77DB-4B70-B89C-E3A5F738ACA6}C:\program files\intuit\quickbooks point of sale 8.0\eftsvr.exe" = protocol=17 | dir=in | app=c:\program files\intuit\quickbooks point of sale 8.0\eftsvr.exe | 
"UDP Query User{518337AA-DDF7-4AD9-B5EA-0C55F6CA27AA}C:\program files\act\act for windows\actsage.exe" = protocol=17 | dir=in | app=c:\program files\act\act for windows\actsage.exe | 
"UDP Query User{5248CD36-8C0B-482A-A676-175C39A0D036}C:\program files\mve cloud\tsclient.exe" = protocol=17 | dir=in | app=c:\program files\mve cloud\tsclient.exe | 
"UDP Query User{5E7B871C-A287-4801-A652-82EDC82327E8}C:\program files\act\act for windows\actsage.exe" = protocol=17 | dir=in | app=c:\program files\act\act for windows\actsage.exe | 
"UDP Query User{6862CB7E-C13F-4F56-A50D-9DAA11B97930}C:\program files\mve cloud\tsclient.exe" = protocol=17 | dir=in | app=c:\program files\mve cloud\tsclient.exe | 
"UDP Query User{6BE553BB-8700-428A-AB2D-6AB0607A4793}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{7F6BC10E-96FD-460B-9EEB-0005208C2A04}C:\wincalc\wincalc.exe" = protocol=17 | dir=in | app=c:\wincalc\wincalc.exe | 
"UDP Query User{86EB9F77-0891-41C8-85C9-46AD33AB0528}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{AB36E5CF-A2CE-427C-A59F-515CD197FDD4}C:\program files\filemaker\filemaker pro 12\filemaker pro.exe" = protocol=17 | dir=in | app=c:\program files\filemaker\filemaker pro 12\filemaker pro.exe | 
"UDP Query User{B0512897-638F-4E21-B8B8-D3411433FE8B}C:\users\kc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kc\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{BD14FAFB-E1C4-45D6-BD5C-DFB57CBDF119}C:\users\kc\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\kc\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{C16A66E1-B56D-4F21-9315-39E1BC074BB3}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{C20A9A38-00A9-4754-86CB-BA2D2F8AE9F0}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"UDP Query User{CC4887CD-11E0-45C1-8804-95ECDC94A0C6}C:\program files\filemaker\filemaker pro 12\filemaker pro.exe" = protocol=17 | dir=in | app=c:\program files\filemaker\filemaker pro 12\filemaker pro.exe | 
"UDP Query User{D71E5135-6EB5-4A54-8AD5-DD92EF02AF3E}C:\users\kc\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kc\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{E986A121-F484-4823-A373-FD55AA5BAB7F}C:\program files\hp\toolboxfx\bin\hptlbxfx.exe" = protocol=17 | dir=in | app=c:\program files\hp\toolboxfx\bin\hptlbxfx.exe | 
"UDP Query User{F97B9EFF-0FA6-4DA8-BB0A-45F1C5F3E9AA}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{F9F433B6-7F79-4EC1-B30C-DDBFE31D6822}C:\program files\hp\toolboxfx\bin\hptlbxfx.exe" = protocol=17 | dir=in | app=c:\program files\hp\toolboxfx\bin\hptlbxfx.exe | 

extras (part 2 of 2)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 Management Studio
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D76888D-7B55-4D71-8D35-F0D66F2B588F}" = hppTLBXFXCP2020
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{121475F5-2598-4574-8801-8F6B3D6A99BB}" = SQL Server 2008 R2 Management Studio
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
"{1453ED8B-A6BD-4CC1-8497-2F53EE82ED5B}" = QuickBooks Point of Sale 8.0
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185292F7-7C0A-4F72-B2CC-CBEBD40B050E}" = Microsoft SQL Server 2008 R2 Native Client
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{198945E2-E089-4094-A63D-166DBE8B87DF}" = FileMaker Pro 12
"{198945E2-E089-4094-A63D-166DBE8B87DF}_FileMaker" = FileMaker Pro 12
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1E0A64C0-7071-11D4-B2F8-00105AF63544}" = DVI Remote Rx Entry
"{1EA0260A-CE18-A022-DF3A-0AF6136B226E}" = Market Samurai
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{2B1DB2FA-9E05-3494-B7CE-16F3236CAE3F}" = Acrobat.com
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3ADE0E5D-C790-4FF3-86C9-ADC2251FE61D}" = 2X Client
"{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43523FEF-9D8E-4572-BB11-0E914D366E0A}" = LightScribe Template Labeler
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{46235FF7-2CBE-4A84-BEDA-87348D1F7850}" = HP Officejet Pro 8600 Help
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{48B08845-0CB0-45EC-893C-15319ADDA312}" = Microsoft SQL Server 2008 R2 Setup (English)
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 SP1 Database Engine Services
"{58795EE4-FCF7-43A4-A5F6-269E69D0CD0B}" = ACT! by Sage 2010
"{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series
"{59996900-0E6C-45B7-8C39-C64CB98462E4}" = Microsoft Web Platform Installer 2.0
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{600AB648-F79B-41EC-B426-A49A7DB121EA}" = HP Officejet 6500 E710n-z Basic Device Software
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65601901-7C80-4C4D-A4C8-566D9957C0F7}" = SmartFTP Client
"{6567F265-62EC-4BA9-9629-6B483B608854}" = SmarterMail Sync for Outlook 2003 and above
"{6616D7A3-EF4E-40E1-B4CE-45E84A89EF77}" = hppManualsCP2020
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C64AB8C-F78B-45C0-98E3-6DE9702E0225}" = Microsoft Office Live Meeting 2007
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (_OPTEK)
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76338996-51E5-4CE0-A6FE-5A83729C2154}" = Sehen Erleben
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DA4EC4-8E94-45D4-B047-027B662EC6A6}" = Labeler
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79ACC31A-87EA-472A-853E-5AC6A97CE569}" = HP Officejet Pro 8600 Product Improvement Study
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7DCF7BBA-39A9-4e27-9154-F57BCED90CBF}" = HP Officejet J6400 Series
"{7DECB2A6-C226-6042-9C2B-83316950D30E}" = Pandora
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8C169B-D493-42C7-A975-7C1E0E4C5847}" = PocketCloud Windows Companion
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8EAB4100-B343-41AE-A880-418746998209}" = HP Officejet Pro 8600 Basic Device Software
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91B9368F-6C6F-3DB5-9CBA-6CAD56035B26}" = Google Talk Plugin
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93968FB2-C67A-4A9B-80C2-5D4D9393058E}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}" = System Requirements Lab for Intel
"{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F0810-3623-4E86-9072-973FBE1679C5}" = QuickBooks Premier: Accountant Edition 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{A5F39441-3414-4db2-9A71-0BA8AB3CB16A}" = HP Color LaserJet CP2020 Series 1.0
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ad33520f-598a-4f9f-a2f1-39fd832d8617}_is1" = CMS-1500 (5.0)
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B19E35D4-A530-4F2B-BF74-ACB2223DE20B}" = hpzTLBXFX
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 SP1 Database Engine Services
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B946D46E-1302-48B4-84EE-B74C3191D975}" = Corel Painter Essentials 2
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB558CDC-C7BE-44D0-9260-B810D66702C4}" = 6500_E709n
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59587F6-A0BC-40A7-AFE9-E7E368FDB742}" = HP Print View Software
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 SP1 Common Files
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D428AB95-35B2-4868-B656-5C316E25EC69}" = SQL Server 2008 R2 Database Engine Services
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files 
"{D71D57E0-11FB-4D6F-9930-95214AF70DBB}" = CT-S300 x32 v157
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DEA7B1A4-24EC-4347-9742-EE28DEFF3625}" = AnyForm
"{DF781E6F-BF29-4340-BEFB-09F7511B424D}" = SQL Server 2008 R2 Database Engine Services
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{EB59768B-8E82-45E8-8225-2BC9CE355481}" = hppPQVideoCP2020
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE55714B-B67C-4D08-97AE-0CF4AC5A3A77}" = StuffIt Expander 2010
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help
"{F655FEC2-EB66-4B94-8F51-B2A8EE6FE374}" = Sony Sound Forge Audio Studio 9.0
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 SP1 Common Files
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2CC6CDFCB4BBBB42596B33BF910114E0982B07A6" = Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports  (11/15/2007 5.1.2600.0)
"426BB71EACDB64FF41684DB46CC07442F338C232" = Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0)
"883C04C33C70062A4AD0ED48685D05F25A854C1D" = Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02)
"8E34866C72B4ED9C8D3B60249DA48CF113B9FFBE" = Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0)
"ABE36B9BBD00CD433A4454EBCAD52F303406A488" = Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02)
"ActiveTouchMeetingClient" = WebEx
"AddThis Toolbar" = AddThis Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Illustrator 7.0" = Adobe Illustrator 7.0
"Adobe Illustrator 9.0 Tryout" = Adobe Illustrator 9.0 Tryout
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"ADOS Automatical Design of Optical Systems_is1" = ADOS Demo version 1.1
"Akamai" = Akamai NetSession Interface Service
"Any Video Converter_is1" = Any Video Converter 3.2.3
"Artisteer 2" = Artisteer 2
"Artisteer 4" = Artisteer 4
"AT&T Unified Messaging" = AT&T Unified Messaging
"AT&T Yahoo! Browser Configuration" = AT&T Yahoo! Browser Configuration
"ATT-Management Agent" = ATT-Management Agent
"AudibleDownloadManager" = Audible Download Manager
"avast" = avast! Free Antivirus
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1" = Pandora
"CutePDF Writer Installation" = CutePDF Writer 2.8
"D02BFA1D18A534511E58A5C30EF636268A9B227C" = Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0)
"eChart Acuity_is1" = eChart Acuity version 2.04
"Excel Invoice Manager_is1" = Excel Invoice Manager 2.21.1024
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Google Chrome Frame" = Google Chrome Frame
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Marketing Resources" = HP Print View Software
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"ieSpell" = ieSpell
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{58795EE4-FCF7-43A4-A5F6-269E69D0CD0B}" = ACT! by Sage 2010
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Intuit SiteBuilder" = Intuit SiteBuilder
"Java Media Framework 2.1.1e" = Java Media Framework 2.1.1e
"Jawbone Updater" = Jawbone Updater
"LionClock 20114.54" = LionClock 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Med Claim Software_is1" = Med Claim
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 12.14.1738" = Opera 12.14
"Optronics VisionWeb Trace Server_is1" = Optronics VisionWeb Trace Server
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Picasa 3" = Picasa 3
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"Ray-Ban Rare Prints screensaver Screensaver" = Ray-Ban Rare Prints screensaver Screensaver
"RealPlayer 15.0" = RealPlayer
"SHAW Lens Designer" = SHAW Lens Designer 1.50.2
"Shop for HP Supplies" = Shop for HP Supplies
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SPX Art Kids Screensaver" = SPX Art Kids Screensaver
"ST6UNST #1" = Optical Analysis
"STANDARDR" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Visual Lab Pro" = Visual Lab Pro
"Visual Lab Pro/Calc" = Visual Lab Pro/Calc
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WildTangent hp Master Uninstall" = HP Games
"WinLens3D Basic_is1" = WinLens3D Basic
"WinRAR archiver" = WinRAR archiver
"WT084388" = Virtual City
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1796131044-1765537854-2342951633-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{dfc307dd-ab9f-4f7b-844c-a97d6e70cac4}_is1" = FitLive 1.3.00
"Akamai" = Akamai NetSession Interface
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.8.0.723
"JoinMe" = join.me
"OpticalOnline 2.0" = OpticalOnline 2.0
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/23/2013 2:41:08 PM | Computer Name = CO-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 15
 
Error - 5/23/2013 2:41:08 PM | Computer Name = CO-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 16
 
Error - 5/23/2013 2:41:08 PM | Computer Name = CO-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 17
 
Error - 5/23/2013 2:41:08 PM | Computer Name = CO-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18
 
Error - 5/23/2013 2:41:08 PM | Computer Name = CO-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19
 
Error - 5/23/2013 2:41:08 PM | Computer Name = CO-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20
 
Error - 5/23/2013 2:41:08 PM | Computer Name = CO-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21
 
Error - 5/23/2013 2:41:08 PM | Computer Name = CO-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22
 
Error - 5/23/2013 2:41:08 PM | Computer Name = CO-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23
 
Error - 5/23/2013 2:41:08 PM | Computer Name = CO-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24
 
[ Media Center Events ]
Error - 11/1/2010 8:34:37 PM | Computer Name = CO-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
[ OSession Events ]
Error - 2/14/2013 5:35:19 AM | Computer Name = CO-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 232371
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 3/5/2013 1:25:55 PM | Computer Name = CO-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 86898
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 3/20/2013 2:52:52 PM | Computer Name = CO-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 915
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 3/23/2013 10:24:14 AM | Computer Name = CO-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1028
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 4/4/2013 12:27:34 PM | Computer Name = CO-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3707
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 4/4/2013 12:30:35 PM | Computer Name = CO-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 175
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 4/5/2013 11:00:55 AM | Computer Name = CO-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 81013
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 4/30/2013 12:21:17 PM | Computer Name = CO-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 569
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 4/30/2013 12:51:50 PM | Computer Name = CO-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1803
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 5/9/2013 12:20:45 PM | Computer Name = CO-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2961
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 5/19/2013 4:52:50 PM | Computer Name = CO-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 5/19/2013 4:52:50 PM | Computer Name = CO-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 5/19/2013 4:52:59 PM | Computer Name = CO-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 5/19/2013 4:55:12 PM | Computer Name = CO-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 5/19/2013 5:05:19 PM | Computer Name = CO-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 5/19/2013 5:11:18 PM | Computer Name = CO-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 5/22/2013 9:58:25 AM | Computer Name = CO-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 5/23/2013 12:08:54 PM | Computer Name = CO-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 5/23/2013 12:10:29 PM | Computer Name = CO-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 5/23/2013 12:15:05 PM | Computer Name = CO-PC | Source = LSM | ID = 1048
Description = 
 
 
< End of report >


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:01 AM

Posted 24 May 2013 - 03:28 AM

Hi Kevin,

 

 

I guess the system is running slower because now MSE is active again and you have 3 antivirus installed at the moment.

Having more than one "real-time" program can be a drain on your PC's efficiency...

 

 

I do not recommend that you have more than one anti virus product installed and running on your computer at a time.  The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".  It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials and Norton Internet Security and leave only avast! installed.

 

Download the Norton Removal Tool and run it to clean the remnants from Norton.

 

Download the MS FixIt and run it to clean the remnants from MSE.

 

Also please download and run the following tool.

 

Click Run It and then click Run and follow the prompt. Press Accept. From the next options select the first one "Detect problems and apply the fixes for me (Recommended).

From the next Windows select Uninstalling.

From the list that comes up if Microsoft Security Essential is listed select it. But If it is not listed, in that case select Not Listed and press Next.

If you select not listed it will ask you to enter the product code, copy and paste the following code: {390DD8BB-BB57-4942-A029-2D913E4E9D74}

Click Next and wait. At the end it will tell you that the problem is fixed.

 

3) If you are not a paid customer of MBAM I suggest you to uninstall MBAM, clean the leftovers with the following tool =>  mbam-clean.exe and then re-install MBAM without activate the trial license.

4) Also go ahead and uninstall Bitdefender QuickScan Control and Norton Security Scan.

 

5) You have a lot of programs running with Windows. Run the following tool => StartupLite and disable any programs that you don't need to load with Windows.

 

 

Did you set this proxy?

 

IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

Also please do this:

 

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following quotebox into the main textfield:

     

    :filefind

    nwlnkfwd.sys
    nwlnkflt.sys
    ipinip.sys
    MRENDIS5.sys
    MREMPR5.sys
    appmgmts.dll

    :folderfind

    Microsoft Security Client

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

 

 

Download file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

  • Also please download AutoRuns and save it to your desktop.
  • Right click on the downloaded file and choose Extract All Files.
  • Once extracted, open the program named Autoruns.
  • Next go to File -> Save and choose the file type to arn File (.arn).
  • Please zip & attach the file to your next reply.

 

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 24 May 2013 - 03:29 AM.

cXfZ4wS.png


#13 kevincount

kevincount
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 24 May 2013 - 03:17 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 12:06 on 24/05/2013 by KC
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "nwlnkfwd.sys"
No files found.
 
Searching for "nwlnkflt.sys"
No files found.
 
Searching for "ipinip.sys"
No files found.
 
Searching for "MRENDIS5.sys"
No files found.
 
Searching for "MREMPR5.sys"
No files found.
 
Searching for "appmgmts.dll"
No files found.
 
========== folderfind ==========
 
Searching for "Microsoft Security Client"
C:\ProgramData\Microsoft\Microsoft Security Client d------ [19:27 26/01/2011]
C:\Users\All Users\Microsoft\Microsoft Security Client d------ [19:27 26/01/2011]
 
-= EOF =-

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-05-2013 02
Ran by KC at 2013-05-24 12:34:22 Run:3
Running from C:\Users\KC\Desktop
Boot Mode: Normal
 
==============================================
 
permissions for C:\Windows\system32\FirewallAPI.dll were reset successfully 
 
==== End of Fixlog ====

Attached Files



#14 kevincount

kevincount
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 24 May 2013 - 03:19 PM


 

 


I did not set this.  Nor do I even know what this is.

 

 

 

IE - HKU\S-1-5-21-1796131044-1765537854-2342951633-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>



#15 kevincount

kevincount
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 24 May 2013 - 03:20 PM

System is running much better.  Explorer for some reason still wont download but now does surf the internet.  Chrome on the other hand seems fully functional.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users