Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Fake "Low Disk Space" error message

9K views 24 replies 2 participants last post by  askey127 
#1 ·
I receive daily a "Low Disk Space" error message which is incorrect and in my estimation fradulent. It goes on to give an alternative to rectify this situation by offering to "Speed up your computer and remove all viruses that are on your computer." Of course all of this is for a price. If you opt in and then change your mind before you totally commit they offer the same package for half price. I refuse to be "sucked in" by this fraudulent company.

I have gone to the internet to try and find out how I may get rid of this enemy. I have used Malwarebytes, Microsoft Security Essentials and Microsofts Security fix program all to no avail. I am at my 'wits end' trying to rid my computer of this plague. This is the url that the message comes through as. I cannot find out any source that will identify its origin: http://static.salesresourcepartners.com/g/?z=1&ilmernzkvtaztu=002618B38EDC0810&pu=cGlja3VwaG9ja2V5LmNvbQ==&s=iexplore&nm=ilmernzkvtaztu&t=aHR0cDovL3d3dy5waWNrdXBob2NrZXkuY29tL2ZvcnVtL3RvcGljLmFzcD9UT1BJQ19JRD0yODIzNw==&r=1

I need help.

Thanks,

Doug. Bell
 
#2 ·
Hi dougbell4422,
The information you provided is not enough to take any action.
Ther were no log results in your post.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator". If you have XP, just double click OTL to run it.
  • If your system is 64-bit, Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
 
#3 ·
OTL logfile created on: 10/15/2013 12:06:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Doug Bell\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 3.58 Gb Available Physical Memory | 59.78% Memory free
11.98 Gb Paging File | 9.60 Gb Available in Paging File | 80.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.76 Gb Total Space | 294.58 Gb Free Space | 64.92% Space Free | Partition Type: NTFS
Drive D: | 11.91 Gb Total Space | 2.14 Gb Free Space | 17.98% Space Free | Partition Type: NTFS
Drive J: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.16% Space Free | Partition Type: FAT32
Drive K: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.16% Space Free | Partition Type: FAT32
Drive L: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.15% Space Free | Partition Type: FAT32
Drive M: | 7.45 Gb Total Space | 0.01 Gb Free Space | 0.17% Space Free | Partition Type: FAT32
Drive N: | 3.73 Gb Total Space | 0.10 Gb Free Space | 2.65% Space Free | Partition Type: FAT32

Computer Name: DOUGBELL | User Name: Doug Bell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2013/10/15 11:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Doug Bell\Downloads\OTL.exe
PRC - [2013/10/08 13:26:46 | 000,829,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
PRC - [2013/09/20 10:57:08 | 000,064,008 | ---- | M] (Google) -- C:\Users\Doug Bell\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/09/02 10:29:08 | 005,071,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/30 15:16:16 | 000,310,920 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\Doug Bell\AppData\Local\The Weather Network\weathereye.exe
PRC - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/15 12:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2010/11/20 08:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009/11/08 23:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files (x86)\WordWeb\wweb32.exe
PRC - [2009/06/04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/09 07:08:38 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2007/07/19 17:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Doug Bell\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2009/08/19 20:59:06 | 000,022,736 | ---- | M] () -- C:\Program Files (x86)\WordWeb\WUCNT.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/03 21:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/10/08 14:26:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/02 10:29:08 | 005,071,712 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/15 12:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/07/19 17:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 02:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/12/19 22:46:50 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/26 18:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/09/11 17:04:50 | 006,177,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/10 03:50:16 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 10:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 14:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/08 12:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/24 18:53:04 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B0E88C92-8774-4AA4-B4A9-E5343FA62456}
IE:64bit: - HKLM\..\SearchScopes\{61A2D295-1D81-42F3-AB8A-E8B08DA7F25C}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{B0E88C92-8774-4AA4-B4A9-E5343FA62456}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 65 34 F6 6F C7 CE 01 [binary data]
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Doug Bell\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Doug Bell\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Doug Bell\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Doug Bell\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Doug Bell\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/09/10 10:12:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/10/28 20:23:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\zulagames@ZulaGames.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/09/08 08:05:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/10/28 20:23:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\zulagames@ZulaGames.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/09/08 08:05:04 | 000,000,000 | ---D | M]

[2013/09/08 08:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions
[2013/07/30 23:31:45 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
[2013/09/08 08:05:04 | 000,000,000 | ---D | M] (Speed Analysis 3) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
[2013/07/30 23:31:45 | 000,000,000 | ---D | M] (Zula Games) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com
[2013/10/12 12:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/10/29 12:26:44 | 000,214,909 | ---- | M] () (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\onlinehdtv@onlinehd.tv.xpi
[2012/10/13 13:27:00 | 000,037,914 | ---- | M] () (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012/10/29 12:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/06/18 19:38:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} - No CLSID value found.
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000..\Run: [googletalk] C:\Users\Doug Bell\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000..\Run: [HP Officejet 6600 (NET)] C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000..\Run: [WeatherEye] C:\Users\Doug Bell\AppData\Local\The Weather Network\weathereye.exe (Pelmorex Media Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiscSpaceChecks = Reg Error: Unknown registry data type File not found
O7 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://costco.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D46081BE-153B-4999-90E9-94B4F7CBB5EF}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\intu-qt2009 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/15 09:56:31 | 000,000,217 | ---- | M] () - C:\Autoconfig.ini -- [ NTFS ]
O32 - AutoRun File - [2013/09/21 08:08:37 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - L:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (defrag_native)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 90 Days ==========

[2013/10/14 22:29:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/10/14 22:26:23 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/10/14 09:13:35 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Google_files
[2013/10/12 13:31:48 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\ParetoLogic
[2013/10/12 13:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/10/10 23:19:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/10/10 23:19:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/10/10 23:19:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/10 23:19:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/10 23:19:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/10/10 23:19:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/10/10 23:19:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/10/10 23:19:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/10/10 23:19:44 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/10 23:19:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/10 23:19:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/10/10 23:19:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/10/10 23:19:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/10 23:19:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/10 23:19:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/10/10 09:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/10/10 09:01:08 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Apple Computer
[2013/10/10 09:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/10/10 09:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/10/10 07:28:49 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/10 07:28:46 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/10 07:28:46 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/10 07:28:46 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/10 07:28:46 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/10 07:28:46 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/10 07:28:46 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/10 07:28:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/10 07:28:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/10 07:28:43 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/10 07:28:43 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/10 07:28:42 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/10 07:28:38 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/10 07:28:37 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/10 07:28:37 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/10 07:28:37 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/10 07:28:37 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/10 07:28:36 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/10 07:28:36 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/10 07:28:35 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/10 07:28:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/10 07:28:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/10 07:28:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/10 07:28:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/10 07:28:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/10 07:28:26 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/10 07:28:25 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 07:28:25 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/03 09:44:20 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Local\CUSTPDF Writer
[2013/09/30 10:41:41 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Best of Pakenham
[2013/09/27 08:42:20 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Systweak
[2013/09/25 20:29:40 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\RocketPDF
[2013/09/22 12:27:15 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Sarah Edinburg
[2013/09/22 10:32:04 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Documents\AdobeStockPhotos
[2013/09/21 20:43:05 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Blue Sky additions
[2013/09/21 10:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/21 10:09:03 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/09/21 10:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/09/21 09:55:43 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\DefaultTab
[2013/09/21 08:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/09/21 08:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/09/14 13:47:54 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\angel falls
[2013/09/13 12:29:58 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Foresight Software
[2013/09/13 12:29:53 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Foresight Software
[2013/09/13 12:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Foresight Software
[2013/09/13 12:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Foresight Software
[2013/09/13 12:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foresight Software
[2013/09/12 20:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator
[2013/09/12 20:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2013/09/12 20:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013/09/12 20:41:22 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\DSite
[2013/09/11 19:03:27 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\PDD
[2013/09/11 07:53:16 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/11 07:53:14 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/11 07:53:14 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/11 07:53:14 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/11 07:53:13 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/11 07:53:13 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/11 07:53:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/11 07:53:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 07:53:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 07:53:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 07:53:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 07:53:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 07:53:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 07:53:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 07:53:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 07:53:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/11 07:53:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/11 07:53:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 07:53:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 07:53:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 07:53:02 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/09/08 20:35:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-zip
[2013/09/08 20:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/09/08 13:34:38 | 000,000,000 | R--D | C] -- C:\Users\Doug Bell\Desktop\Exhibit All Time Pictures
[2013/09/08 08:05:05 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\PerformerSoft
[2013/09/08 08:05:04 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/09/07 20:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/09/07 20:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/09/07 20:07:41 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NtBackupRestoreUtility.exe
[2013/09/07 19:50:11 | 000,000,000 | ---D | C] -- C:\_CDRestored
[2013/09/07 14:29:51 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\All time pictures
[2013/09/04 13:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/09/04 13:14:45 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Documents\Office_tips_September2013Demo
[2013/08/22 16:17:45 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Best of Britain
[2013/08/21 13:15:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013/08/19 19:33:01 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5D12.dll
[2013/08/19 19:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/08/17 07:16:39 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Documents\Autoruns
[2013/08/16 07:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reason
[2013/08/16 07:35:23 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/08/14 23:09:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/14 22:01:49 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/14 22:01:48 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/14 22:01:48 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/14 22:01:39 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/14 22:01:39 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/14 22:01:39 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/01 22:40:24 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\COSCO PHOTOS
[2013/08/01 15:26:06 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2013/08/01 15:26:06 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2013/08/01 15:26:06 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2013/08/01 15:26:06 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2013/08/01 15:26:05 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2013/08/01 15:26:05 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2013/08/01 15:26:05 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2013/08/01 15:26:05 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2013/08/01 15:26:04 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2013/08/01 15:26:04 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2013/08/01 15:26:04 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2013/08/01 15:26:04 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2013/08/01 15:26:04 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2013/08/01 15:26:04 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2013/08/01 15:26:03 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2013/08/01 15:26:03 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2013/08/01 15:26:02 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2013/08/01 15:26:02 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2013/08/01 15:26:02 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2013/08/01 15:26:02 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2013/08/01 15:26:01 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2013/08/01 15:26:01 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2013/08/01 15:26:01 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2013/08/01 15:26:01 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2013/08/01 15:26:00 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2013/08/01 15:25:59 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2013/08/01 15:25:59 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2013/08/01 15:25:58 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2013/08/01 15:25:58 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2013/08/01 15:25:58 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2013/08/01 15:25:58 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2013/08/01 15:25:57 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2013/08/01 15:25:57 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2013/08/01 15:25:57 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2013/08/01 15:25:57 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2013/08/01 15:25:56 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2013/08/01 15:25:56 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2013/08/01 15:25:56 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2013/08/01 15:25:56 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2013/08/01 15:25:55 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2013/08/01 15:25:55 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2013/08/01 15:25:55 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2013/08/01 15:25:54 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2013/08/01 15:25:54 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2013/08/01 15:25:54 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2013/08/01 15:25:54 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2013/08/01 15:25:53 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2013/08/01 15:25:53 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2013/08/01 15:25:53 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2013/08/01 15:25:53 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2013/08/01 15:25:53 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2013/08/01 15:25:53 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2013/08/01 15:25:52 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2013/08/01 15:25:52 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2013/08/01 15:25:52 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2013/08/01 15:25:52 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2013/08/01 15:25:51 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2013/08/01 15:25:51 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2013/08/01 15:25:51 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2013/08/01 15:25:51 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2013/08/01 15:25:50 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2013/08/01 15:25:50 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2013/08/01 15:25:50 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2013/08/01 15:25:50 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2013/08/01 15:25:50 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2013/08/01 15:25:50 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2013/08/01 15:25:49 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2013/08/01 15:25:49 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013/08/01 15:25:49 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2013/08/01 15:25:49 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013/08/01 15:25:48 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2013/08/01 15:25:48 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013/08/01 15:25:47 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2013/08/01 15:25:47 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2013/08/01 15:25:47 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2013/08/01 15:25:47 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2013/08/01 15:25:46 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2013/08/01 15:25:46 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2013/08/01 15:25:46 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2013/08/01 15:25:46 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2013/08/01 15:25:46 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2013/08/01 15:25:46 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2013/08/01 15:25:46 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2013/08/01 15:25:46 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2013/08/01 15:25:45 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2013/08/01 15:25:45 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2013/08/01 15:25:44 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2013/08/01 15:25:44 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2013/08/01 15:25:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2013/08/01 15:25:44 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2013/08/01 15:25:43 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2013/08/01 15:25:43 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2013/08/01 15:25:43 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2013/08/01 15:25:43 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2013/08/01 15:25:43 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2013/08/01 15:25:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2013/08/01 15:25:42 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2013/08/01 15:25:42 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2013/08/01 15:25:41 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2013/08/01 15:25:41 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2013/08/01 15:25:39 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2013/08/01 15:25:39 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2013/08/01 15:25:39 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2013/08/01 15:25:39 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2013/08/01 15:25:38 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2013/08/01 15:25:38 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2013/08/01 15:25:36 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2013/08/01 15:25:36 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2013/08/01 15:25:36 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2013/08/01 15:25:36 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2013/08/01 15:25:36 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2013/08/01 15:25:36 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2013/08/01 15:25:35 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2013/08/01 15:25:35 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2013/08/01 15:25:34 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2013/08/01 15:25:34 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2013/08/01 15:25:34 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2013/08/01 15:25:34 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2013/08/01 15:25:33 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2013/08/01 15:25:33 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2013/08/01 15:25:33 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2013/08/01 15:25:33 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2013/08/01 15:25:33 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2013/08/01 15:25:33 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2013/08/01 15:25:32 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2013/08/01 15:25:32 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2013/08/01 15:25:32 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2013/08/01 15:25:32 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2013/08/01 15:25:31 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2013/08/01 15:25:31 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2013/08/01 15:25:31 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2013/08/01 15:25:31 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2013/08/01 15:25:30 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2013/08/01 15:25:30 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2013/08/01 15:25:29 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2013/08/01 15:25:29 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2013/08/01 15:25:28 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2013/08/01 15:25:28 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2013/08/01 15:25:28 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2013/08/01 15:25:28 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2013/08/01 15:25:27 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2013/08/01 15:25:27 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2013/08/01 15:25:27 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2013/08/01 15:25:27 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2013/08/01 15:25:27 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2013/08/01 15:25:27 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2013/08/01 15:25:26 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2013/08/01 15:25:26 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2013/08/01 15:25:26 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2013/08/01 15:25:26 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2013/08/01 15:25:25 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2013/08/01 15:25:25 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2013/08/01 15:25:25 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2013/08/01 15:25:25 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2013/08/01 15:25:24 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2013/08/01 15:25:24 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2013/08/01 15:25:21 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2013/08/01 15:25:21 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2013/08/01 15:25:20 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2013/08/01 15:25:20 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2013/08/01 15:25:20 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2013/08/01 15:25:20 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2013/08/01 15:25:19 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2013/08/01 15:25:19 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2013/08/01 15:25:19 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2013/08/01 15:25:19 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2013/08/01 15:25:18 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2013/08/01 15:25:18 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2013/08/01 15:25:18 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2013/08/01 15:25:18 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2013/08/01 15:25:17 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2013/08/01 15:25:17 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2013/08/01 15:25:17 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2013/08/01 15:25:17 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2013/08/01 15:22:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013/08/01 15:21:52 | 075,733,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2013/08/01 08:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/30 23:31:43 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\SpeedAnalysis2
[2013/07/30 23:31:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileKiddo Download Manager
[2013/07/30 23:01:03 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Sarah
[2013/07/24 19:43:16 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013/07/22 20:45:36 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Stonehenge
[2013/07/22 20:20:53 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Pics of Britain
[2013/07/18 19:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/07/18 11:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2013/07/18 11:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2013/07/18 11:37:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2013/07/18 11:37:25 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2013/07/18 11:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/07/18 11:07:25 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Local\HP
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Doug Bell\Documents\*.tmp files -> C:\Users\Doug Bell\Documents\*.tmp -> ]
[1 C:\Users\Doug Bell\Desktop\*.tmp files -> C:\Users\Doug Bell\Desktop\*.tmp -> ]
 
#4 ·
OTL logfile created on: 10/15/2013 12:32:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Doug Bell\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 3.34 Gb Available Physical Memory | 55.81% Memory free
11.98 Gb Paging File | 9.40 Gb Available in Paging File | 78.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.76 Gb Total Space | 294.57 Gb Free Space | 64.92% Space Free | Partition Type: NTFS
Drive D: | 11.91 Gb Total Space | 2.14 Gb Free Space | 17.98% Space Free | Partition Type: NTFS
Drive J: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.16% Space Free | Partition Type: FAT32
Drive K: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.16% Space Free | Partition Type: FAT32
Drive L: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.15% Space Free | Partition Type: FAT32
Drive M: | 7.45 Gb Total Space | 0.01 Gb Free Space | 0.17% Space Free | Partition Type: FAT32
Drive N: | 3.73 Gb Total Space | 0.10 Gb Free Space | 2.65% Space Free | Partition Type: FAT32

Computer Name: DOUGBELL | User Name: Doug Bell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2013/10/15 11:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Doug Bell\Downloads\OTL.exe
PRC - [2013/10/08 13:26:46 | 000,829,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
PRC - [2013/09/20 10:57:08 | 000,064,008 | ---- | M] (Google) -- C:\Users\Doug Bell\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/09/02 10:29:08 | 005,071,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/30 15:16:16 | 000,310,920 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\Doug Bell\AppData\Local\The Weather Network\weathereye.exe
PRC - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/15 12:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2010/11/20 08:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009/11/08 23:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files (x86)\WordWeb\wweb32.exe
PRC - [2009/06/04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/09 07:08:38 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2007/07/19 17:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Doug Bell\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2009/08/19 20:59:06 | 000,022,736 | ---- | M] () -- C:\Program Files (x86)\WordWeb\WUCNT.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/03 21:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/10/08 14:26:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/02 10:29:08 | 005,071,712 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/15 12:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/07/19 17:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 02:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/12/19 22:46:50 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/26 18:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/09/11 17:04:50 | 006,177,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/10 03:50:16 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 10:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 14:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/08 12:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/24 18:53:04 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B0E88C92-8774-4AA4-B4A9-E5343FA62456}
IE:64bit: - HKLM\..\SearchScopes\{61A2D295-1D81-42F3-AB8A-E8B08DA7F25C}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{B0E88C92-8774-4AA4-B4A9-E5343FA62456}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 65 34 F6 6F C7 CE 01 [binary data]
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Doug Bell\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Doug Bell\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Doug Bell\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Doug Bell\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Doug Bell\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/09/10 10:12:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/10/28 20:23:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\zulagames@ZulaGames.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/09/08 08:05:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/10/28 20:23:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\zulagames@ZulaGames.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/09/08 08:05:04 | 000,000,000 | ---D | M]

[2013/09/08 08:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions
[2013/09/08 08:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/07/30 23:31:45 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
[2013/09/08 08:05:04 | 000,000,000 | ---D | M] (Speed Analysis 3) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
[2013/07/30 23:31:45 | 000,000,000 | ---D | M] (Zula Games) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com
[2013/10/12 12:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/10/29 12:26:44 | 000,214,909 | ---- | M] () (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\onlinehdtv@onlinehd.tv.xpi
[2012/10/13 13:27:00 | 000,037,914 | ---- | M] () (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012/10/29 12:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/06/18 19:38:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (no name) - {A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} - No CLSID value found.
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000..\Run: [Google Update] C:\Users\Doug Bell\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000..\Run: [googletalk] C:\Users\Doug Bell\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000..\Run: [HP Officejet 6600 (NET)] C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000..\Run: [WeatherEye] C:\Users\Doug Bell\AppData\Local\The Weather Network\weathereye.exe (Pelmorex Media Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiscSpaceChecks = Reg Error: Unknown registry data type File not found
O7 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://costco.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D46081BE-153B-4999-90E9-94B4F7CBB5EF}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\intu-qt2009 - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/15 09:56:31 | 000,000,217 | ---- | M] () - C:\Autoconfig.ini -- [ NTFS ]
O32 - AutoRun File - [2013/09/21 08:08:37 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - L:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (defrag_native)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2013/10/14 22:29:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/10/14 22:26:23 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/10/14 09:13:35 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Google_files
[2013/10/12 13:31:48 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\ParetoLogic
[2013/10/12 13:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/10/10 23:19:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/10/10 23:19:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/10/10 23:19:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/10 23:19:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/10 23:19:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/10/10 23:19:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/10/10 23:19:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/10/10 23:19:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/10/10 23:19:44 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/10 23:19:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/10 23:19:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/10/10 23:19:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/10/10 23:19:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/10 23:19:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/10 23:19:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/10/10 09:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/10/10 09:01:08 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Apple Computer
[2013/10/10 09:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/10/10 09:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/10/10 07:28:49 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/10 07:28:46 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/10 07:28:46 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/10 07:28:46 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/10 07:28:46 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/10 07:28:46 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/10 07:28:46 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/10 07:28:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/10 07:28:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/10 07:28:43 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/10 07:28:43 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/10 07:28:42 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/10 07:28:38 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/10 07:28:37 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/10 07:28:37 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/10 07:28:37 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/10 07:28:37 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/10 07:28:36 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/10 07:28:36 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/10 07:28:35 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/10 07:28:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/10 07:28:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/10 07:28:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/10 07:28:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/10 07:28:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/10 07:28:26 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/10 07:28:25 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 07:28:25 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/03 09:44:20 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Local\CUSTPDF Writer
[2013/09/30 10:41:41 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Best of Pakenham
[2013/09/27 08:42:20 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Systweak
[2013/09/25 20:29:40 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\RocketPDF
[2013/09/22 12:27:15 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Sarah Edinburg
[2013/09/22 10:32:04 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Documents\AdobeStockPhotos
[2013/09/21 20:43:05 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Blue Sky additions
[2013/09/21 10:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/21 10:09:03 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/09/21 10:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/09/21 09:55:43 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\DefaultTab
[2013/09/21 08:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/09/21 08:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/09/14 13:47:54 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\angel falls
[2013/09/13 12:29:58 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Foresight Software
[2013/09/13 12:29:53 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Foresight Software
[2013/09/13 12:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Foresight Software
[2013/09/13 12:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Foresight Software
[2013/09/13 12:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foresight Software
[2013/09/12 20:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator
[2013/09/12 20:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2013/09/12 20:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013/09/12 20:41:22 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\DSite
[2013/09/11 19:03:27 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\PDD
[2013/09/11 07:53:16 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/11 07:53:14 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/11 07:53:14 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/11 07:53:14 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/11 07:53:13 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/11 07:53:13 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/11 07:53:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/11 07:53:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 07:53:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 07:53:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 07:53:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 07:53:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 07:53:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 07:53:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 07:53:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 07:53:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/11 07:53:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/11 07:53:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 07:53:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 07:53:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 07:53:02 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/09/08 20:35:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-zip
[2013/09/08 20:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/09/08 13:34:38 | 000,000,000 | R--D | C] -- C:\Users\Doug Bell\Desktop\Exhibit All Time Pictures
[2013/09/08 08:05:05 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\PerformerSoft
[2013/09/08 08:05:04 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/09/07 20:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/09/07 20:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/09/07 20:07:41 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NtBackupRestoreUtility.exe
[2013/09/07 19:50:11 | 000,000,000 | ---D | C] -- C:\_CDRestored
[2013/09/07 14:29:51 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\All time pictures
[2013/09/04 13:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/09/04 13:14:45 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Documents\Office_tips_September2013Demo
[2013/08/22 16:17:45 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Best of Britain
[2013/08/21 13:15:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013/08/19 19:33:01 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5D12.dll
[2013/08/19 19:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/08/17 07:16:39 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Documents\Autoruns
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Doug Bell\Documents\*.tmp files -> C:\Users\Doug Bell\Documents\*.tmp -> ]
[1 C:\Users\Doug Bell\Desktop\*.tmp files -> C:\Users\Doug Bell\Desktop\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2013/10/15 12:29:55 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2013/10/15 12:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/15 12:21:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3698204442-3240286689-1174133963-1000UA.job
[2013/10/15 11:49:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/15 11:42:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013/10/15 10:08:09 | 000,000,204 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Virus & Other Malware Removal - Tech Support Guy.url
[2013/10/15 10:07:29 | 000,000,251 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Fake Low Disk Space error message - Tech Support Guy.url
[2013/10/15 08:42:51 | 000,000,093 | ---- | M] () -- C:\Users\Doug Bell\AppData\Roaming\WB.CFG
[2013/10/15 08:42:51 | 000,000,006 | ---- | M] () -- C:\Users\Doug Bell\AppData\Roaming\WBPU-TTL.DAT
[2013/10/15 08:21:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3698204442-3240286689-1174133963-1000Core.job
[2013/10/15 08:03:30 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/15 08:03:30 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/15 07:59:46 | 000,740,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/15 07:59:46 | 000,637,328 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/15 07:59:46 | 000,114,770 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/15 07:55:08 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/15 07:54:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/15 07:54:22 | 529,182,719 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/15 07:54:21 | 000,000,211 | ---- | M] () -- C:\fraglist.luar
[2013/10/15 07:54:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013/10/14 18:00:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\Foresight Software Registration3.job
[2013/10/14 12:43:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/10/14 09:13:35 | 000,120,539 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Google.htm
[2013/10/13 17:05:01 | 001,445,845 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Landowne.series.7.csv
[2013/10/13 11:38:59 | 090,436,944 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Far Side Lane Jct.psd
[2013/10/13 11:38:55 | 010,612,463 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Far Side Lane Jct.jpg
[2013/10/12 20:36:39 | 000,000,200 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Pick-up Hockey, Free Hockey Pools, Office Pools.url
[2013/10/11 08:14:14 | 000,405,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/09 23:43:02 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/08 14:26:38 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/08 14:26:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/03 09:44:20 | 000,000,000 | ---- | M] () -- C:\Users\Doug Bell\Documents\13690590-the-age-of-hope.pdf
[2013/10/02 13:07:40 | 006,547,327 | ---- | M] () -- C:\Users\Doug Bell\Desktop\IMGP4759.JPG
[2013/10/02 06:50:47 | 001,445,754 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Landowne..csv
[2013/09/29 10:45:59 | 002,687,561 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Pakenham reframed 1.jpg
[2013/09/29 10:40:53 | 007,912,794 | ---- | M] () -- C:\Users\Doug Bell\Desktop\IMGP4724.JPG
[2013/09/25 13:42:01 | 000,000,074 | -H-- | M] () -- C:\Users\Doug Bell\Documents\.picasa.ini
[2013/09/25 13:40:13 | 000,523,890 | ---- | M] () -- C:\Users\Doug Bell\Documents\Baking for Special Needs.jpg
[2013/09/25 13:40:13 | 000,510,877 | ---- | M] () -- C:\Users\Doug Bell\Documents\Scan0001.jpg
[2013/09/22 10:42:33 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/22 10:33:06 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/09/22 10:30:37 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/09/22 10:23:30 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/09/22 10:22:05 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/22 10:21:21 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/09/22 10:19:35 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/22 10:16:32 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/09/22 10:07:22 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/22 06:14:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/09/22 06:12:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/09/22 06:08:41 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/09/22 06:07:38 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/22 06:03:54 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/09/22 05:59:06 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/21 13:36:48 | 000,000,836 | ---- | M] () -- C:\Users\Doug Bell\Documents\cc_20130921_133642.reg
[2013/09/21 13:36:24 | 000,019,536 | ---- | M] () -- C:\Users\Doug Bell\Documents\cc_20130921_133618.reg
[2013/09/21 12:38:34 | 000,000,269 | ---- | M] () -- C:\Windows\wininit.ini
[2013/09/21 09:55:49 | 000,000,258 | RHS- | M] () -- C:\Users\Doug Bell\ntuser.pol
[2013/09/21 08:08:37 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/09/20 10:16:03 | 000,000,168 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Bing.url
[2013/09/16 16:09:04 | 000,001,403 | ---- | M] () -- C:\Users\Doug Bell\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/15 08:16:03 | 000,000,176 | ---- | M] () -- C:\Users\Doug Bell\Desktop\- The Globe and Mail.url
[2013/09/14 09:40:28 | 000,000,155 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Everyday expressions.url
[2013/09/13 12:40:46 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\Foresight Software Update3.job
[2013/09/13 12:40:46 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\PC Helper 360.job
[2013/09/13 12:27:24 | 000,000,182 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Windows PC software downloads and reviews from CNET Download.com.url
[2013/09/11 13:30:33 | 000,000,184 | ---- | M] () -- C:\Users\Doug Bell\Desktop\YouTube - 1dbel4's YouTube.url
[2013/09/10 10:55:26 | 000,000,105 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Amazon.com.url
[2013/09/09 22:27:02 | 000,000,169 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Google.url
[2013/09/09 16:29:47 | 000,000,172 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Canada 411.ca Free.url
[2013/09/08 09:58:56 | 000,039,526 | ---- | M] () -- C:\Users\Doug Bell\Documents\cc_20130908_095837.reg
[2013/09/07 20:18:56 | 000,000,000 | ---- | M] () -- C:\END
[2013/08/28 22:17:48 | 005,549,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/28 22:16:35 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/28 22:16:28 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/28 22:16:14 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/08/28 22:13:28 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/08/28 21:51:45 | 003,969,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/28 21:51:45 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/28 21:50:31 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/28 21:50:16 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/08/28 20:49:53 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/28 20:49:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/28 20:49:52 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/28 20:49:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/08/27 21:12:33 | 000,461,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/08/27 15:50:32 | 000,000,145 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Consumer Energy Services (2).url
[2013/08/22 18:36:26 | 000,020,312 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/08/21 20:53:49 | 000,005,553 | ---- | M] () -- C:\Users\Doug Bell\Desktop\images.jpg
[2013/08/21 13:55:03 | 005,274,867 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Ben Nevis.jpg
[2013/08/20 20:45:40 | 000,005,186 | ---- | M] () -- C:\Users\Doug Bell\Documents\cc_20130820_204535.reg
[2013/08/20 20:45:16 | 000,047,544 | ---- | M] () -- C:\Users\Doug Bell\Documents\cc_20130820_204506.reg
[2013/08/16 19:24:02 | 000,186,872 | ---- | M] () -- C:\Users\Doug Bell\Documents\Crib Board scan.pdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Doug Bell\Documents\*.tmp files -> C:\Users\Doug Bell\Documents\*.tmp -> ]
[1 C:\Users\Doug Bell\Desktop\*.tmp files -> C:\Users\Doug Bell\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/15 10:08:09 | 000,000,204 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Virus & Other Malware Removal - Tech Support Guy.url
[2013/10/15 10:07:28 | 000,000,251 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Fake Low Disk Space error message - Tech Support Guy.url
[2013/10/15 07:54:21 | 000,000,211 | ---- | C] () -- C:\fraglist.luar
[2013/10/14 09:13:35 | 000,120,539 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Google.htm
[2013/10/13 11:37:15 | 010,612,463 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Far Side Lane Jct.jpg
[2013/10/12 20:36:39 | 000,000,200 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Pick-up Hockey, Free Hockey Pools, Office Pools.url
[2013/10/11 20:56:59 | 090,436,944 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Far Side Lane Jct.psd
[2013/10/03 09:44:28 | 000,000,000 | ---- | C] () -- C:\Users\Doug Bell\Documents\13690590-the-age-of-hope.pdf
[2013/10/02 13:06:08 | 006,547,327 | ---- | C] () -- C:\Users\Doug Bell\Desktop\IMGP4759.JPG
[2013/09/29 10:45:55 | 002,687,561 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Pakenham reframed 1.jpg
[2013/09/29 10:32:46 | 007,912,794 | ---- | C] () -- C:\Users\Doug Bell\Desktop\IMGP4724.JPG
[2013/09/27 14:26:05 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2013/09/25 13:43:02 | 000,523,890 | ---- | C] () -- C:\Users\Doug Bell\Documents\Baking for Special Needs.jpg
[2013/09/25 13:40:56 | 000,000,074 | -H-- | C] () -- C:\Users\Doug Bell\Documents\.picasa.ini
[2013/09/25 13:40:13 | 000,510,877 | ---- | C] () -- C:\Users\Doug Bell\Documents\Scan0001.jpg
[2013/09/21 13:36:44 | 000,000,836 | ---- | C] () -- C:\Users\Doug Bell\Documents\cc_20130921_133642.reg
[2013/09/21 13:36:20 | 000,019,536 | ---- | C] () -- C:\Users\Doug Bell\Documents\cc_20130921_133618.reg
[2013/09/21 10:09:07 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/09/21 09:55:49 | 000,000,258 | RHS- | C] () -- C:\Users\Doug Bell\ntuser.pol
[2013/09/21 08:08:37 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/09/16 16:09:03 | 000,001,375 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/09/16 10:12:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\Startup.cpl
[2013/09/13 12:30:01 | 000,000,504 | ---- | C] () -- C:\Windows\tasks\Foresight Software Registration3.job
[2013/09/13 12:29:52 | 000,000,478 | ---- | C] () -- C:\Windows\tasks\Foresight Software Update3.job
[2013/09/13 12:29:52 | 000,000,450 | ---- | C] () -- C:\Windows\tasks\PC Helper 360.job
[2013/09/13 12:27:23 | 000,000,182 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Windows PC software downloads and reviews from CNET Download.com.url
[2013/09/12 21:42:01 | 000,000,093 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\WB.CFG
[2013/09/12 21:42:01 | 000,000,006 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\WBPU-TTL.DAT
[2013/09/12 20:41:32 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\custmon64i.dll
[2013/09/12 20:41:22 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013/09/09 22:27:02 | 000,000,169 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Google.url
[2013/09/09 16:20:51 | 001,445,754 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Landowne..csv
[2013/09/08 09:58:43 | 000,039,526 | ---- | C] () -- C:\Users\Doug Bell\Documents\cc_20130908_095837.reg
[2013/09/07 20:17:33 | 000,000,000 | ---- | C] () -- C:\END
[2013/09/04 13:29:55 | 000,002,537 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
[2013/08/27 15:50:32 | 000,000,145 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Consumer Energy Services (2).url
[2013/08/21 13:55:00 | 005,274,867 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Ben Nevis.jpg
[2013/08/20 20:45:38 | 000,005,186 | ---- | C] () -- C:\Users\Doug Bell\Documents\cc_20130820_204535.reg
[2013/08/20 20:45:10 | 000,047,544 | ---- | C] () -- C:\Users\Doug Bell\Documents\cc_20130820_204506.reg
[2013/08/16 19:24:02 | 000,186,872 | ---- | C] () -- C:\Users\Doug Bell\Documents\Crib Board scan.pdf
[2013/07/18 11:18:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/18 11:02:40 | 000,000,201 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/03/06 10:09:36 | 000,033,193 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\UserTile.png
[2013/02/12 11:57:04 | 006,494,793 | ---- | C] () -- C:\Users\Doug Bell\3120 China 3120.jpg
[2012/11/09 17:16:41 | 000,000,027 | ---- | C] () -- C:\Windows\btw.ini
[2012/11/09 17:16:22 | 000,000,399 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012/07/25 10:13:35 | 000,000,355 | ---- | C] () -- C:\Users\Doug Bell\Computer - Shortcut.lnk
[2012/06/18 19:29:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/18 19:29:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/18 19:29:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/18 19:29:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/18 19:29:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/26 18:39:08 | 000,007,609 | ---- | C] () -- C:\Users\Doug Bell\AppData\Local\Resmon.ResmonCfg
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/12/19 10:00:40 | 000,000,271 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011/12/19 09:57:07 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2011/12/12 14:34:40 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/12/12 10:41:18 | 000,000,000 | ---- | C] () -- C:\Users\Doug Bell\startupreport.htm
[2011/10/29 11:46:54 | 000,000,166 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\PLGComp.ini
[2011/07/12 11:26:53 | 000,001,854 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\GhostObjGAFix.xml
[2011/05/10 08:47:08 | 000,004,608 | ---- | C] () -- C:\Users\Doug Bell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/04 08:49:09 | 000,000,104 | ---- | C] () -- C:\Users\Doug Bell\Computer.lnk
[2011/04/26 20:36:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/26 16:05:28 | 000,000,112 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/15 12:40:40 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Avery
[2011/06/16 16:41:59 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Book Place
[2011/05/27 17:01:08 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\calibre
[2011/06/28 14:29:35 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\ChemTable Software
[2011/11/14 23:49:07 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\com.Shutterfly.ExpressUploader
[2011/12/03 18:10:33 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Crossword Compiler 8
[2013/09/24 12:27:06 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\DefaultTab
[2011/05/20 09:27:57 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Disruptive Innovations SARL
[2012/10/31 09:29:35 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\DriverCure
[2013/09/12 20:41:22 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\DSite
[2011/05/10 09:17:17 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Easy Duplicate Finder
[2013/09/13 12:29:58 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Foresight Software
[2013/03/16 10:52:21 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Garmin
[2013/10/10 09:01:05 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\IObit
[2011/04/26 15:40:52 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Leadertech
[2011/12/19 09:59:01 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\MyHeritage
[2012/01/05 11:38:28 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Office Assistance
[2011/06/05 15:56:52 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Opera
[2011/05/27 13:25:38 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\OverDrive
[2013/10/12 13:31:48 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\ParetoLogic
[2013/03/06 10:09:36 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\PeerNetworking
[2013/09/08 08:08:33 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\PerformerSoft
[2013/09/25 22:15:40 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\RocketPDF
[2011/05/10 10:39:33 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Softinterface, Inc
[2011/10/20 08:25:12 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Softland
[2013/09/08 08:27:00 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\SpeedAnalysis2
[2012/10/31 09:29:35 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\SpeedMaxPc
[2013/09/27 16:35:35 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Systweak
[2012/04/11 13:43:14 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\TeamViewer
[2011/09/18 12:32:47 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Template
[2011/12/19 09:57:07 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2012/06/15 12:29:47 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\TweakNow PowerPack 2012
[2011/10/22 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\WhiteSmokeTranslator
[2011/04/27 13:21:54 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\WinBatch
[2012/01/15 21:46:42 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >
 
#5 ·
OTL logfile created on: 10/15/2013 12:32:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Doug Bell\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 3.34 Gb Available Physical Memory | 55.81% Memory free
11.98 Gb Paging File | 9.40 Gb Available in Paging File | 78.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.76 Gb Total Space | 294.57 Gb Free Space | 64.92% Space Free | Partition Type: NTFS
Drive D: | 11.91 Gb Total Space | 2.14 Gb Free Space | 17.98% Space Free | Partition Type: NTFS
Drive J: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.16% Space Free | Partition Type: FAT32
Drive K: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.16% Space Free | Partition Type: FAT32
Drive L: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.15% Space Free | Partition Type: FAT32
Drive M: | 7.45 Gb Total Space | 0.01 Gb Free Space | 0.17% Space Free | Partition Type: FAT32
Drive N: | 3.73 Gb Total Space | 0.10 Gb Free Space | 2.65% Space Free | Partition Type: FAT32

Computer Name: DOUGBELL | User Name: Doug Bell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2013/10/15 11:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Doug Bell\Downloads\OTL.exe
PRC - [2013/10/08 13:26:46 | 000,829,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
PRC - [2013/09/20 10:57:08 | 000,064,008 | ---- | M] (Google) -- C:\Users\Doug Bell\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/09/02 10:29:08 | 005,071,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/30 15:16:16 | 000,310,920 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\Doug Bell\AppData\Local\The Weather Network\weathereye.exe
PRC - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/15 12:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2010/11/20 08:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009/11/08 23:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files (x86)\WordWeb\wweb32.exe
PRC - [2009/06/04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/09 07:08:38 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2007/07/19 17:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Doug Bell\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2009/08/19 20:59:06 | 000,022,736 | ---- | M] () -- C:\Program Files (x86)\WordWeb\WUCNT.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/03 21:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/10/08 14:26:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/02 10:29:08 | 005,071,712 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/15 12:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/07/19 17:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 02:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/12/19 22:46:50 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/26 18:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/09/11 17:04:50 | 006,177,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/10 03:50:16 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 10:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 14:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/08 12:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/24 18:53:04 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC176...t/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC176...t/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B0E88C92-8774-4AA4-B4A9-E5343FA62456}
IE:64bit: - HKLM\..\SearchScopes\{61A2D295-1D81-42F3-AB8A-E8B08DA7F25C}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{B0E88C92-8774-4AA4-B4A9-E5343FA62456}: "URL" = http://www.bing.com/search?q={search...c=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC176...t/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC176...t/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 65 34 F6 6F C7 CE 01 [binary data]
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchrom ebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5 videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Doug Bell\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Doug Bell\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Doug Bell\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Doug Bell\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Doug Bell\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/09/10 10:12:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wcapturex@deskperie nce.com: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/10/28 20:23:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\zulagames@ZulaGames .com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis02@Spe edAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis03@Spe edAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/09/08 08:05:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperien ce.com: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/10/28 20:23:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\zulagames@ZulaGames. com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis02@Spee dAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis03@Spee dAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/09/08 08:05:04 | 000,000,000 | ---D | M]

[2013/09/08 08:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions
[2013/09/08 08:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/07/30 23:31:45 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
[2013/09/08 08:05:04 | 000,000,000 | ---D | M] (Speed Analysis 3) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
[2013/07/30 23:31:45 | 000,000,000 | ---D | M] (Zula Games) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com
[2013/10/12 12:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/10/29 12:26:44 | 000,214,909 | ---- | M] () (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\onlinehdtv@onlin ehd.tv.xpi
[2012/10/13 13:27:00 | 000,037,914 | ---- | M] () (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012/10/29 12:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/06/18 19:38:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (no name) - {A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} - No CLSID value found.
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000..\Run: [Google Update] C:\Users\Doug Bell\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000..\Run: [googletalk] C:\Users\Doug Bell\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000..\Run: [HP Officejet 6600 (NET)] C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000..\Run: [WeatherEye] C:\Users\Doug Bell\AppData\Local\The Weather Network\weathereye.exe (Pelmorex Media Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiscSpaceChecks = Reg Error: Unknown registry data type File not found
O7 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-3698204442-3240286689-1174133963-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/tech...bs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://costco.pnimedia.com/upload/ac...eX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D46081BE-153B-4999-90E9-94B4F7CBB5EF}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\intu-qt2009 - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/15 09:56:31 | 000,000,217 | ---- | M] () - C:\Autoconfig.ini -- [ NTFS ]
O32 - AutoRun File - [2013/09/21 08:08:37 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - L:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (defrag_native)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2013/10/14 22:29:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/10/14 22:26:23 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/10/14 09:13:35 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Google_files
[2013/10/12 13:31:48 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\ParetoLogic
[2013/10/12 13:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/10/10 23:19:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/10/10 23:19:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/10/10 23:19:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/10 23:19:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/10 23:19:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/10/10 23:19:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/10/10 23:19:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/10/10 23:19:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/10/10 23:19:44 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/10 23:19:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/10 23:19:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/10/10 23:19:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/10/10 23:19:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/10 23:19:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/10 23:19:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/10/10 09:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/10/10 09:01:08 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Apple Computer
[2013/10/10 09:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/10/10 09:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/10/10 07:28:49 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/10 07:28:46 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/10 07:28:46 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/10 07:28:46 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/10 07:28:46 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/10 07:28:46 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/10 07:28:46 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/10 07:28:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/10 07:28:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/10 07:28:43 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/10 07:28:43 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/10 07:28:42 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/10 07:28:38 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/10 07:28:37 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/10 07:28:37 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/10 07:28:37 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/10 07:28:37 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/10 07:28:36 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/10 07:28:36 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/10 07:28:35 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/10 07:28:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/10 07:28:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/10 07:28:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/10 07:28:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/10 07:28:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/10 07:28:26 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/10 07:28:25 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 07:28:25 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/03 09:44:20 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Local\CUSTPDF Writer
[2013/09/30 10:41:41 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Best of Pakenham
[2013/09/27 08:42:20 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Systweak
[2013/09/25 20:29:40 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\RocketPDF
[2013/09/22 12:27:15 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Sarah Edinburg
[2013/09/22 10:32:04 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Documents\AdobeStockPhotos
[2013/09/21 20:43:05 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Blue Sky additions
[2013/09/21 10:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/21 10:09:03 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/09/21 10:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/09/21 09:55:43 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\DefaultTab
[2013/09/21 08:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/09/21 08:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/09/14 13:47:54 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\angel falls
[2013/09/13 12:29:58 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Foresight Software
[2013/09/13 12:29:53 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Foresight Software
[2013/09/13 12:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Foresight Software
[2013/09/13 12:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Foresight Software
[2013/09/13 12:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foresight Software
[2013/09/12 20:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator
[2013/09/12 20:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2013/09/12 20:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013/09/12 20:41:22 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\DSite
[2013/09/11 19:03:27 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\PDD
[2013/09/11 07:53:16 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/11 07:53:14 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/11 07:53:14 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/11 07:53:14 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/11 07:53:13 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/11 07:53:13 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/11 07:53:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/11 07:53:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 07:53:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 07:53:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 07:53:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 07:53:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 07:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 07:53:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 07:53:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 07:53:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 07:53:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 07:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 07:53:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/11 07:53:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/11 07:53:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 07:53:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 07:53:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 07:53:02 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/09/08 20:35:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-zip
[2013/09/08 20:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/09/08 13:34:38 | 000,000,000 | R--D | C] -- C:\Users\Doug Bell\Desktop\Exhibit All Time Pictures
[2013/09/08 08:05:05 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\PerformerSoft
[2013/09/08 08:05:04 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/09/07 20:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/09/07 20:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/09/07 20:07:41 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NtBackupRestoreUtility.exe
[2013/09/07 19:50:11 | 000,000,000 | ---D | C] -- C:\_CDRestored
[2013/09/07 14:29:51 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\All time pictures
[2013/09/04 13:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/09/04 13:14:45 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Documents\Office_tips_September2013Demo
[2013/08/22 16:17:45 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Best of Britain
[2013/08/21 13:15:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013/08/19 19:33:01 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5D12.dll
[2013/08/19 19:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/08/17 07:16:39 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Documents\Autoruns
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Doug Bell\Documents\*.tmp files -> C:\Users\Doug Bell\Documents\*.tmp -> ]
[1 C:\Users\Doug Bell\Desktop\*.tmp files -> C:\Users\Doug Bell\Desktop\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2013/10/15 12:29:55 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2013/10/15 12:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/15 12:21:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3698204442-3240286689-1174133963-1000UA.job
[2013/10/15 11:49:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/15 11:42:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013/10/15 10:08:09 | 000,000,204 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Virus & Other Malware Removal - Tech Support Guy.url
[2013/10/15 10:07:29 | 000,000,251 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Fake Low Disk Space error message - Tech Support Guy.url
[2013/10/15 08:42:51 | 000,000,093 | ---- | M] () -- C:\Users\Doug Bell\AppData\Roaming\WB.CFG
[2013/10/15 08:42:51 | 000,000,006 | ---- | M] () -- C:\Users\Doug Bell\AppData\Roaming\WBPU-TTL.DAT
[2013/10/15 08:21:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3698204442-3240286689-1174133963-1000Core.job
[2013/10/15 08:03:30 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/15 08:03:30 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/15 07:59:46 | 000,740,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/15 07:59:46 | 000,637,328 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/15 07:59:46 | 000,114,770 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/15 07:55:08 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/15 07:54:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/15 07:54:22 | 529,182,719 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/15 07:54:21 | 000,000,211 | ---- | M] () -- C:\fraglist.luar
[2013/10/15 07:54:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013/10/14 18:00:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\Foresight Software Registration3.job
[2013/10/14 12:43:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/10/14 09:13:35 | 000,120,539 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Google.htm
[2013/10/13 17:05:01 | 001,445,845 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Landowne.series.7.csv
[2013/10/13 11:38:59 | 090,436,944 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Far Side Lane Jct.psd
[2013/10/13 11:38:55 | 010,612,463 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Far Side Lane Jct.jpg
[2013/10/12 20:36:39 | 000,000,200 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Pick-up Hockey, Free Hockey Pools, Office Pools.url
[2013/10/11 08:14:14 | 000,405,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/09 23:43:02 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/08 14:26:38 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/08 14:26:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/03 09:44:20 | 000,000,000 | ---- | M] () -- C:\Users\Doug Bell\Documents\13690590-the-age-of-hope.pdf
[2013/10/02 13:07:40 | 006,547,327 | ---- | M] () -- C:\Users\Doug Bell\Desktop\IMGP4759.JPG
[2013/10/02 06:50:47 | 001,445,754 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Landowne..csv
[2013/09/29 10:45:59 | 002,687,561 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Pakenham reframed 1.jpg
[2013/09/29 10:40:53 | 007,912,794 | ---- | M] () -- C:\Users\Doug Bell\Desktop\IMGP4724.JPG
[2013/09/25 13:42:01 | 000,000,074 | -H-- | M] () -- C:\Users\Doug Bell\Documents\.picasa.ini
[2013/09/25 13:40:13 | 000,523,890 | ---- | M] () -- C:\Users\Doug Bell\Documents\Baking for Special Needs.jpg
[2013/09/25 13:40:13 | 000,510,877 | ---- | M] () -- C:\Users\Doug Bell\Documents\Scan0001.jpg
[2013/09/22 10:42:33 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/22 10:33:06 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/09/22 10:30:37 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/09/22 10:23:30 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/09/22 10:22:05 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/22 10:21:21 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/09/22 10:19:35 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/22 10:16:32 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/09/22 10:07:22 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/22 06:14:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/09/22 06:12:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/09/22 06:08:41 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/09/22 06:07:38 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/22 06:03:54 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/09/22 05:59:06 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/21 13:36:48 | 000,000,836 | ---- | M] () -- C:\Users\Doug Bell\Documents\cc_20130921_133642.reg
[2013/09/21 13:36:24 | 000,019,536 | ---- | M] () -- C:\Users\Doug Bell\Documents\cc_20130921_133618.reg
[2013/09/21 12:38:34 | 000,000,269 | ---- | M] () -- C:\Windows\wininit.ini
[2013/09/21 09:55:49 | 000,000,258 | RHS- | M] () -- C:\Users\Doug Bell\ntuser.pol
[2013/09/21 08:08:37 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/09/20 10:16:03 | 000,000,168 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Bing.url
[2013/09/16 16:09:04 | 000,001,403 | ---- | M] () -- C:\Users\Doug Bell\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/15 08:16:03 | 000,000,176 | ---- | M] () -- C:\Users\Doug Bell\Desktop\- The Globe and Mail.url
[2013/09/14 09:40:28 | 000,000,155 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Everyday expressions.url
[2013/09/13 12:40:46 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\Foresight Software Update3.job
[2013/09/13 12:40:46 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\PC Helper 360.job
[2013/09/13 12:27:24 | 000,000,182 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Windows PC software downloads and reviews from CNET Download.com.url
[2013/09/11 13:30:33 | 000,000,184 | ---- | M] () -- C:\Users\Doug Bell\Desktop\YouTube - 1dbel4's YouTube.url
[2013/09/10 10:55:26 | 000,000,105 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Amazon.com.url
[2013/09/09 22:27:02 | 000,000,169 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Google.url
[2013/09/09 16:29:47 | 000,000,172 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Canada 411.ca Free.url
[2013/09/08 09:58:56 | 000,039,526 | ---- | M] () -- C:\Users\Doug Bell\Documents\cc_20130908_095837.reg
[2013/09/07 20:18:56 | 000,000,000 | ---- | M] () -- C:\END
[2013/08/28 22:17:48 | 005,549,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/28 22:16:35 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/28 22:16:28 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/28 22:16:14 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/08/28 22:13:28 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/08/28 21:51:45 | 003,969,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/28 21:51:45 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/28 21:50:31 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/28 21:50:16 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/08/28 20:49:53 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/28 20:49:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/28 20:49:52 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/28 20:49:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/08/27 21:12:33 | 000,461,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/08/27 15:50:32 | 000,000,145 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Consumer Energy Services (2).url
[2013/08/22 18:36:26 | 000,020,312 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/08/21 20:53:49 | 000,005,553 | ---- | M] () -- C:\Users\Doug Bell\Desktop\images.jpg
[2013/08/21 13:55:03 | 005,274,867 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Ben Nevis.jpg
[2013/08/20 20:45:40 | 000,005,186 | ---- | M] () -- C:\Users\Doug Bell\Documents\cc_20130820_204535.reg
[2013/08/20 20:45:16 | 000,047,544 | ---- | M] () -- C:\Users\Doug Bell\Documents\cc_20130820_204506.reg
[2013/08/16 19:24:02 | 000,186,872 | ---- | M] () -- C:\Users\Doug Bell\Documents\Crib Board scan.pdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Doug Bell\Documents\*.tmp files -> C:\Users\Doug Bell\Documents\*.tmp -> ]
[1 C:\Users\Doug Bell\Desktop\*.tmp files -> C:\Users\Doug Bell\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/15 10:08:09 | 000,000,204 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Virus & Other Malware Removal - Tech Support Guy.url
[2013/10/15 10:07:28 | 000,000,251 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Fake Low Disk Space error message - Tech Support Guy.url
[2013/10/15 07:54:21 | 000,000,211 | ---- | C] () -- C:\fraglist.luar
[2013/10/14 09:13:35 | 000,120,539 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Google.htm
[2013/10/13 11:37:15 | 010,612,463 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Far Side Lane Jct.jpg
[2013/10/12 20:36:39 | 000,000,200 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Pick-up Hockey, Free Hockey Pools, Office Pools.url
[2013/10/11 20:56:59 | 090,436,944 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Far Side Lane Jct.psd
[2013/10/03 09:44:28 | 000,000,000 | ---- | C] () -- C:\Users\Doug Bell\Documents\13690590-the-age-of-hope.pdf
[2013/10/02 13:06:08 | 006,547,327 | ---- | C] () -- C:\Users\Doug Bell\Desktop\IMGP4759.JPG
[2013/09/29 10:45:55 | 002,687,561 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Pakenham reframed 1.jpg
[2013/09/29 10:32:46 | 007,912,794 | ---- | C] () -- C:\Users\Doug Bell\Desktop\IMGP4724.JPG
[2013/09/27 14:26:05 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2013/09/25 13:43:02 | 000,523,890 | ---- | C] () -- C:\Users\Doug Bell\Documents\Baking for Special Needs.jpg
[2013/09/25 13:40:56 | 000,000,074 | -H-- | C] () -- C:\Users\Doug Bell\Documents\.picasa.ini
[2013/09/25 13:40:13 | 000,510,877 | ---- | C] () -- C:\Users\Doug Bell\Documents\Scan0001.jpg
[2013/09/21 13:36:44 | 000,000,836 | ---- | C] () -- C:\Users\Doug Bell\Documents\cc_20130921_133642.reg
[2013/09/21 13:36:20 | 000,019,536 | ---- | C] () -- C:\Users\Doug Bell\Documents\cc_20130921_133618.reg
[2013/09/21 10:09:07 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/09/21 09:55:49 | 000,000,258 | RHS- | C] () -- C:\Users\Doug Bell\ntuser.pol
[2013/09/21 08:08:37 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/09/16 16:09:03 | 000,001,375 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/09/16 10:12:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\Startup.cpl
[2013/09/13 12:30:01 | 000,000,504 | ---- | C] () -- C:\Windows\tasks\Foresight Software Registration3.job
[2013/09/13 12:29:52 | 000,000,478 | ---- | C] () -- C:\Windows\tasks\Foresight Software Update3.job
[2013/09/13 12:29:52 | 000,000,450 | ---- | C] () -- C:\Windows\tasks\PC Helper 360.job
[2013/09/13 12:27:23 | 000,000,182 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Windows PC software downloads and reviews from CNET Download.com.url
[2013/09/12 21:42:01 | 000,000,093 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\WB.CFG
[2013/09/12 21:42:01 | 000,000,006 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\WBPU-TTL.DAT
[2013/09/12 20:41:32 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\custmon64i.dll
[2013/09/12 20:41:22 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013/09/09 22:27:02 | 000,000,169 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Google.url
[2013/09/09 16:20:51 | 001,445,754 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Landowne..csv
[2013/09/08 09:58:43 | 000,039,526 | ---- | C] () -- C:\Users\Doug Bell\Documents\cc_20130908_095837.reg
[2013/09/07 20:17:33 | 000,000,000 | ---- | C] () -- C:\END
[2013/09/04 13:29:55 | 000,002,537 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
[2013/08/27 15:50:32 | 000,000,145 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Consumer Energy Services (2).url
[2013/08/21 13:55:00 | 005,274,867 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Ben Nevis.jpg
[2013/08/20 20:45:38 | 000,005,186 | ---- | C] () -- C:\Users\Doug Bell\Documents\cc_20130820_204535.reg
[2013/08/20 20:45:10 | 000,047,544 | ---- | C] () -- C:\Users\Doug Bell\Documents\cc_20130820_204506.reg
[2013/08/16 19:24:02 | 000,186,872 | ---- | C] () -- C:\Users\Doug Bell\Documents\Crib Board scan.pdf
[2013/07/18 11:18:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/18 11:02:40 | 000,000,201 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/03/06 10:09:36 | 000,033,193 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\UserTile.png
[2013/02/12 11:57:04 | 006,494,793 | ---- | C] () -- C:\Users\Doug Bell\3120 China 3120.jpg
[2012/11/09 17:16:41 | 000,000,027 | ---- | C] () -- C:\Windows\btw.ini
[2012/11/09 17:16:22 | 000,000,399 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012/07/25 10:13:35 | 000,000,355 | ---- | C] () -- C:\Users\Doug Bell\Computer - Shortcut.lnk
[2012/06/18 19:29:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/18 19:29:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/18 19:29:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/18 19:29:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/18 19:29:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/26 18:39:08 | 000,007,609 | ---- | C] () -- C:\Users\Doug Bell\AppData\Local\Resmon.ResmonCfg
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/12/19 10:00:40 | 000,000,271 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011/12/19 09:57:07 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2011/12/12 14:34:40 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/12/12 10:41:18 | 000,000,000 | ---- | C] () -- C:\Users\Doug Bell\startupreport.htm
[2011/10/29 11:46:54 | 000,000,166 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\PLGComp.ini
[2011/07/12 11:26:53 | 000,001,854 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\GhostObjGAFix.xml
[2011/05/10 08:47:08 | 000,004,608 | ---- | C] () -- C:\Users\Doug Bell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/04 08:49:09 | 000,000,104 | ---- | C] () -- C:\Users\Doug Bell\Computer.lnk
[2011/04/26 20:36:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/26 16:05:28 | 000,000,112 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/15 12:40:40 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Avery
[2011/06/16 16:41:59 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Book Place
[2011/05/27 17:01:08 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\calibre
[2011/06/28 14:29:35 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\ChemTable Software
[2011/11/14 23:49:07 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\com.Shutterfly.ExpressUploader
[2011/12/03 18:10:33 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Crossword Compiler 8
[2013/09/24 12:27:06 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\DefaultTab
[2011/05/20 09:27:57 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Disruptive Innovations SARL
[2012/10/31 09:29:35 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\DriverCure
[2013/09/12 20:41:22 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\DSite
[2011/05/10 09:17:17 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Easy Duplicate Finder
[2013/09/13 12:29:58 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Foresight Software
[2013/03/16 10:52:21 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Garmin
[2013/10/10 09:01:05 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\IObit
[2011/04/26 15:40:52 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Leadertech
[2011/12/19 09:59:01 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\MyHeritage
[2012/01/05 11:38:28 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Office Assistance
[2011/06/05 15:56:52 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Opera
[2011/05/27 13:25:38 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\OverDrive
[2013/10/12 13:31:48 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\ParetoLogic
[2013/03/06 10:09:36 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\PeerNetworking
[2013/09/08 08:08:33 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\PerformerSoft
[2013/09/25 22:15:40 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\RocketPDF
[2011/05/10 10:39:33 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Softinterface, Inc
[2011/10/20 08:25:12 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Softland
[2013/09/08 08:27:00 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\SpeedAnalysis2
[2012/10/31 09:29:35 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\SpeedMaxPc
[2013/09/27 16:35:35 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Systweak
[2012/04/11 13:43:14 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\TeamViewer
[2011/09/18 12:32:47 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Template
[2011/12/19 09:57:07 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2012/06/15 12:29:47 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\TweakNow PowerPack 2012
[2011/10/22 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\WhiteSmokeTranslator
[2011/04/27 13:21:54 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\WinBatch
[2012/01/15 21:46:42 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >
 
#7 ·
Sorry about the multiple files. The file exceeded the allowed logfile limit & I tried to send first half ... second half. Here is the OTL txt file.

Thanks for your help.
Doug. Bell

OTL logfile created on: 10/15/2013 7:51:45 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Doug Bell\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 3.42 Gb Available Physical Memory | 57.15% Memory free
11.98 Gb Paging File | 9.60 Gb Available in Paging File | 80.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.76 Gb Total Space | 293.91 Gb Free Space | 64.77% Space Free | Partition Type: NTFS
Drive D: | 11.91 Gb Total Space | 2.14 Gb Free Space | 17.98% Space Free | Partition Type: NTFS
Drive J: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.16% Space Free | Partition Type: FAT32
Drive K: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.16% Space Free | Partition Type: FAT32
Drive L: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.15% Space Free | Partition Type: FAT32
Drive M: | 7.45 Gb Total Space | 0.01 Gb Free Space | 0.17% Space Free | Partition Type: FAT32
Drive N: | 3.73 Gb Total Space | 0.10 Gb Free Space | 2.65% Space Free | Partition Type: FAT32

Computer Name: DOUGBELL | User Name: Doug Bell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/15 11:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Doug Bell\Downloads\OTL.exe
PRC - [2013/10/08 13:26:46 | 000,829,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
PRC - [2013/09/20 10:57:08 | 000,064,008 | ---- | M] (Google) -- C:\Users\Doug Bell\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/09/02 10:29:08 | 005,071,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/30 15:16:16 | 000,310,920 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\Doug Bell\AppData\Local\The Weather Network\weathereye.exe
PRC - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/15 12:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2009/11/08 23:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files (x86)\WordWeb\wweb32.exe
PRC - [2009/06/04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/09 07:08:38 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2007/07/19 17:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Doug Bell\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2009/08/19 20:59:07 | 000,347,856 | ---- | M] () -- C:\Program Files (x86)\WordWeb\wwextdb.dll
MOD - [2009/08/19 20:59:06 | 000,022,736 | ---- | M] () -- C:\Program Files (x86)\WordWeb\WUCNT.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/03 21:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/10/08 14:26:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/02 10:29:08 | 005,071,712 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/15 12:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/07/19 17:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 02:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/12/19 22:46:50 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/26 18:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/09/11 17:04:50 | 006,177,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/10 03:50:16 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 10:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 14:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/08 12:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/24 18:53:04 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B0E88C92-8774-4AA4-B4A9-E5343FA62456}
IE:64bit: - HKLM\..\SearchScopes\{61A2D295-1D81-42F3-AB8A-E8B08DA7F25C}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{B0E88C92-8774-4AA4-B4A9-E5343FA62456}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 65 34 F6 6F C7 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Doug Bell\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Doug Bell\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Doug Bell\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Doug Bell\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Doug Bell\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/09/10 10:12:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/10/28 20:23:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\zulagames@ZulaGames.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/09/08 08:05:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/10/28 20:23:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\zulagames@ZulaGames.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/09/08 08:05:04 | 000,000,000 | ---D | M]

[2013/09/08 08:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions
[2013/07/30 23:31:45 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
[2013/09/08 08:05:04 | 000,000,000 | ---D | M] (Speed Analysis 3) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
[2013/07/30 23:31:45 | 000,000,000 | ---D | M] (Zula Games) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com
[2013/10/12 12:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/10/29 12:26:44 | 000,214,909 | ---- | M] () (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\onlinehdtv@onlinehd.tv.xpi
[2012/10/13 13:27:00 | 000,037,914 | ---- | M] () (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012/10/29 12:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/06/18 19:38:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} - No CLSID value found.
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [googletalk] C:\Users\Doug Bell\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [HP Officejet 6600 (NET)] C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WeatherEye] C:\Users\Doug Bell\AppData\Local\The Weather Network\weathereye.exe (Pelmorex Media Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiscSpaceChecks = Reg Error: Unknown registry data type File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://costco.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D46081BE-153B-4999-90E9-94B4F7CBB5EF}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\intu-qt2009 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/15 09:56:31 | 000,000,217 | ---- | M] () - C:\Autoconfig.ini -- [ NTFS ]
O32 - AutoRun File - [2013/09/21 08:08:37 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - L:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (defrag_native)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/15 13:00:02 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\MyTurboPC.com
[2013/10/15 12:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTurboPC.com
[2013/10/14 22:26:23 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/10/14 09:13:35 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Google_files
[2013/10/12 13:31:48 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\ParetoLogic
[2013/10/12 13:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/10/10 23:19:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/10/10 23:19:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/10/10 23:19:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/10 23:19:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/10 23:19:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/10/10 23:19:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/10/10 23:19:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/10/10 23:19:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/10/10 23:19:44 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/10 23:19:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/10 23:19:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/10/10 23:19:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/10/10 23:19:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/10 23:19:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/10 23:19:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/10/10 09:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/10/10 09:01:08 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Apple Computer
[2013/10/10 09:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/10/10 09:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/10/10 07:28:49 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/10 07:28:46 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/10 07:28:46 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/10 07:28:46 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/10 07:28:46 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/10 07:28:46 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/10 07:28:46 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/10 07:28:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/10 07:28:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/10 07:28:43 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/10 07:28:43 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/10 07:28:42 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/10 07:28:38 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/10 07:28:37 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/10 07:28:37 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/10 07:28:37 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/10 07:28:37 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/10 07:28:36 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/10 07:28:36 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/10 07:28:35 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/10 07:28:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/10 07:28:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/10 07:28:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/10 07:28:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/10 07:28:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/10 07:28:26 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/10 07:28:25 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 07:28:25 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/03 09:44:20 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Local\CUSTPDF Writer
[2013/09/30 10:41:41 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Best of Pakenham
[2013/09/27 08:42:20 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Systweak
[2013/09/25 20:29:40 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\RocketPDF
[2013/09/22 12:27:15 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Sarah Edinburg
[2013/09/22 10:32:04 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Documents\AdobeStockPhotos
[2013/09/21 20:43:05 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Blue Sky additions
[2013/09/21 10:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/21 10:09:03 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/09/21 10:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/09/21 09:55:43 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\DefaultTab
[2013/09/21 08:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/09/21 08:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Doug Bell\Documents\*.tmp files -> C:\Users\Doug Bell\Documents\*.tmp -> ]
[1 C:\Users\Doug Bell\Desktop\*.tmp files -> C:\Users\Doug Bell\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/15 19:49:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/15 19:42:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013/10/15 19:34:55 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2013/10/15 19:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/15 19:21:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3698204442-3240286689-1174133963-1000UA.job
[2013/10/15 18:00:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\Foresight Software Registration3.job
[2013/10/15 16:08:21 | 001,445,964 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Landowne.series.7.csv
[2013/10/15 15:28:02 | 000,740,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/15 15:28:02 | 000,637,328 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/15 15:28:02 | 000,114,770 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/15 12:43:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/10/15 10:08:09 | 000,000,204 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Virus & Other Malware Removal - Tech Support Guy.url
[2013/10/15 10:07:29 | 000,000,251 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Fake Low Disk Space error message - Tech Support Guy.url
[2013/10/15 08:42:51 | 000,000,093 | ---- | M] () -- C:\Users\Doug Bell\AppData\Roaming\WB.CFG
[2013/10/15 08:42:51 | 000,000,006 | ---- | M] () -- C:\Users\Doug Bell\AppData\Roaming\WBPU-TTL.DAT
[2013/10/15 08:21:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3698204442-3240286689-1174133963-1000Core.job
[2013/10/15 08:03:30 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/15 08:03:30 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/15 07:55:08 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/15 07:54:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/15 07:54:22 | 529,182,719 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/15 07:54:21 | 000,000,211 | ---- | M] () -- C:\fraglist.luar
[2013/10/15 07:54:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013/10/14 09:13:35 | 000,120,539 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Google.htm
[2013/10/13 11:38:59 | 090,436,944 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Far Side Lane Jct.psd
[2013/10/13 11:38:55 | 010,612,463 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Far Side Lane Jct.jpg
[2013/10/12 20:36:39 | 000,000,200 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Pick-up Hockey, Free Hockey Pools, Office Pools.url
[2013/10/11 08:14:14 | 000,405,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/09 23:43:02 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/08 14:26:38 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/08 14:26:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/03 09:44:20 | 000,000,000 | ---- | M] () -- C:\Users\Doug Bell\Documents\13690590-the-age-of-hope.pdf
[2013/10/02 13:07:40 | 006,547,327 | ---- | M] () -- C:\Users\Doug Bell\Desktop\IMGP4759.JPG
[2013/10/02 06:50:47 | 001,445,754 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Landowne..csv
[2013/09/29 10:45:59 | 002,687,561 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Pakenham reframed 1.jpg
[2013/09/29 10:40:53 | 007,912,794 | ---- | M] () -- C:\Users\Doug Bell\Desktop\IMGP4724.JPG
[2013/09/25 13:42:01 | 000,000,074 | -H-- | M] () -- C:\Users\Doug Bell\Documents\.picasa.ini
[2013/09/25 13:40:13 | 000,523,890 | ---- | M] () -- C:\Users\Doug Bell\Documents\Baking for Special Needs.jpg
[2013/09/25 13:40:13 | 000,510,877 | ---- | M] () -- C:\Users\Doug Bell\Documents\Scan0001.jpg
[2013/09/22 10:42:33 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/22 10:33:06 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/09/22 10:30:37 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/09/22 10:23:30 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/09/22 10:22:05 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/22 10:21:21 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/09/22 10:19:35 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/22 10:16:32 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/09/22 10:07:22 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/22 06:14:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/09/22 06:12:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/09/22 06:08:41 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/09/22 06:07:38 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/22 06:03:54 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/09/22 05:59:06 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/21 13:36:48 | 000,000,836 | ---- | M] () -- C:\Users\Doug Bell\Documents\cc_20130921_133642.reg
[2013/09/21 13:36:24 | 000,019,536 | ---- | M] () -- C:\Users\Doug Bell\Documents\cc_20130921_133618.reg
[2013/09/21 12:38:34 | 000,000,269 | ---- | M] () -- C:\Windows\wininit.ini
[2013/09/21 09:55:49 | 000,000,258 | RHS- | M] () -- C:\Users\Doug Bell\ntuser.pol
[2013/09/21 08:08:37 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/09/20 10:16:03 | 000,000,168 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Bing.url
[2013/09/16 16:09:04 | 000,001,403 | ---- | M] () -- C:\Users\Doug Bell\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Doug Bell\Documents\*.tmp files -> C:\Users\Doug Bell\Documents\*.tmp -> ]
[1 C:\Users\Doug Bell\Desktop\*.tmp files -> C:\Users\Doug Bell\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/15 10:08:09 | 000,000,204 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Virus & Other Malware Removal - Tech Support Guy.url
[2013/10/15 10:07:28 | 000,000,251 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Fake Low Disk Space error message - Tech Support Guy.url
[2013/10/15 07:54:21 | 000,000,211 | ---- | C] () -- C:\fraglist.luar
[2013/10/14 09:13:35 | 000,120,539 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Google.htm
[2013/10/13 11:37:15 | 010,612,463 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Far Side Lane Jct.jpg
[2013/10/12 20:36:39 | 000,000,200 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Pick-up Hockey, Free Hockey Pools, Office Pools.url
[2013/10/11 20:56:59 | 090,436,944 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Far Side Lane Jct.psd
[2013/10/03 09:44:28 | 000,000,000 | ---- | C] () -- C:\Users\Doug Bell\Documents\13690590-the-age-of-hope.pdf
[2013/10/02 13:06:08 | 006,547,327 | ---- | C] () -- C:\Users\Doug Bell\Desktop\IMGP4759.JPG
[2013/09/29 10:45:55 | 002,687,561 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Pakenham reframed 1.jpg
[2013/09/29 10:32:46 | 007,912,794 | ---- | C] () -- C:\Users\Doug Bell\Desktop\IMGP4724.JPG
[2013/09/27 14:26:05 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2013/09/25 13:43:02 | 000,523,890 | ---- | C] () -- C:\Users\Doug Bell\Documents\Baking for Special Needs.jpg
[2013/09/25 13:40:56 | 000,000,074 | -H-- | C] () -- C:\Users\Doug Bell\Documents\.picasa.ini
[2013/09/25 13:40:13 | 000,510,877 | ---- | C] () -- C:\Users\Doug Bell\Documents\Scan0001.jpg
[2013/09/21 13:36:44 | 000,000,836 | ---- | C] () -- C:\Users\Doug Bell\Documents\cc_20130921_133642.reg
[2013/09/21 13:36:20 | 000,019,536 | ---- | C] () -- C:\Users\Doug Bell\Documents\cc_20130921_133618.reg
[2013/09/21 10:09:07 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/09/21 09:55:49 | 000,000,258 | RHS- | C] () -- C:\Users\Doug Bell\ntuser.pol
[2013/09/21 08:08:37 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/09/16 16:09:03 | 000,001,375 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/09/16 10:12:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\Startup.cpl
[2013/09/12 21:42:01 | 000,000,093 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\WB.CFG
[2013/09/12 21:42:01 | 000,000,006 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\WBPU-TTL.DAT
[2013/07/18 11:18:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/18 11:02:40 | 000,000,201 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/03/06 10:09:36 | 000,033,193 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\UserTile.png
[2013/02/12 11:57:04 | 006,494,793 | ---- | C] () -- C:\Users\Doug Bell\3120 China 3120.jpg
[2012/11/09 17:16:41 | 000,000,027 | ---- | C] () -- C:\Windows\btw.ini
[2012/11/09 17:16:22 | 000,000,399 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012/07/25 10:13:35 | 000,000,355 | ---- | C] () -- C:\Users\Doug Bell\Computer - Shortcut.lnk
[2012/06/18 19:29:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/18 19:29:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/18 19:29:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/18 19:29:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/18 19:29:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/26 18:39:08 | 000,007,609 | ---- | C] () -- C:\Users\Doug Bell\AppData\Local\Resmon.ResmonCfg
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/12/19 10:00:40 | 000,000,271 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011/12/19 09:57:07 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2011/12/12 14:34:40 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/12/12 10:41:18 | 000,000,000 | ---- | C] () -- C:\Users\Doug Bell\startupreport.htm
[2011/10/29 11:46:54 | 000,000,166 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\PLGComp.ini
[2011/07/12 11:26:53 | 000,001,854 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\GhostObjGAFix.xml
[2011/05/10 08:47:08 | 000,004,608 | ---- | C] () -- C:\Users\Doug Bell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/04 08:49:09 | 000,000,104 | ---- | C] () -- C:\Users\Doug Bell\Computer.lnk
[2011/04/26 20:36:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/26 16:05:28 | 000,000,112 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/15 12:40:40 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Avery
[2011/06/16 16:41:59 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Book Place
[2011/05/27 17:01:08 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\calibre
[2011/06/28 14:29:35 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\ChemTable Software
[2011/11/14 23:49:07 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\com.Shutterfly.ExpressUploader
[2011/12/03 18:10:33 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Crossword Compiler 8
[2013/09/24 12:27:06 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\DefaultTab
[2011/05/20 09:27:57 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Disruptive Innovations SARL
[2012/10/31 09:29:35 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\DriverCure
[2013/09/12 20:41:22 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\DSite
[2011/05/10 09:17:17 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Easy Duplicate Finder
[2013/09/13 12:29:58 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Foresight Software
[2013/03/16 10:52:21 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Garmin
[2013/10/10 09:01:05 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\IObit
[2011/04/26 15:40:52 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Leadertech
[2011/12/19 09:59:01 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\MyHeritage
[2013/10/15 13:00:02 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\MyTurboPC.com
[2012/01/05 11:38:28 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Office Assistance
[2011/06/05 15:56:52 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Opera
[2011/05/27 13:25:38 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\OverDrive
[2013/10/12 13:31:48 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\ParetoLogic
[2013/03/06 10:09:36 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\PeerNetworking
[2013/09/08 08:08:33 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\PerformerSoft
[2013/09/25 22:15:40 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\RocketPDF
[2011/05/10 10:39:33 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Softinterface, Inc
[2011/10/20 08:25:12 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Softland
[2013/09/08 08:27:00 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\SpeedAnalysis2
[2012/10/31 09:29:35 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\SpeedMaxPc
[2013/09/27 16:35:35 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Systweak
[2012/04/11 13:43:14 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\TeamViewer
[2011/09/18 12:32:47 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Template
[2011/12/19 09:57:07 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2012/06/15 12:29:47 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\TweakNow PowerPack 2012
[2011/10/22 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\WhiteSmokeTranslator
[2011/04/27 13:21:54 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\WinBatch
[2012/01/15 21:46:42 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >
 
#9 ·
OTL Extras logfile created on: 10/15/2013 12:32:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Doug Bell\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 3.34 Gb Available Physical Memory | 55.81% Memory free
11.98 Gb Paging File | 9.40 Gb Available in Paging File | 78.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.76 Gb Total Space | 294.57 Gb Free Space | 64.92% Space Free | Partition Type: NTFS
Drive D: | 11.91 Gb Total Space | 2.14 Gb Free Space | 17.98% Space Free | Partition Type: NTFS
Drive J: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.16% Space Free | Partition Type: FAT32
Drive K: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.16% Space Free | Partition Type: FAT32
Drive L: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.15% Space Free | Partition Type: FAT32
Drive M: | 7.45 Gb Total Space | 0.01 Gb Free Space | 0.17% Space Free | Partition Type: FAT32
Drive N: | 3.73 Gb Total Space | 0.10 Gb Free Space | 2.65% Space Free | Partition Type: FAT32

Computer Name: DOUGBELL | User Name: Doug Bell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B1851B-50E8-4EB2-951C-95C113F960F1}" = rport=138 | protocol=17 | dir=out | app=system |
"{08880F08-5DC9-458B-940B-932B32522280}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0B9D8920-B116-4C25-828F-353B01F6C3AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{178EDB61-6EB9-4081-9194-41A81F919E80}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1A02B787-8EE0-44E9-92BF-F10A8CFD0D75}" = lport=139 | protocol=6 | dir=in | app=system |
"{2FFC5821-911E-4EC1-8121-66B2E3B19E0F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{427FD75A-784E-4FFF-93F1-C0F51CD76668}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4FFA5531-AFB5-4364-945E-73DA31C4D297}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B907D01-F559-4723-B4AE-1FA64B568BC8}" = lport=138 | protocol=17 | dir=in | app=system |
"{789949E0-D935-43F2-B038-1D360EBC82CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A608DEE-5A09-4B40-AB44-DD8003116B0F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EFB6740-C2E3-44C5-9449-959D48E6E203}" = rport=137 | protocol=17 | dir=out | app=system |
"{9F254BE8-5ED7-4088-8410-0E872DE4863A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AAF07FAC-E9CC-4C21-9207-EE3BB0C888F7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C4ED4825-4862-4FB1-9584-EE2AEF9F83B7}" = rport=445 | protocol=6 | dir=out | app=system |
"{CBC31168-F7C7-436C-9A12-840B13B95E70}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D27F2D2A-0368-4D88-B655-BCBD21F11B11}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D68E96E5-B62C-499F-B58E-486656E5C671}" = rport=139 | protocol=6 | dir=out | app=system |
"{D6C1B73B-92AE-40B2-BEC8-DCC6CBF66D02}" = lport=137 | protocol=17 | dir=in | app=system |
"{E5BB0DB3-9AE7-4AD4-8F41-EE6357DA1AEF}" = lport=445 | protocol=6 | dir=in | app=system |
"{E75DEFDC-8A2F-4896-B4DE-B7BEB0819364}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE4CD136-0E0B-40B4-97B9-1DDE9A0CE0A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14123821-071B-4CFA-8BA0-1153064DE6E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{219CCE3B-487B-47B5-BF7C-642256CB795E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2711D4B0-1956-4875-868B-5021C8A7C9B2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{27C64981-66F4-4453-85D8-861429E4E894}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe |
"{3DA3335F-A2AE-469A-832D-FDD557FC38A3}" = protocol=6 | dir=in | app=c:\users\doug bell\appdata\local\microsoft\skydrive\skydrive.exe |
"{4788598D-44E6-47F7-947E-0FEB8C14E03C}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{51845289-A7DF-4EA9-B402-CA3C52CBAF16}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{52CB1ED7-D4BA-41BC-B332-9701CA65966D}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\digitalwizards.exe |
"{5373A009-A6AB-4839-9580-84D5BF22C8EC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{56132EBE-CF33-440D-A48A-96B7D11E821F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5931B3D3-6639-4A65-AB7A-9F919907E956}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5D73D151-A790-465B-B2CA-E43ACF59E4C9}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe |
"{7BC452A5-DAE9-46BE-8F3F-C24C9EBA4EEF}" = protocol=17 | dir=in | app=c:\users\doug bell\appdata\local\microsoft\skydrive\skydrive.exe |
"{8B737EEA-B6B4-4A51-A42D-F20954BC6FF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9547AB27-5AE4-4908-AB28-F12E0FD56BAF}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\devicesetup.exe |
"{9E19E00C-0DCD-4DD7-826D-0A5B490C3A61}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{A0734430-8155-4DE8-8FD0-EDA033101003}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{A16BE2D2-DF47-4BDC-BC25-70B82C414246}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{AE509D56-AE33-4504-97E5-92AFFBC5D0DB}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe |
"{B6229B4B-84D6-4B28-9D31-8698C49F266C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CC4F936B-9FFB-4221-8FCB-9893BC343DB9}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{D8F230DA-C472-4DAB-841E-A5E472408855}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{E3A29948-0249-46E5-8A80-A35498EEA800}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\faxapplications.exe |
"{F6F7AEC8-7F61-4C81-B78F-1A0D9FA8B3C2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F8E00B39-FD37-446E-B027-7ADC8FE58DBA}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\sendafax.exe |
"{FECCF8E4-6B06-4389-922E-4D25BD4E3409}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicatorcom.exe |
"TCP Query User{B8F0EC8B-E851-45DB-9395-EA5CE03993DD}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"TCP Query User{EDC4B034-A66E-4381-9D23-EAFFEAB28023}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{33449871-D819-4308-BCC7-7D302BCBCE57}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{DBE9755E-CA56-4C49-B35F-B8A284894A2C}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{872E469B-81D3-4A19-BE19-85B7B59EED30}" = StudioTax 2011
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DD732B9-9B16-4F28-8E21-4AB5E40AF7DE}" = HP Officejet 6600 Product Improvement Study
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB79B2CD-4555-4D3F-BC37-8948598223F2}" = runtime64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE5E6226-8DAC-4212-AEEB-BB9DD2520DFF}" = StudioTax 2010
"{B407F586-D027-45C3-9109-CC2943E839FA}" = HP Officejet 6600 Basic Device Software
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PDF Creator" = PDF Creator
"Speccy" = Speccy

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA81482-5570-4CF0-9A10-D61D2F164916}" = HP Officejet 6600 Help
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{63688C0C-441B-B09B-97A3-B059D79A84F7}" = Shutterfly Express Uploader
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F50C41C-6CFB-49E1-AF91-E1AACDE24FBA}" = Garmin City Navigator North America NT 2012.30 Update
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CED0FE94-7795-42b5-978C-B247EB3EDE66}" = PC Helper 360
"{D05556E3-F314-4539-BCEA-B3795C0171E6}_is1" = MasterPlans 1.5
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{DDB824DA-C431-3A3E-B997-F4B5539838FC}" = Google Talk Plugin
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE659AC8-EEF0-4115-AA0C-6500D194FB10}" = Garmin Training Center v5
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC274982-5AAD-4C20-848D-4424A5043010}_is1" = WinUtilities 10.36 Free Edition
"{FD31CD68-1D2F-4F9C-8ACB-9A7806D53D3B}" = StudioTax 2012
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any to Icon" = Any to Icon
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Corel Applications" = Corel Applications
"Crossword Compiler 7" = Crossword Compiler 7
"Custom Framer - Art" = Custom Framer - Art
"Digital Editions" = Adobe Digital Editions
"Family Tree Builder" = MyHeritage Family Tree Builder
"Gadwin PrintScreen" = Gadwin PrintScreen
"Google Updater" = Google Updater
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Kobo" = Kobo
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Picasa 3" = Picasa 3
"RealPlayer 15.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.93
"TeamViewer 8" = TeamViewer 8
"UltraDefrag" = Ultra Defragmenter
"Unlocker" = Unlocker 1.9.1
"VisiPics_is1" = VisiPics V1.30
"WinLiveSuite" = Windows Live Essentials
"WordWeb" = WordWeb

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"DSite" = Update for PDF Writer
"Should I Remove It 1.0.4" = Should I Remove It
"SkyDriveSetup.exe" = Microsoft SkyDrive
"WeatherEye" = WeatherEye

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/24/2013 1:11:21 PM | Computer Name = DougBell | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16506,
time stamp: 0x51f8de05 Faulting module name: jvm.dll, version: 23.7.0.1, time stamp:
0x5130b233 Exception code: 0xc0000005 Fault offset: 0x000b28eb Faulting process id:
0x698 Faulting application start time: 0x01ceb9491672845c Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\PROGRA~2\Java\jre7\bin\client\jvm.dll
Report
Id: 54d8115a-253c-11e3-92a8-002618b38edc

Error - 9/24/2013 1:20:07 PM | Computer Name = DougBell | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16506,
time stamp: 0x51f8de05 Faulting module name: jvm.dll, version: 23.7.0.1, time stamp:
0x5130b233 Exception code: 0xc0000005 Fault offset: 0x000b28eb Faulting process id:
0xd80 Faulting application start time: 0x01ceb94a4d8a3c09 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\PROGRA~2\Java\jre7\bin\client\jvm.dll
Report
Id: 8e5adea8-253d-11e3-92a8-002618b38edc

Error - 9/24/2013 1:51:54 PM | Computer Name = DougBell | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16506,
time stamp: 0x51f8de05 Faulting module name: jvm.dll, version: 23.7.0.1, time stamp:
0x5130b233 Exception code: 0xc0000005 Fault offset: 0x000b28eb Faulting process id:
0x13a4 Faulting application start time: 0x01ceb94ebd9395a8 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\PROGRA~2\Java\jre7\bin\client\jvm.dll
Report
Id: ff049950-2541-11e3-92a8-002618b38edc

Error - 9/24/2013 3:28:29 PM | Computer Name = DougBell | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16506,
time stamp: 0x51f8de05 Faulting module name: jvm.dll, version: 23.7.0.1, time stamp:
0x5130b233 Exception code: 0xc0000005 Fault offset: 0x000b28eb Faulting process id:
0x153c Faulting application start time: 0x01ceb959b3bfd09e Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\PROGRA~2\Java\jre7\bin\client\jvm.dll
Report
Id: 7d1a2e7f-254f-11e3-92a8-002618b38edc

Error - 9/24/2013 3:28:38 PM | Computer Name = DougBell | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16506,
time stamp: 0x51f8de05 Faulting module name: jvm.dll, version: 23.7.0.1, time stamp:
0x5130b233 Exception code: 0xc0000005 Fault offset: 0x000b28eb Faulting process id:
0x14d4 Faulting application start time: 0x01ceb95c427e3ad3 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\PROGRA~2\Java\jre7\bin\client\jvm.dll
Report
Id: 82756a33-254f-11e3-92a8-002618b38edc

Error - 9/29/2013 7:50:35 PM | Computer Name = DougBell | Source = Windows Backup | ID = 4104
Description =

Error - 10/6/2013 7:01:35 PM | Computer Name = DougBell | Source = Windows Backup | ID = 4104
Description =

Error - 10/7/2013 9:17:43 AM | Computer Name = DougBell | Source = Application Error | ID = 1000
Description = Faulting application name: msohelp.exe, version: 10.0.6515.0, time
stamp: 0x3fdfb089 Faulting module name: msohelp.exe, version: 10.0.6515.0, time
stamp: 0x3fdfb089 Exception code: 0xc0000005 Fault offset: 0x000029ee Faulting process
id: 0x1210 Faulting application start time: 0x01cec35f8e0b1824 Faulting application
path: C:\PROGRA~2\MICROS~2\Office10\1033\msohelp.exe Faulting module path: C:\PROGRA~2\MICROS~2\Office10\1033\msohelp.exe
Report
Id: d9118e99-2f52-11e3-bf4a-002618b38edc

Error - 10/7/2013 8:38:11 PM | Computer Name = DougBell | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.

Error - 10/8/2013 5:08:30 PM | Computer Name = DougBell | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.

Error - 10/10/2013 8:29:56 PM | Computer Name = DougBell | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.

Error - 10/13/2013 7:01:42 PM | Computer Name = DougBell | Source = Windows Backup | ID = 4104
Description =

[ Hewlett-Packard Events ]
Error - 5/26/2011 3:40:08 PM | Computer Name = DougBell | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051126033959.xml
File not created by asset agent

Error - 7/12/2011 11:26:51 AM | Computer Name = DougBell | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071112112642.xml
File not created by asset agent

Error - 5/17/2012 7:02:10 PM | Computer Name = DougBell | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6134 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/17/2012 7:02:10 PM | Computer Name = DougBell | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6134 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/24/2012 7:39:02 PM | Computer Name = DougBell | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6134 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/24/2012 7:39:03 PM | Computer Name = DougBell | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6134 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/31/2012 7:53:58 PM | Computer Name = DougBell | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6134 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/31/2012 7:53:59 PM | Computer Name = DougBell | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6134 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/7/2012 10:04:14 PM | Computer Name = DougBell | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6134 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

[ Media Center Events ]
Error - 11/30/2012 8:47:46 AM | Computer Name = DougBell | Source = MCUpdate | ID = 0
Description = 7:47:46 AM - Error connecting to the internet. 7:47:46 AM - Unable
to contact server..

Error - 11/30/2012 8:47:55 AM | Computer Name = DougBell | Source = MCUpdate | ID = 0
Description = 7:47:51 AM - Error connecting to the internet. 7:47:51 AM - Unable
to contact server..

Error - 11/30/2012 9:48:00 AM | Computer Name = DougBell | Source = MCUpdate | ID = 0
Description = 8:48:00 AM - Error connecting to the internet. 8:48:00 AM - Unable
to contact server..

Error - 11/30/2012 9:48:06 AM | Computer Name = DougBell | Source = MCUpdate | ID = 0
Description = 8:48:05 AM - Error connecting to the internet. 8:48:05 AM - Unable
to contact server..

Error - 11/30/2012 10:48:11 AM | Computer Name = DougBell | Source = MCUpdate | ID = 0
Description = 9:48:11 AM - Error connecting to the internet. 9:48:11 AM - Unable
to contact server..

Error - 11/30/2012 10:48:17 AM | Computer Name = DougBell | Source = MCUpdate | ID = 0
Description = 9:48:16 AM - Error connecting to the internet. 9:48:16 AM - Unable
to contact server..

Error - 2/28/2013 2:00:26 PM | Computer Name = DougBell | Source = MCUpdate | ID = 0
Description = 1:00:25 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
400: The server cannot process the request because the syntax is not valid. )

[ System Events ]
Error - 10/12/2013 1:26:03 PM | Computer Name = DougBell | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2013 1:26:03 PM | Computer Name = DougBell | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2013 1:31:03 PM | Computer Name = DougBell | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2013 1:31:03 PM | Computer Name = DougBell | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2013 1:31:03 PM | Computer Name = DougBell | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2013 1:33:11 PM | Computer Name = DougBell | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2013 1:33:11 PM | Computer Name = DougBell | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2013 1:33:11 PM | Computer Name = DougBell | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2013 1:35:35 PM | Computer Name = DougBell | Source = DCOM | ID = 10005
Description =

Error - 10/12/2013 1:35:35 PM | Computer Name = DougBell | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.159.1988.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
Current
Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

< End of report >
 
#10 ·
The first txt file errored out on internet failure. I will send again.

OTL Extras logfile created on: 10/15/2013 12:32:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Doug Bell\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 3.34 Gb Available Physical Memory | 55.81% Memory free
11.98 Gb Paging File | 9.40 Gb Available in Paging File | 78.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.76 Gb Total Space | 294.57 Gb Free Space | 64.92% Space Free | Partition Type: NTFS
Drive D: | 11.91 Gb Total Space | 2.14 Gb Free Space | 17.98% Space Free | Partition Type: NTFS
Drive J: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.16% Space Free | Partition Type: FAT32
Drive K: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.16% Space Free | Partition Type: FAT32
Drive L: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.15% Space Free | Partition Type: FAT32
Drive M: | 7.45 Gb Total Space | 0.01 Gb Free Space | 0.17% Space Free | Partition Type: FAT32
Drive N: | 3.73 Gb Total Space | 0.10 Gb Free Space | 2.65% Space Free | Partition Type: FAT32

Computer Name: DOUGBELL | User Name: Doug Bell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B1851B-50E8-4EB2-951C-95C113F960F1}" = rport=138 | protocol=17 | dir=out | app=system |
"{08880F08-5DC9-458B-940B-932B32522280}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0B9D8920-B116-4C25-828F-353B01F6C3AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{178EDB61-6EB9-4081-9194-41A81F919E80}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1A02B787-8EE0-44E9-92BF-F10A8CFD0D75}" = lport=139 | protocol=6 | dir=in | app=system |
"{2FFC5821-911E-4EC1-8121-66B2E3B19E0F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{427FD75A-784E-4FFF-93F1-C0F51CD76668}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4FFA5531-AFB5-4364-945E-73DA31C4D297}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B907D01-F559-4723-B4AE-1FA64B568BC8}" = lport=138 | protocol=17 | dir=in | app=system |
"{789949E0-D935-43F2-B038-1D360EBC82CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A608DEE-5A09-4B40-AB44-DD8003116B0F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EFB6740-C2E3-44C5-9449-959D48E6E203}" = rport=137 | protocol=17 | dir=out | app=system |
"{9F254BE8-5ED7-4088-8410-0E872DE4863A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AAF07FAC-E9CC-4C21-9207-EE3BB0C888F7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C4ED4825-4862-4FB1-9584-EE2AEF9F83B7}" = rport=445 | protocol=6 | dir=out | app=system |
"{CBC31168-F7C7-436C-9A12-840B13B95E70}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D27F2D2A-0368-4D88-B655-BCBD21F11B11}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D68E96E5-B62C-499F-B58E-486656E5C671}" = rport=139 | protocol=6 | dir=out | app=system |
"{D6C1B73B-92AE-40B2-BEC8-DCC6CBF66D02}" = lport=137 | protocol=17 | dir=in | app=system |
"{E5BB0DB3-9AE7-4AD4-8F41-EE6357DA1AEF}" = lport=445 | protocol=6 | dir=in | app=system |
"{E75DEFDC-8A2F-4896-B4DE-B7BEB0819364}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE4CD136-0E0B-40B4-97B9-1DDE9A0CE0A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14123821-071B-4CFA-8BA0-1153064DE6E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{219CCE3B-487B-47B5-BF7C-642256CB795E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2711D4B0-1956-4875-868B-5021C8A7C9B2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{27C64981-66F4-4453-85D8-861429E4E894}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe |
"{3DA3335F-A2AE-469A-832D-FDD557FC38A3}" = protocol=6 | dir=in | app=c:\users\doug bell\appdata\local\microsoft\skydrive\skydrive.exe |
"{4788598D-44E6-47F7-947E-0FEB8C14E03C}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{51845289-A7DF-4EA9-B402-CA3C52CBAF16}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{52CB1ED7-D4BA-41BC-B332-9701CA65966D}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\digitalwizards.exe |
"{5373A009-A6AB-4839-9580-84D5BF22C8EC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{56132EBE-CF33-440D-A48A-96B7D11E821F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5931B3D3-6639-4A65-AB7A-9F919907E956}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5D73D151-A790-465B-B2CA-E43ACF59E4C9}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe |
"{7BC452A5-DAE9-46BE-8F3F-C24C9EBA4EEF}" = protocol=17 | dir=in | app=c:\users\doug bell\appdata\local\microsoft\skydrive\skydrive.exe |
"{8B737EEA-B6B4-4A51-A42D-F20954BC6FF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9547AB27-5AE4-4908-AB28-F12E0FD56BAF}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\devicesetup.exe |
"{9E19E00C-0DCD-4DD7-826D-0A5B490C3A61}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{A0734430-8155-4DE8-8FD0-EDA033101003}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{A16BE2D2-DF47-4BDC-BC25-70B82C414246}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{AE509D56-AE33-4504-97E5-92AFFBC5D0DB}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe |
"{B6229B4B-84D6-4B28-9D31-8698C49F266C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CC4F936B-9FFB-4221-8FCB-9893BC343DB9}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{D8F230DA-C472-4DAB-841E-A5E472408855}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{E3A29948-0249-46E5-8A80-A35498EEA800}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\faxapplications.exe |
"{F6F7AEC8-7F61-4C81-B78F-1A0D9FA8B3C2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F8E00B39-FD37-446E-B027-7ADC8FE58DBA}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\sendafax.exe |
"{FECCF8E4-6B06-4389-922E-4D25BD4E3409}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicatorcom.exe |
"TCP Query User{B8F0EC8B-E851-45DB-9395-EA5CE03993DD}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"TCP Query User{EDC4B034-A66E-4381-9D23-EAFFEAB28023}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{33449871-D819-4308-BCC7-7D302BCBCE57}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{DBE9755E-CA56-4C49-B35F-B8A284894A2C}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{872E469B-81D3-4A19-BE19-85B7B59EED30}" = StudioTax 2011
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DD732B9-9B16-4F28-8E21-4AB5E40AF7DE}" = HP Officejet 6600 Product Improvement Study
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB79B2CD-4555-4D3F-BC37-8948598223F2}" = runtime64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE5E6226-8DAC-4212-AEEB-BB9DD2520DFF}" = StudioTax 2010
"{B407F586-D027-45C3-9109-CC2943E839FA}" = HP Officejet 6600 Basic Device Software
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PDF Creator" = PDF Creator
"Speccy" = Speccy

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA81482-5570-4CF0-9A10-D61D2F164916}" = HP Officejet 6600 Help
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{63688C0C-441B-B09B-97A3-B059D79A84F7}" = Shutterfly Express Uploader
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F50C41C-6CFB-49E1-AF91-E1AACDE24FBA}" = Garmin City Navigator North America NT 2012.30 Update
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CED0FE94-7795-42b5-978C-B247EB3EDE66}" = PC Helper 360
"{D05556E3-F314-4539-BCEA-B3795C0171E6}_is1" = MasterPlans 1.5
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{DDB824DA-C431-3A3E-B997-F4B5539838FC}" = Google Talk Plugin
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE659AC8-EEF0-4115-AA0C-6500D194FB10}" = Garmin Training Center v5
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC274982-5AAD-4C20-848D-4424A5043010}_is1" = WinUtilities 10.36 Free Edition
"{FD31CD68-1D2F-4F9C-8ACB-9A7806D53D3B}" = StudioTax 2012
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any to Icon" = Any to Icon
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Corel Applications" = Corel Applications
"Crossword Compiler 7" = Crossword Compiler 7
"Custom Framer - Art" = Custom Framer - Art
"Digital Editions" = Adobe Digital Editions
"Family Tree Builder" = MyHeritage Family Tree Builder
"Gadwin PrintScreen" = Gadwin PrintScreen
"Google Updater" = Google Updater
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Kobo" = Kobo
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Picasa 3" = Picasa 3
"RealPlayer 15.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.93
"TeamViewer 8" = TeamViewer 8
"UltraDefrag" = Ultra Defragmenter
"Unlocker" = Unlocker 1.9.1
"VisiPics_is1" = VisiPics V1.30
"WinLiveSuite" = Windows Live Essentials
"WordWeb" = WordWeb

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3698204442-3240286689-1174133963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"DSite" = Update for PDF Writer
"Should I Remove It 1.0.4" = Should I Remove It
"SkyDriveSetup.exe" = Microsoft SkyDrive
"WeatherEye" = WeatherEye

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/24/2013 1:11:21 PM | Computer Name = DougBell | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16506,
time stamp: 0x51f8de05 Faulting module name: jvm.dll, version: 23.7.0.1, time stamp:
0x5130b233 Exception code: 0xc0000005 Fault offset: 0x000b28eb Faulting process id:
0x698 Faulting application start time: 0x01ceb9491672845c Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\PROGRA~2\Java\jre7\bin\client\jvm.dll
Report
Id: 54d8115a-253c-11e3-92a8-002618b38edc

Error - 9/24/2013 1:20:07 PM | Computer Name = DougBell | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16506,
time stamp: 0x51f8de05 Faulting module name: jvm.dll, version: 23.7.0.1, time stamp:
0x5130b233 Exception code: 0xc0000005 Fault offset: 0x000b28eb Faulting process id:
0xd80 Faulting application start time: 0x01ceb94a4d8a3c09 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\PROGRA~2\Java\jre7\bin\client\jvm.dll
Report
Id: 8e5adea8-253d-11e3-92a8-002618b38edc

Error - 9/24/2013 1:51:54 PM | Computer Name = DougBell | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16506,
time stamp: 0x51f8de05 Faulting module name: jvm.dll, version: 23.7.0.1, time stamp:
0x5130b233 Exception code: 0xc0000005 Fault offset: 0x000b28eb Faulting process id:
0x13a4 Faulting application start time: 0x01ceb94ebd9395a8 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\PROGRA~2\Java\jre7\bin\client\jvm.dll
Report
Id: ff049950-2541-11e3-92a8-002618b38edc

Error - 9/24/2013 3:28:29 PM | Computer Name = DougBell | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16506,
time stamp: 0x51f8de05 Faulting module name: jvm.dll, version: 23.7.0.1, time stamp:
0x5130b233 Exception code: 0xc0000005 Fault offset: 0x000b28eb Faulting process id:
0x153c Faulting application start time: 0x01ceb959b3bfd09e Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\PROGRA~2\Java\jre7\bin\client\jvm.dll
Report
Id: 7d1a2e7f-254f-11e3-92a8-002618b38edc

Error - 9/24/2013 3:28:38 PM | Computer Name = DougBell | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16506,
time stamp: 0x51f8de05 Faulting module name: jvm.dll, version: 23.7.0.1, time stamp:
0x5130b233 Exception code: 0xc0000005 Fault offset: 0x000b28eb Faulting process id:
0x14d4 Faulting application start time: 0x01ceb95c427e3ad3 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\PROGRA~2\Java\jre7\bin\client\jvm.dll
Report
Id: 82756a33-254f-11e3-92a8-002618b38edc

Error - 9/29/2013 7:50:35 PM | Computer Name = DougBell | Source = Windows Backup | ID = 4104
Description =

Error - 10/6/2013 7:01:35 PM | Computer Name = DougBell | Source = Windows Backup | ID = 4104
Description =

Error - 10/7/2013 9:17:43 AM | Computer Name = DougBell | Source = Application Error | ID = 1000
Description = Faulting application name: msohelp.exe, version: 10.0.6515.0, time
stamp: 0x3fdfb089 Faulting module name: msohelp.exe, version: 10.0.6515.0, time
stamp: 0x3fdfb089 Exception code: 0xc0000005 Fault offset: 0x000029ee Faulting process
id: 0x1210 Faulting application start time: 0x01cec35f8e0b1824 Faulting application
path: C:\PROGRA~2\MICROS~2\Office10\1033\msohelp.exe Faulting module path: C:\PROGRA~2\MICROS~2\Office10\1033\msohelp.exe
Report
Id: d9118e99-2f52-11e3-bf4a-002618b38edc

Error - 10/7/2013 8:38:11 PM | Computer Name = DougBell | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.

Error - 10/8/2013 5:08:30 PM | Computer Name = DougBell | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.

Error - 10/10/2013 8:29:56 PM | Computer Name = DougBell | Source = APC UPS Service | ID = 61456
Description = PowerChute not communicating with the battery backup.

Error - 10/13/2013 7:01:42 PM | Computer Name = DougBell | Source = Windows Backup | ID = 4104
Description =

[ Hewlett-Packard Events ]
Error - 5/26/2011 3:40:08 PM | Computer Name = DougBell | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051126033959.xml
File not created by asset agent

Error - 7/12/2011 11:26:51 AM | Computer Name = DougBell | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071112112642.xml
File not created by asset agent

Error - 5/17/2012 7:02:10 PM | Computer Name = DougBell | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6134 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/17/2012 7:02:10 PM | Computer Name = DougBell | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6134 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/24/2012 7:39:02 PM | Computer Name = DougBell | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6134 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/24/2012 7:39:03 PM | Computer Name = DougBell | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6134 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/31/2012 7:53:58 PM | Computer Name = DougBell | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6134 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/31/2012 7:53:59 PM | Computer Name = DougBell | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6134 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/7/2012 10:04:14 PM | Computer Name = DougBell | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6134 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

[ Media Center Events ]
Error - 11/30/2012 8:47:46 AM | Computer Name = DougBell | Source = MCUpdate | ID = 0
Description = 7:47:46 AM - Error connecting to the internet. 7:47:46 AM - Unable
to contact server..

Error - 11/30/2012 8:47:55 AM | Computer Name = DougBell | Source = MCUpdate | ID = 0
Description = 7:47:51 AM - Error connecting to the internet. 7:47:51 AM - Unable
to contact server..

Error - 11/30/2012 9:48:00 AM | Computer Name = DougBell | Source = MCUpdate | ID = 0
Description = 8:48:00 AM - Error connecting to the internet. 8:48:00 AM - Unable
to contact server..

Error - 11/30/2012 9:48:06 AM | Computer Name = DougBell | Source = MCUpdate | ID = 0
Description = 8:48:05 AM - Error connecting to the internet. 8:48:05 AM - Unable
to contact server..

Error - 11/30/2012 10:48:11 AM | Computer Name = DougBell | Source = MCUpdate | ID = 0
Description = 9:48:11 AM - Error connecting to the internet. 9:48:11 AM - Unable
to contact server..

Error - 11/30/2012 10:48:17 AM | Computer Name = DougBell | Source = MCUpdate | ID = 0
Description = 9:48:16 AM - Error connecting to the internet. 9:48:16 AM - Unable
to contact server..

Error - 2/28/2013 2:00:26 PM | Computer Name = DougBell | Source = MCUpdate | ID = 0
Description = 1:00:25 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
400: The server cannot process the request because the syntax is not valid. )

[ System Events ]
Error - 10/12/2013 1:26:03 PM | Computer Name = DougBell | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2013 1:26:03 PM | Computer Name = DougBell | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2013 1:31:03 PM | Computer Name = DougBell | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2013 1:31:03 PM | Computer Name = DougBell | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2013 1:31:03 PM | Computer Name = DougBell | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2013 1:33:11 PM | Computer Name = DougBell | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2013 1:33:11 PM | Computer Name = DougBell | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2013 1:33:11 PM | Computer Name = DougBell | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2013 1:35:35 PM | Computer Name = DougBell | Source = DCOM | ID = 10005
Description =

Error - 10/12/2013 1:35:35 PM | Computer Name = DougBell | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.159.1988.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
Current
Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

< End of report >
 
#11 ·
dougbell4422,
Quite a few items here. Just take one at a time. Let me know if any problems.
Your Adobe Acrobat is out of date, and provides an avenue to infect your computer.
I would suggest installing Adobe Reader XI to look at online PDFs, and only use your Acrobat 7 on files that have been virus checked first.

You also have RealPlayer. I would suggest removing it due to accompanying trackware/adware, and use something like VLC.
It's your call. I don't know whether that is a source of your problem.

Is MyTurboPC the trial version?

------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

Java 7 Update 17
Java Auto Updater

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://www.oracle.com/technetwork/java/javase/downloads/index.html, and install it to your computer.
Under Java Platform, Standard Edition, labeled Java SE 7 Update 45, click on the button labeled JRE Download. Do NOT choose the button labeled "JDK Download" or "JRE Server".
If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the link for your Platform, jre-7u45-windows-x64.exe for 64-bit, and click it.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.

During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
When it finishes, you can remove the Installer from your desktop.
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
After a couple minutes or less, when some text appears in the box, click Save List To File.
A message box will verify the file saved. It is important that you run the program just once..
Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code:
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{61A2D295-1D81-42F3-AB8A-E8B08DA7F25C}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
    O2:64bit: - BHO: (no name) - {A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_17)
    [2013/10/10 09:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
    [2013/10/10 09:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    That is the FIX log file. It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
----------------------------------------------
After posting the Resulting log, Please Rescan as follows:
Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in a separate reply.
---------------------------------------------------
So, In Your Reply, we will be looking for the following :
The contents of:
  • CKFiles.txt
  • The FIX log from OTL
  • The new version of OTL.txt after the Quick Scan
Please feel free to use separate replies.

askey127
 
#12 ·
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{61A2D295-1D81-42F3-AB8A-E8B08DA7F25C}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61A2D295-1D81-42F3-AB8A-E8B08DA7F25C}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
File move failed. C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE7CD045-E861-484f-8273-0445EE161910}\ deleted successfully.
C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 7.0 deleted successfully.
C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\ProgramData\IObit\Advanced SystemCare V6 folder moved successfully.
C:\ProgramData\IObit folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\images folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6 folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Doug Bell\Desktop\cmd.bat deleted successfully.
C:\Users\Doug Bell\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Doug Bell
->Java cache emptied: 239509 bytes

User: LogMeInRemoteUser

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 57616 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Doug Bell
->Flash cache emptied: 183667 bytes

User: LogMeInRemoteUser
->Flash cache emptied: 56475 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Doug Bell
->Temp folder emptied: 48990779 bytes
->Temporary Internet Files folder emptied: 282607234 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1715831 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83841333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67758 bytes
RecycleBin emptied: 2981641503 bytes

Total Files Cleaned = 3,241.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10162013_125834
Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.
C:\Users\Doug Bell\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Doug Bell\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Doug Bell\AppData\Local\Google\Google Talk Plugin\gtbaxplugin.log moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Doug Bell\AppData\Local\Google\Google Talk Plugin\o1daxplugin.log moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SILG58Q5\d=1[1].htm moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SILG58Q5\notificationdetail[2].htm moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BLPZ9SIJ\canvas[1].htm moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BLPZ9SIJ\chat_message_52df20dbc4522c398abba5d0b6377131[1].mp3 moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BLPZ9SIJ\recentposts[1].htm moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6BKBL4M5\bind[1].htm moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6BKBL4M5\frame[1].htm moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6BKBL4M5\hovercard[1].htm moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1M8WHE8R\0[3].htm moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
#13 ·
CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\users\doug bell\searches\computer stuff\password crack.doc
c:\users\doug bell\searches\computer stuff\wi-fi utilities\main [aircrack-ng].url
c:\users\doug bell\searches\computer stuff\wi-fi utilities\russian password crackers fastest password recovery software.url
c:\users\doug bell\searches\search engines\computer stuff\password crack.doc
c:\users\doug bell\searches\search engines\computer stuff\wi-fi utilities\main [aircrack-ng].url
c:\users\doug bell\searches\search engines\computer stuff\wi-fi utilities\russian password crackers fastest password recovery software.url
scanner sequence 3.FN.11.WAAPLZ
----- EOF -----
 
#14 ·
I do not recognize MyTurboPC ?

New Version of OTL txt:

All processes killed
Error: Unable to interpret <All processes killed> in the current context!
Error: Unable to interpret <========== COMMANDS ==========> in the current context!
Error: Unable to interpret <Restore point Set: OTL Restore Point> in the current context!
Error: Unable to interpret <========== OTL ==========> in the current context!
Error: Unable to interpret <64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{61A2D295-1D81-42F3-AB8A-E8B08DA7F25C}\ deleted successfully.> in the current context!
Error: Unable to interpret <64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61A2D295-1D81-42F3-AB8A-E8B08DA7F25C}\ not found.> in the current context!
Error: Unable to interpret <64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0}\ deleted successfully.> in the current context!
Error: Unable to interpret <64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0}\ not found.> in the current context!
Error: Unable to interpret <Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.> in the current context!
Error: Unable to interpret <Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.> in the current context!
Error: Unable to interpret <File move failed. C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.> in the current context!
Error: Unable to interpret <Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}\ deleted successfully.> in the current context!
Error: Unable to interpret <Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE7CD045-E861-484f-8273-0445EE161910}\ deleted successfully.> in the current context!
Error: Unable to interpret <C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll moved successfully.> in the current context!
Error: Unable to interpret <Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.> in the current context!
Error: Unable to interpret <Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.> in the current context!
Error: Unable to interpret <Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.> in the current context!
Error: Unable to interpret <Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 7.0 deleted successfully.> in the current context!
Error: Unable to interpret <C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe moved successfully.> in the current context!
Error: Unable to interpret <Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.> in the current context!
Error: Unable to interpret <Starting removal of ActiveX control {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}> in the current context!
Error: Unable to interpret <Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\ not found.> in the current context!
Error: Unable to interpret <Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\ not found.> in the current context!
Error: Unable to interpret <Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\ not found.> in the current context!
Error: Unable to interpret <Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\ not found.> in the current context!
Error: Unable to interpret <Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}> in the current context!
Error: Unable to interpret <Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.> in the current context!
Error: Unable to interpret <Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.> in the current context!
Error: Unable to interpret <Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.> in the current context!
Error: Unable to interpret <Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.> in the current context!
Error: Unable to interpret <C:\ProgramData\IObit\Advanced SystemCare V6 folder moved successfully.> in the current context!
Error: Unable to interpret <C:\ProgramData\IObit folder moved successfully.> in the current context!
Error: Unable to interpret <C:\Program Files (x86)\IObit\Advanced SystemCare 6\LatestNews folder moved successfully.> in the current context!
Error: Unable to interpret <C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\images folder moved successfully.> in the current context!
Error: Unable to interpret <C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect folder moved successfully.> in the current context!
Error: Unable to interpret <C:\Program Files (x86)\IObit\Advanced SystemCare 6 folder moved successfully.> in the current context!
Error: Unable to interpret <C:\Program Files (x86)\IObit folder moved successfully.> in the current context!
Error: Unable to interpret <========== FILES ==========> in the current context!
Error: Unable to interpret << ipconfig /flushdns /c >> in the current context!
Error: Unable to interpret <Windows IP Configuration> in the current context!
Error: Unable to interpret <Successfully flushed the DNS Resolver Cache.> in the current context!
Error: Unable to interpret <C:\Users\Doug Bell\Desktop\cmd.bat deleted successfully.> in the current context!
Error: Unable to interpret <C:\Users\Doug Bell\Desktop\cmd.txt deleted successfully.> in the current context!
Error: Unable to interpret <========== COMMANDS ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[EMPTYJAVA]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: All Users> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: Default> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: Default User> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: Doug Bell> in the current context!
Error: Unable to interpret <->Java cache emptied: 239509 bytes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: LogMeInRemoteUser> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: Public> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Total Java Files Cleaned = 0.00 mb> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[EMPTYFLASH]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: All Users> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: Default> in the current context!
Error: Unable to interpret <->Flash cache emptied: 57616 bytes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: Default User> in the current context!
Error: Unable to interpret <->Flash cache emptied: 0 bytes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: Doug Bell> in the current context!
Error: Unable to interpret <->Flash cache emptied: 183667 bytes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: LogMeInRemoteUser> in the current context!
Error: Unable to interpret <->Flash cache emptied: 56475 bytes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: Public> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Total Flash Files Cleaned = 0.00 mb> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[EMPTYTEMP]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: All Users> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: Default> in the current context!
Error: Unable to interpret <->Temp folder emptied: 0 bytes> in the current context!
Error: Unable to interpret <->Temporary Internet Files folder emptied: 67 bytes> in the current context!
Error: Unable to interpret <->Flash cache emptied: 0 bytes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: Default User> in the current context!
Error: Unable to interpret <->Temp folder emptied: 0 bytes> in the current context!
Error: Unable to interpret <->Temporary Internet Files folder emptied: 0 bytes> in the current context!
Error: Unable to interpret <->Flash cache emptied: 0 bytes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: Doug Bell> in the current context!
Error: Unable to interpret <->Temp folder emptied: 48990779 bytes> in the current context!
Error: Unable to interpret <->Temporary Internet Files folder emptied: 282607234 bytes> in the current context!
Error: Unable to interpret <->Java cache emptied: 0 bytes> in the current context!
Error: Unable to interpret <->Flash cache emptied: 0 bytes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: LogMeInRemoteUser> in the current context!
Error: Unable to interpret <->Temp folder emptied: 0 bytes> in the current context!
Error: Unable to interpret <->Temporary Internet Files folder emptied: 67 bytes> in the current context!
Error: Unable to interpret <->Flash cache emptied: 0 bytes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: Public> in the current context!
Error: Unable to interpret <->Temp folder emptied: 0 bytes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%systemdrive% .tmp files removed: 0 bytes> in the current context!
Error: Unable to interpret <%systemroot% .tmp files removed: 1715831 bytes> in the current context!
Error: Unable to interpret <%systemroot%\System32 .tmp files removed: 0 bytes> in the current context!
Error: Unable to interpret <%systemroot%\System32 (64bit) .tmp files removed: 0 bytes> in the current context!
Error: Unable to interpret <%systemroot%\System32\drivers .tmp files removed: 0 bytes> in the current context!
Error: Unable to interpret <Windows Temp folder emptied: 83841333 bytes> in the current context!
Error: Unable to interpret <%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67758 bytes> in the current context!
Error: Unable to interpret <RecycleBin emptied: 2981641503 bytes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Total Files Cleaned = 3,241.00 mb> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.2.69.0 log created on 10162013_125834> in the current context!
Error: Unable to interpret <Files\Folders moved on Reboot...> in the current context!
Error: Unable to interpret <File move failed. C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.> in the current context!
Error: Unable to interpret <C:\Users\Doug Bell\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.> in the current context!
Error: Unable to interpret <C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Doug Bell\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db moved successfully.> in the current context!
Error: Unable to interpret <C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Doug Bell\AppData\Local\Google\Google Talk Plugin\gtbaxplugin.log moved successfully.> in the current context!
Error: Unable to interpret <C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Doug Bell\AppData\Local\Google\Google Talk Plugin\o1daxplugin.log moved successfully.> in the current context!
Error: Unable to interpret <C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SILG58Q5\d=1[1].htm moved successfully.> in the current context!
Error: Unable to interpret <C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SILG58Q5\notificationdetail[2].htm moved successfully.> in the current context!
Error: Unable to interpret <C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BLPZ9SIJ\canvas[1].htm moved successfully.> in the current context!
Error: Unable to interpret <C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BLPZ9SIJ\chat_message_52df20dbc4522c398abba5d0b6377131[1].mp3 moved successfully.> in the current context!
Error: Unable to interpret <C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BLPZ9SIJ\recentposts[1].htm moved successfully.> in the current context!
Error: Unable to interpret <C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6BKBL4M5\bind[1].htm moved successfully.> in the current context!
Error: Unable to interpret <C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6BKBL4M5\frame[1].htm moved successfully.> in the current context!
Error: Unable to interpret <C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6BKBL4M5\hovercard[1].htm moved successfully.> in the current context!
Error: Unable to interpret <C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1M8WHE8R\0[3].htm moved successfully.> in the current context!
Error: Unable to interpret <C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.> in the current context!
Error: Unable to interpret <C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.> in the current context!
Error: Unable to interpret <PendingFileRenameOperations files...> in the current context!
Error: Unable to interpret <Registry entries deleted on Reboot...> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 10162013_131307
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
#16 ·
OTL logfile created on: 10/16/2013 3:29:26 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Doug Bell\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 3.83 Gb Available Physical Memory | 63.88% Memory free
11.98 Gb Paging File | 10.06 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.76 Gb Total Space | 294.35 Gb Free Space | 64.87% Space Free | Partition Type: NTFS
Drive D: | 11.91 Gb Total Space | 2.14 Gb Free Space | 17.98% Space Free | Partition Type: NTFS
Drive J: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.16% Space Free | Partition Type: FAT32
Drive K: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.16% Space Free | Partition Type: FAT32
Drive L: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.15% Space Free | Partition Type: FAT32
Drive M: | 7.45 Gb Total Space | 0.01 Gb Free Space | 0.17% Space Free | Partition Type: FAT32
Drive N: | 3.73 Gb Total Space | 0.10 Gb Free Space | 2.65% Space Free | Partition Type: FAT32

Computer Name: DOUGBELL | User Name: Doug Bell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Doug Bell\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Users\Doug Bell\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Doug Bell\AppData\Local\The Weather Network\weathereye.exe (Pelmorex Media Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
PRC - C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
PRC - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Users\Doug Bell\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\WordWeb\WUCNT.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (CronService) -- C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (APC UPS Service) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (UnlockerDriver5) -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys ()
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B0E88C92-8774-4AA4-B4A9-E5343FA62456}
IE:64bit: - HKLM\..\SearchScopes\{B0E88C92-8774-4AA4-B4A9-E5343FA62456}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 65 34 F6 6F C7 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Doug Bell\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Doug Bell\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Doug Bell\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Doug Bell\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Doug Bell\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/10/28 20:23:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\zulagames@ZulaGames.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/09/08 08:05:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/10/28 20:23:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\zulagames@ZulaGames.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013/07/30 23:31:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis03@SpeedAnalysis.com: C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013/09/08 08:05:04 | 000,000,000 | ---D | M]

[2013/09/08 08:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions
[2013/07/30 23:31:45 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
[2013/09/08 08:05:04 | 000,000,000 | ---D | M] (Speed Analysis 3) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
[2013/07/30 23:31:45 | 000,000,000 | ---D | M] (Zula Games) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com
[2013/10/12 12:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/10/29 12:26:44 | 000,214,909 | ---- | M] () (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\onlinehdtv@onlinehd.tv.xpi
[2012/10/13 13:27:00 | 000,037,914 | ---- | M] () (No name found) -- C:\Users\Doug Bell\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012/10/29 12:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/06/18 19:38:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [googletalk] C:\Users\Doug Bell\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [HP Officejet 6600 (NET)] C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WeatherEye] C:\Users\Doug Bell\AppData\Local\The Weather Network\weathereye.exe (Pelmorex Media Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiscSpaceChecks = Reg Error: Unknown registry data type File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://costco.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D46081BE-153B-4999-90E9-94B4F7CBB5EF}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\intu-qt2009 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/15 09:56:31 | 000,000,217 | ---- | M] () - C:\Autoconfig.ini -- [ NTFS ]
O32 - AutoRun File - [2013/09/21 08:08:37 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - L:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (defrag_native)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/16 13:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/10/16 13:24:15 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Tech Support Guy
[2013/10/16 12:58:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/16 12:52:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Doug Bell\Desktop\OTL.exe
[2013/10/16 12:05:38 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\vlc
[2013/10/16 12:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/10/16 11:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/16 11:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/16 11:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/10/15 13:00:02 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\MyTurboPC.com
[2013/10/15 12:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTurboPC.com
[2013/10/14 22:26:23 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/10/14 09:13:35 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Google_files
[2013/10/12 13:31:48 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\ParetoLogic
[2013/10/12 13:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/10/10 09:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/10/10 09:01:08 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Apple Computer
[2013/10/03 09:44:20 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Local\CUSTPDF Writer
[2013/09/30 10:41:41 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Best of Pakenham
[2013/09/27 08:42:20 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\Systweak
[2013/09/25 20:29:40 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\RocketPDF
[2013/09/22 12:27:15 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Sarah Edinburg
[2013/09/22 10:32:04 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Documents\AdobeStockPhotos
[2013/09/21 20:43:05 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\Desktop\Blue Sky additions
[2013/09/21 10:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/21 10:09:03 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/09/21 10:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/09/21 09:55:43 | 000,000,000 | ---D | C] -- C:\Users\Doug Bell\AppData\Roaming\DefaultTab
[2013/09/21 08:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/09/21 08:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[1 C:\Users\Doug Bell\Documents\*.tmp files -> C:\Users\Doug Bell\Documents\*.tmp -> ]
[1 C:\Users\Doug Bell\Desktop\*.tmp files -> C:\Users\Doug Bell\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/16 15:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/16 15:21:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3698204442-3240286689-1174133963-1000UA.job
[2013/10/16 15:20:02 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2013/10/16 14:49:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/16 14:42:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013/10/16 13:22:14 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/16 13:22:14 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/16 13:19:35 | 000,740,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/16 13:19:35 | 000,637,328 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/16 13:19:35 | 000,114,770 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/16 13:15:13 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/16 13:14:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/16 13:14:27 | 529,182,719 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/16 13:14:25 | 000,000,211 | ---- | M] () -- C:\fraglist.luar
[2013/10/16 13:14:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013/10/16 12:43:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/10/16 11:47:24 | 000,000,240 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Beautiful Weather Graphs and Maps - WeatherSpark.url
[2013/10/16 08:45:31 | 000,000,092 | ---- | M] () -- C:\Users\Doug Bell\AppData\Roaming\WB.CFG
[2013/10/16 08:45:31 | 000,000,006 | ---- | M] () -- C:\Users\Doug Bell\AppData\Roaming\WBPU-TTL.DAT
[2013/10/16 08:21:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3698204442-3240286689-1174133963-1000Core.job
[2013/10/15 18:00:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\Foresight Software Registration3.job
[2013/10/15 16:08:21 | 001,445,964 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Landowne.series.7.csv
[2013/10/15 11:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Doug Bell\Desktop\OTL.exe
[2013/10/15 10:08:09 | 000,000,204 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Virus & Other Malware Removal - Tech Support Guy.url
[2013/10/15 10:07:29 | 000,000,251 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Fake Low Disk Space error message - Tech Support Guy.url
[2013/10/14 09:13:35 | 000,120,539 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Google.htm
[2013/10/13 11:38:59 | 090,436,944 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Far Side Lane Jct.psd
[2013/10/13 11:38:55 | 010,612,463 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Far Side Lane Jct.jpg
[2013/10/12 20:36:39 | 000,000,200 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Pick-up Hockey, Free Hockey Pools, Office Pools.url
[2013/10/11 08:14:14 | 000,405,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/09 23:43:02 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/03 09:44:20 | 000,000,000 | ---- | M] () -- C:\Users\Doug Bell\Documents\13690590-the-age-of-hope.pdf
[2013/10/02 13:07:40 | 006,547,327 | ---- | M] () -- C:\Users\Doug Bell\Desktop\IMGP4759.JPG
[2013/10/02 06:50:47 | 001,445,754 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Landowne..csv
[2013/09/29 10:45:59 | 002,687,561 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Pakenham reframed 1.jpg
[2013/09/29 10:40:53 | 007,912,794 | ---- | M] () -- C:\Users\Doug Bell\Desktop\IMGP4724.JPG
[2013/09/25 13:42:01 | 000,000,074 | -H-- | M] () -- C:\Users\Doug Bell\Documents\.picasa.ini
[2013/09/25 13:40:13 | 000,523,890 | ---- | M] () -- C:\Users\Doug Bell\Documents\Baking for Special Needs.jpg
[2013/09/25 13:40:13 | 000,510,877 | ---- | M] () -- C:\Users\Doug Bell\Documents\Scan0001.jpg
[2013/09/21 13:36:48 | 000,000,836 | ---- | M] () -- C:\Users\Doug Bell\Documents\cc_20130921_133642.reg
[2013/09/21 13:36:24 | 000,019,536 | ---- | M] () -- C:\Users\Doug Bell\Documents\cc_20130921_133618.reg
[2013/09/21 12:38:34 | 000,000,269 | ---- | M] () -- C:\Windows\wininit.ini
[2013/09/21 09:55:49 | 000,000,258 | RHS- | M] () -- C:\Users\Doug Bell\ntuser.pol
[2013/09/21 08:08:37 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/09/20 10:16:03 | 000,000,168 | ---- | M] () -- C:\Users\Doug Bell\Desktop\Bing.url
[2013/09/16 16:09:04 | 000,001,403 | ---- | M] () -- C:\Users\Doug Bell\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[1 C:\Users\Doug Bell\Documents\*.tmp files -> C:\Users\Doug Bell\Documents\*.tmp -> ]
[1 C:\Users\Doug Bell\Desktop\*.tmp files -> C:\Users\Doug Bell\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/16 13:01:58 | 000,000,211 | ---- | C] () -- C:\fraglist.luar
[2013/10/16 11:47:24 | 000,000,240 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Beautiful Weather Graphs and Maps - WeatherSpark.url
[2013/10/15 10:08:09 | 000,000,204 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Virus & Other Malware Removal - Tech Support Guy.url
[2013/10/15 10:07:28 | 000,000,251 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Fake Low Disk Space error message - Tech Support Guy.url
[2013/10/14 09:13:35 | 000,120,539 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Google.htm
[2013/10/13 11:37:15 | 010,612,463 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Far Side Lane Jct.jpg
[2013/10/12 20:36:39 | 000,000,200 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Pick-up Hockey, Free Hockey Pools, Office Pools.url
[2013/10/11 20:56:59 | 090,436,944 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Far Side Lane Jct.psd
[2013/10/03 09:44:28 | 000,000,000 | ---- | C] () -- C:\Users\Doug Bell\Documents\13690590-the-age-of-hope.pdf
[2013/10/02 13:06:08 | 006,547,327 | ---- | C] () -- C:\Users\Doug Bell\Desktop\IMGP4759.JPG
[2013/09/29 10:45:55 | 002,687,561 | ---- | C] () -- C:\Users\Doug Bell\Desktop\Pakenham reframed 1.jpg
[2013/09/29 10:32:46 | 007,912,794 | ---- | C] () -- C:\Users\Doug Bell\Desktop\IMGP4724.JPG
[2013/09/27 14:26:05 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2013/09/25 13:43:02 | 000,523,890 | ---- | C] () -- C:\Users\Doug Bell\Documents\Baking for Special Needs.jpg
[2013/09/25 13:40:56 | 000,000,074 | -H-- | C] () -- C:\Users\Doug Bell\Documents\.picasa.ini
[2013/09/25 13:40:13 | 000,510,877 | ---- | C] () -- C:\Users\Doug Bell\Documents\Scan0001.jpg
[2013/09/21 13:36:44 | 000,000,836 | ---- | C] () -- C:\Users\Doug Bell\Documents\cc_20130921_133642.reg
[2013/09/21 13:36:20 | 000,019,536 | ---- | C] () -- C:\Users\Doug Bell\Documents\cc_20130921_133618.reg
[2013/09/21 10:09:07 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/09/21 09:55:49 | 000,000,258 | RHS- | C] () -- C:\Users\Doug Bell\ntuser.pol
[2013/09/21 08:08:37 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/09/16 16:09:03 | 000,001,375 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/09/12 21:42:01 | 000,000,092 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\WB.CFG
[2013/09/12 21:42:01 | 000,000,006 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\WBPU-TTL.DAT
[2013/07/18 11:18:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/18 11:02:40 | 000,000,201 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/03/06 10:09:36 | 000,033,193 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\UserTile.png
[2013/02/12 11:57:04 | 006,494,793 | ---- | C] () -- C:\Users\Doug Bell\3120 China 3120.jpg
[2012/11/09 17:16:41 | 000,000,027 | ---- | C] () -- C:\Windows\btw.ini
[2012/11/09 17:16:22 | 000,000,399 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012/07/25 10:13:35 | 000,000,355 | ---- | C] () -- C:\Users\Doug Bell\Computer - Shortcut.lnk
[2012/06/18 19:29:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/18 19:29:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/18 19:29:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/18 19:29:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/18 19:29:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/26 18:39:08 | 000,007,609 | ---- | C] () -- C:\Users\Doug Bell\AppData\Local\Resmon.ResmonCfg
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/12/19 10:00:40 | 000,000,271 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011/12/19 09:57:07 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2011/12/12 14:34:40 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/12/12 10:41:18 | 000,000,000 | ---- | C] () -- C:\Users\Doug Bell\startupreport.htm
[2011/10/29 11:46:54 | 000,000,166 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\PLGComp.ini
[2011/07/12 11:26:53 | 000,001,854 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\GhostObjGAFix.xml
[2011/05/10 08:47:08 | 000,004,608 | ---- | C] () -- C:\Users\Doug Bell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/04 08:49:09 | 000,000,104 | ---- | C] () -- C:\Users\Doug Bell\Computer.lnk
[2011/04/26 20:36:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/26 16:05:28 | 000,000,112 | ---- | C] () -- C:\Users\Doug Bell\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/15 12:40:40 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Avery
[2011/06/16 16:41:59 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Book Place
[2011/05/27 17:01:08 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\calibre
[2011/06/28 14:29:35 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\ChemTable Software
[2011/11/14 23:49:07 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\com.Shutterfly.ExpressUploader
[2011/12/03 18:10:33 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Crossword Compiler 8
[2013/09/24 12:27:06 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\DefaultTab
[2011/05/20 09:27:57 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Disruptive Innovations SARL
[2012/10/31 09:29:35 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\DriverCure
[2013/09/12 20:41:22 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\DSite
[2011/05/10 09:17:17 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Easy Duplicate Finder
[2013/09/13 12:29:58 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Foresight Software
[2013/03/16 10:52:21 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Garmin
[2013/10/10 09:01:05 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\IObit
[2011/04/26 15:40:52 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Leadertech
[2011/12/19 09:59:01 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\MyHeritage
[2013/10/15 13:00:02 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\MyTurboPC.com
[2012/01/05 11:38:28 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Office Assistance
[2011/06/05 15:56:52 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Opera
[2011/05/27 13:25:38 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\OverDrive
[2013/10/12 13:31:48 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\ParetoLogic
[2013/03/06 10:09:36 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\PeerNetworking
[2013/09/08 08:08:33 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\PerformerSoft
[2013/09/25 22:15:40 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\RocketPDF
[2011/05/10 10:39:33 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Softinterface, Inc
[2011/10/20 08:25:12 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Softland
[2013/09/08 08:27:00 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\SpeedAnalysis2
[2012/10/31 09:29:35 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\SpeedMaxPc
[2013/09/27 16:35:35 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Systweak
[2012/04/11 13:43:14 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\TeamViewer
[2011/09/18 12:32:47 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Template
[2011/12/19 09:57:07 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2012/06/15 12:29:47 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\TweakNow PowerPack 2012
[2011/10/22 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\WhiteSmokeTranslator
[2011/04/27 13:21:54 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\WinBatch
[2012/01/15 21:46:42 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >
 
#18 ·
dougbell4422,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code:
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    [2011/10/22 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\WhiteSmokeTranslator
    [2013/10/10 09:01:05 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\IObit
    [2013/10/15 13:00:02 | 000,000,000 | ---D | M] -- C:\Users\Doug Bell\AppData\Roaming\MyTurboPC.com
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
    
    :Files
    C:\Users\Doug Bell\AppData\Roaming\MyTurboPC.com
    C:\ProgramData\MyTurboPC.com
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    That is the FIX log file. It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

-------------------------------------------------------------
AdwCleaner Download and Run

Click on this link to download : ADWCleaner
Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
It may take several minutes to complete. When it is done, click on the Clean button, accept any prompts that appear and allow the system to reboot.
You will then be presented with the report. Copy & Paste it into your next post.



Tell me if you are still getting the adware popups.
askey127
 
#19 ·
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Doug Bell\AppData\Roaming\WhiteSmokeTranslator folder moved successfully.
C:\Users\Doug Bell\AppData\Roaming\IObit\IObit Uninstaller\Language folder moved successfully.
C:\Users\Doug Bell\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Doug Bell\AppData\Roaming\IObit\Advanced SystemCare V6\Temp folder moved successfully.
C:\Users\Doug Bell\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully.
C:\Users\Doug Bell\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully.
C:\Users\Doug Bell\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully.
C:\Users\Doug Bell\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully.
C:\Users\Doug Bell\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Users\Doug Bell\AppData\Roaming\IObit folder moved successfully.
C:\Users\Doug Bell\AppData\Roaming\MyTurboPC.com\MyTurboPC folder moved successfully.
C:\Users\Doug Bell\AppData\Roaming\MyTurboPC.com folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ deleted successfully.
========== FILES ==========
File\Folder C:\Users\Doug Bell\AppData\Roaming\MyTurboPC.com not found.
C:\ProgramData\MyTurboPC.com\MyTurboPC folder moved successfully.
C:\ProgramData\MyTurboPC.com folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Doug Bell\Desktop\cmd.bat deleted successfully.
C:\Users\Doug Bell\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Doug Bell
->Temp folder emptied: 701335 bytes
->Temporary Internet Files folder emptied: 220807098 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1566 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28432 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 211.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10162013_183040
Files\Folders moved on Reboot...
C:\Users\Doug Bell\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Doug Bell\AppData\Local\Google\Google Talk Plugin\gtbaxplugin.log moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Doug Bell\AppData\Local\Google\Google Talk Plugin\o1daxplugin.log moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y71LQ4YR\recentposts[1].htm moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y71LQ4YR\si[1].htm moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRVSVZYK\728x90s[3].htm moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRVSVZYK\chat_message_52df20dbc4522c398abba5d0b6377131[1].mp3 moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRVSVZYK\frame[1].htm moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\77UMJKK7\0[4].htm moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\77UMJKK7\bind[1].htm moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\77UMJKK7\canvas[1].htm moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\77UMJKK7\d=1[1].htm moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Doug Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
#20 ·
# AdwCleaner v3.008 - Report created 16/10/2013 at 18:53:40
# Updated 17/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Doug Bell - DOUGBELL
# Running from : C:\Users\Doug Bell\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\SpeedMaxPc
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Users\Doug Bell\AppData\Local\Tiger Savings
Folder Deleted : C:\Users\Doug Bell\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Doug Bell\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Doug Bell\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Doug Bell\AppData\LocalLow\iac
Folder Deleted : C:\Users\Doug Bell\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Doug Bell\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Doug Bell\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Doug Bell\AppData\Roaming\DSite
Folder Deleted : C:\Users\Doug Bell\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Doug Bell\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Doug Bell\AppData\Roaming\SpeedAnalysis2
Folder Deleted : C:\Users\Doug Bell\AppData\Roaming\SpeedMaxPc
Folder Deleted : C:\Users\Doug Bell\AppData\Roaming\Systweak
File Deleted : C:\Users\Doug Bell\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\Tasks\DSite.job
File Deleted : C:\Windows\System32\Tasks\DSite
***** [ Shortcuts ] *****

***** [ Registry ] *****
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16514

-\\ Mozilla Firefox v
*************************
AdwCleaner[R0].txt - [6183 octets] - [16/10/2013 18:53:01]
AdwCleaner[S0].txt - [5970 octets] - [16/10/2013 18:53:40]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6030 octets] ##########
 
#23 ·
askey127,

The timing couldn't be better as I'm out for the day. The pop-up comes in regularly at 8:40 a.m. approx. each morning.

I have some questions to ask you at a later date, tomorrow perhaps. I do appreciate very much all the time you have dedicated to this problem. I feel as if I should offer something in return. I will leave this question for tomorrow.

Thanks,

Doug.
 
#24 ·
Hi Askey127,

Second morning no Malware. Voila! You have removed the threat. It would be helpful to know where and how this malware entered my computer. There were so many suspect entry points it may be hard to tell.

Thank you again for the time and effort you spent on cleaning up this issue.

Doug. Bell
 
#25 ·
Doug,
There are a number of programs that could have dragged the advertising in without permission.
Almost all "Free" programs now from free program warehouses (read almost everything from CNET, Softonic, etc.), incorporate something to make money, and they don't all do it with good ethics, or tell you about it.
Be sure any free program you use comes only from the author's site, and don't use P2P torrents at all.
Files shared via torrent sites may have not just adware, but malicious content.
Pay careful attention to every screen during any installation, to uncheck offered extras.

Safety online is largely a case of "stop clicking" on links and sidebars.

I would suggest you use Firefox mostly, with add-ons AdBlock Plus and NoScript .

You should be OK.
askey127
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top