1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

possible keylogger

Discussion in 'Virus & Other Malware Removal' started by clester, Feb 26, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. clester

    clester Thread Starter

    Joined:
    Dec 11, 2008
    Messages:
    190
    I have a dell 64 bit running Win 7 Home premium
    I have an administrator account and 1 user accounts
    The user account has a 14 character password and my son says that he guessed the password and that he has guessed the last 3 passwords we have set.
    I am 99% certain no one has said anything so something fishy is going on,

    Valis asked that I start here
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,047
    Hiya

    Sorry for the late reply. Are you still having this problem? If so, can you do the following and we'll go from there:

    Download Security Check from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    ------

    Download OTL to your Desktop


    (Vista or Win 7 => right click and Run As Administrator)

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Standard Output.
    • At the top, check the box entitled Scan All Users
    • Toward the bottom, check:
      All Users
      LOP Check
      Purity Check
    • Under the Standard Registry box change it to All
      Do not change any settings unless otherwise told to do so.
    • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

      Code:
      DRIVES
      netsvcs
      activex
      msconfig
      drivers32
      %systemroot%\assembly\GAC_32\*.ini
      %systemroot%\assembly\GAC_64\*.ini
      %ALLUSERSPROFILE%\Application Data\*.exe
      %APPDATA%\*.
      safebootminimal
      safebootnetwork
      %SYSTEMDRIVE%\*.*
      %PROGRAMFILES%\*.exe
      %LOCALAPPDATA%\*.exe
      %windir%\Installer\*.*
      %windir%\system32\tasks\*.*
      %windir%\system32\tasks\*.* /64
      %systemroot%\Fonts\*.exe
      %systemroot%\*. /mp /s
      /md5start
      pnrpnsp.dll
      nwprovau.dll
      nlaapi.dll
      napinsp.dll
      mswsock.dll
      winrnr.dll
      wshelper.dll
      consrv.dll
      explorer.exe
      winlogon.exe
      regedit.exe
      Userinit.exe
      svchost.exe
      services.exe
      user32.dll
      atapi.sys
      csrss.exe
      PRINTISOLATIONHOST.EXE
      /md5stop
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemdrive%\$Recycle.Bin|@;true;true;true /fp
      %systemroot%\system32\drivers\*.sys /lockedfiles
      C:\Windows\assembly\tmp\U\*.* /s
      %Temp%\smtmp\* \s
      %Temp%\smtmp\1\*.*
      %Temp%\smtmp\2\*.*
      %Temp%\smtmp\3\*.*
      %Temp%\smtmp\4\*.*
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT
      
    • Click the Run Scan button. The scan wont take long.
      A black box will appear, this is part of the custom scan, so don't be alarmed ;)
      IF OTL SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

    Thanks

    eddie
     
  3. clester

    clester Thread Starter

    Joined:
    Dec 11, 2008
    Messages:
    190
    OTL logfile created on: 3/11/2015 8:27:00 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Debbie\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17633)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.75 Gb Total Physical Memory | 3.79 Gb Available Physical Memory | 65.92% Memory free
    11.50 Gb Paging File | 9.09 Gb Available in Paging File | 79.04% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 917.66 Gb Total Space | 735.15 Gb Free Space | 80.11% Space Free | Partition Type: NTFS

    Computer Name: DEBBIE-PC | User Name: Debbie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2015/03/11 08:25:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Debbie\Desktop\OTL.exe
    PRC - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/11/20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    PRC - [2013/11/20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    PRC - [2013/11/04 23:28:19 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2013/11/01 10:22:46 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
    PRC - [2013/07/02 11:19:30 | 000,248,208 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    PRC - [2013/07/02 11:19:30 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2012/02/01 12:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    PRC - [2012/02/01 12:50:04 | 001,850,224 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
    PRC - [2012/02/01 12:50:02 | 002,195,824 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
    PRC - [2011/12/19 14:10:22 | 003,050,352 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
    PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
    PRC - [2011/12/19 13:19:14 | 000,173,424 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
    PRC - [2010/09/06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    PRC - [2010/08/19 01:38:54 | 000,091,136 | ---- | M] (Sage Software, Inc) -- C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Sync.exe
    PRC - [2010/08/19 01:38:44 | 000,028,672 | ---- | M] (Sage Software, Inc.) -- C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe
    PRC - [2008/02/08 09:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/12/25 04:31:53 | 001,669,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\bb21380c3d4870a81038f30e1a00bcd5\Microsoft.VisualBasic.ni.dll
    MOD - [2014/12/25 04:31:28 | 000,197,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\21daf9c971ab09028359a3afedbdd8af\Microsoft.Practices.Unity.ni.dll
    MOD - [2014/12/25 04:31:28 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\dfa94fe5dfc5fa848d23a59e0295eeae\Microsoft.Practices.Unity.Configuration.ni.dll
    MOD - [2014/12/25 04:31:27 | 000,292,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\59526a026d4b12f50a4965e706215d87\Microsoft.Practices.ObjectBuilder2.ni.dll
    MOD - [2014/12/25 04:30:46 | 000,517,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Genghis\a11ebe28a2af1c665439f772631ef201\Genghis.ni.dll
    MOD - [2014/12/25 04:30:20 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\11295b4ad79dbeadee6c83ae45a8a07f\System.IdentityModel.ni.dll
    MOD - [2014/12/25 04:30:19 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\b1e0939384cc320d6ac7b8921ccc2877\System.Runtime.Serialization.ni.dll
    MOD - [2014/12/25 04:30:18 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\da4175d4363c1bcecb984a44cd53664f\SMDiagnostics.ni.dll
    MOD - [2014/12/25 04:30:17 | 017,477,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0d51a457c4cb85cd5ae8439094387ad3\System.ServiceModel.ni.dll
    MOD - [2014/12/25 04:28:34 | 001,819,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.SyncSetup\be319a9ccbcc0e48d9b261f8b8d99cd2\Act.UI.SyncSetup.ni.dll
    MOD - [2014/12/25 04:27:41 | 004,314,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Windows.#\5b10363118a4d94660ff009bf40fdebd\Act.Shared.Windows.Forms.ni.dll
    MOD - [2014/12/25 04:27:38 | 000,720,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Win32\5541c21c85660c04b7cdeb9144307357\Act.Shared.Win32.ni.dll
    MOD - [2014/12/25 04:27:38 | 000,134,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Utilities\53f88fca6d64ea37acd2d3961a42c8ed\Act.Shared.Utilities.ni.dll
    MOD - [2014/12/25 04:27:34 | 005,150,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Images\05580f7157ed38d655473b5f7ac8fc55\Act.Shared.Images.ni.dll
    MOD - [2014/12/25 04:27:31 | 000,080,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Config\741df796242a40ed4feef761e1de8738\Act.Shared.Config.ni.dll
    MOD - [2014/12/25 04:27:30 | 000,258,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Win.Int#\5c2a66a2b56be130bcdb4b3698d7fbe7\Act.Outlook.Win.Integration.ni.dll
    MOD - [2014/12/25 04:27:29 | 001,179,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Sync.Co#\dec48fa8962cd85785d32f16425028ba\Act.Outlook.Sync.Common.ni.dll
    MOD - [2014/12/25 04:27:28 | 000,527,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Service#\0ae240969ed65c3cda23c183523d4708\Act.Outlook.Service.Shared.ni.dll
    MOD - [2014/12/25 04:27:27 | 000,559,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Service#\187ebb2aa7bba74245db64a9e500ef87\Act.Outlook.Service.Desktop.ni.dll
    MOD - [2014/12/25 04:27:27 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Service#\3fc24552c70a3b7e7e3068ce78ecc02a\Act.Outlook.Service.Interfaces.ni.dll
    MOD - [2014/12/25 04:27:26 | 000,093,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Service#\d7f96f9c51ced04fbf38e98a28201b57\Act.Outlook.Service.AppCommon.ni.dll
    MOD - [2014/12/25 04:27:25 | 000,343,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Integra#\0778e7c74edc8f988aea1841d265bd9c\Act.Outlook.Integration.ni.dll
    MOD - [2014/12/25 04:27:04 | 009,803,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Framework\15b9af14ec20d5a36d8377e259dd0876\Act.Framework.ni.dll
    MOD - [2014/12/25 04:26:58 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\e3641fa3359f37ad12c84183ce765093\System.Core.ni.dll
    MOD - [2014/12/25 04:22:18 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b4001d722e320fa42cd87b04b5249b2d\System.Web.ni.dll
    MOD - [2014/12/25 04:22:13 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\875c35969785fa170d186e7ca546ac9e\System.Runtime.Remoting.ni.dll
    MOD - [2014/12/25 04:21:52 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
    MOD - [2014/12/25 04:21:46 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
    MOD - [2014/12/25 04:21:42 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
    MOD - [2014/12/25 04:21:40 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\615d0139e479f16c908d7be6036fdc92\System.Configuration.ni.dll
    MOD - [2014/12/25 04:21:23 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
    MOD - [2014/09/12 03:56:41 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.ADChronopher\fbe7292bdd4814b3b5e5307089323f4e\Interop.ADChronopher.ni.dll
    MOD - [2014/09/12 03:35:50 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
    MOD - [2014/02/06 01:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/02/06 01:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2013/09/14 02:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
    MOD - [2013/09/14 02:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
    MOD - [2012/02/01 12:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    MOD - [2012/02/01 12:50:04 | 001,850,224 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
    MOD - [2012/02/01 12:50:02 | 002,195,824 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
    MOD - [2012/02/01 12:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
    MOD - [2012/02/01 12:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
    MOD - [2012/02/01 12:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
    MOD - [2012/02/01 12:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
    MOD - [2011/09/17 14:44:13 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Diagnostics\13.0.401.0__ebf6b2ff4d0a08aa\Act.Shared.Diagnostics.dll
    MOD - [2011/09/17 14:44:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Interfaces\13.0.401.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Interfaces.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2015/01/11 21:34:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/15 01:14:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2015/02/05 02:00:39 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2015/01/02 20:45:12 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2014/04/12 00:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2013/11/08 19:39:15 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
    SRV - [2013/11/04 23:28:19 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2013/07/02 11:19:30 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2012/03/06 10:19:00 | 003,953,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
    SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
    SRV - [2011/12/19 13:19:14 | 000,173,424 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
    SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/09/06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
    SRV - [2010/08/19 01:54:12 | 000,081,920 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
    SRV - [2008/02/08 09:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/07/25 17:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
    DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2013/06/06 22:29:52 | 000,126,464 | ---- | M] (Razer Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
    DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/12/19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
    DRV:64bit: - [2011/12/19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
    DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
    DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
    DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
    DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
    DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
    DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
    DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
    DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
    DRV:64bit: - [2009/10/01 01:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/08/06 07:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2009/07/15 03:23:30 | 006,096,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 15:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/05 13:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
    DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    IE - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://us.mg203.mail.yahoo.com/dc/ [Binary data over 200 bytes]
    IE - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
    IE - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000\..\SearchScopes\{50F42E5B-4DF3-4423-B9F1-A74CB1CC4A04}: "URL" = http://search.yahoo.com/search?p={s...ype=W3i_DS,136,0_0,Search,20110521,6901,0,8,0
    IE - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS445
    IE - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000\..\SearchScopes\EBB3061BE79B4E5BB807E60269CC3E47: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS445
    IE - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@plugin.couponnetwork.com/Coupon Print Activator;version=4.5: C:\Users\Debbie\AppData\Roaming\E-centives\NPcolPM460.dll (Invenda)


    [2013/01/06 10:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Debbie\AppData\Roaming\Mozilla\Extensions
    [2011/05/31 10:19:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Debbie\AppData\Roaming\Mozilla\Extensions\[email protected]

    ========== Chrome ==========

    CHR - default_search_provider: (Enabled)
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\gcswf32.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: (Enabled) = C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibgfbdggapddbjjbopabhlhianklajie\1.0.5_0\chromeNPAPI.dll
    CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Coupon Activator Netscape Plugin v. 4.5.0.0 (Enabled) = C:\Users\Debbie\AppData\Roaming\E-centives\NPcolPM460.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
    CHR - Extension: No name found = C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
    CHR - Extension: No name found = C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdooklplcdnpdnbidhpopicmbhgdidph\2012.3.29.8221_0\
    CHR - Extension: No name found = C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnknkgccldocdogpnhbaddbdhhjiindo\2011.12.21.15428_0\
    CHR - Extension: No name found = C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkfikkkibdhcboaghclbgmppjnjjcame\2012.3.6.2128_0\
    CHR - Extension: No name found = C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhehjklalcfjkfdfcgimhlmfmicjfpam\2011.12.21.15417_0\
    CHR - Extension: No name found = C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (HP Smart Print BHO) - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe File not found
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files (x86)\GFI Software\VIPRE\SBRC.exe (GFI Software)
    O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
    O4 - HKLM..\Run: [Act! Preloader] C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
    O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
    O4 - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000..\Run: [LOLReplay Recorder] "C:\Users\Debbie\Desktop\LOLReplay\LOLRecorder.exe" -minimize File not found
    O4 - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000..\Run: [MK LOL] C:\Program Files (x86)\MKJogo\MK IM\Bin\MKIM.exe ()
    O4 - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000..\Run: [MKLOL] C:\Users\Debbie\Desktop\MKJogo\MKLOL\MK.exe (MK)
    O4 - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    O4 - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Nickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2402950803-3680726036-3035458503-1000\..Trusted Domains: adobe.com ([get] http in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_05-windows-i586.cab (Reg Error: Key error.)
    O16:64bit: - DPF: {CAFEEFAC-0018-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_05-windows-i586.cab (Reg Error: Key error.)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab (Java Plug-in 11.31.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab (Java Plug-in 1.7.0_51)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab (Java Plug-in 11.31.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91B1311D-42E3-4213-BA0E-6B9F632E1680}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97DBC59F-C43B-453E-A9E7-8B5167815621}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
    O29 - HKLM SecurityProviders - (credssp.dll) - File not found
    O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
  4. clester

    clester Thread Starter

    Joined:
    Dec 11, 2008
    Messages:
    190
    ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX:64bit: {26784146-6E05-3FF9-9335-786C7C0FB5BE} - .NET Framework
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX:64bit: >{F1A1006C-3342-412A-AF42-0DE7C8DC6D51} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {26784146-6E05-3FF9-9335-786C7C0FB5BE} - .NET Framework
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

    MsConfig:64bit - State: "services" - Reg Error: Key error.
    MsConfig:64bit - State: "startup" - Reg Error: Key error.

    Drivers32:64bit: aux - File not found
    Drivers32:64bit: aux1 - File not found
    Drivers32:64bit: midi - File not found
    Drivers32:64bit: midi1 - File not found
    Drivers32:64bit: midimapper - File not found
    Drivers32:64bit: mixer - File not found
    Drivers32:64bit: mixer1 - File not found
    Drivers32:64bit: msacm.imaadpcm - File not found
    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: msacm.msadpcm - File not found
    Drivers32:64bit: msacm.msg711 - File not found
    Drivers32:64bit: msacm.msgsm610 - File not found
    Drivers32:64bit: vidc.i420 - File not found
    Drivers32:64bit: vidc.iyuv - File not found
    Drivers32:64bit: vidc.mrle - File not found
    Drivers32:64bit: vidc.msvc - File not found
    Drivers32:64bit: vidc.uyvy - File not found
    Drivers32:64bit: vidc.yuy2 - File not found
    Drivers32:64bit: vidc.yvu9 - File not found
    Drivers32:64bit: vidc.yvyu - File not found
    Drivers32:64bit: wave - File not found
    Drivers32:64bit: wave1 - File not found
    Drivers32:64bit: wavemapper - File not found
    Drivers32: aux - wdmaud.drv File not found
    Drivers32: aux1 - wdmaud.drv File not found
    Drivers32: midi - wdmaud.drv File not found
    Drivers32: midi1 - wdmaud.drv File not found
    Drivers32: midimapper - midimap.dll File not found
    Drivers32: mixer - wdmaud.drv File not found
    Drivers32: mixer1 - wdmaud.drv File not found
    Drivers32: msacm.imaadpcm - imaadp32.acm File not found
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - msadp32.acm File not found
    Drivers32: msacm.msg711 - msg711.acm File not found
    Drivers32: msacm.msgsm610 - msgsm32.acm File not found
    Drivers32: msacm.siren - sirenacm.dll File not found
    Drivers32: vidc.cvid - iccvid.dll File not found
    Drivers32: vidc.i420 - iyuv_32.dll File not found
    Drivers32: vidc.iyuv - iyuv_32.dll File not found
    Drivers32: VIDC.LAGS - lagarith.dll File not found
    Drivers32: vidc.mrle - msrle32.dll File not found
    Drivers32: vidc.msvc - msvidc32.dll File not found
    Drivers32: vidc.uyvy - msyuv.dll File not found
    Drivers32: vidc.yuy2 - msyuv.dll File not found
    Drivers32: vidc.yvu9 - tsbyuv.dll File not found
    Drivers32: vidc.yvyu - msyuv.dll File not found
    Drivers32: wave - wdmaud.drv File not found
    Drivers32: wave1 - wdmaud.drv File not found
    Drivers32: wavemapper - msacm32.drv File not found

    SafeBootMin:64bit: AppMgmt - Service
    SafeBootMin:64bit: Base - Driver Group
    SafeBootMin:64bit: Boot Bus Extender - Driver Group
    SafeBootMin:64bit: Boot file system - Driver Group
    SafeBootMin:64bit: File system - Driver Group
    SafeBootMin:64bit: Filter - Driver Group
    SafeBootMin:64bit: HelpSvc - Service
    SafeBootMin:64bit: MCODS - Reg Error: Value error.
    SafeBootMin:64bit: PCI Configuration - Driver Group
    SafeBootMin:64bit: PNP Filter - Driver Group
    SafeBootMin:64bit: Primary disk - Driver Group
    SafeBootMin:64bit: sacsvr - Service
    SafeBootMin:64bit: SCSI Class - Driver Group
    SafeBootMin:64bit: System Bus Extender - Driver Group
    SafeBootMin:64bit: vmms - Service
    SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootMin: AppMgmt - Service
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: MCODS - Reg Error: Value error.
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SBAMSvc - C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe (GFI Software)
    SafeBootMin: SBPIMSvc - C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe (GFI Software)
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    SafeBootNet:64bit: AppMgmt - Service
    SafeBootNet:64bit: Base - Driver Group
    SafeBootNet:64bit: Boot Bus Extender - Driver Group
    SafeBootNet:64bit: Boot file system - Driver Group
    SafeBootNet:64bit: File system - Driver Group
    SafeBootNet:64bit: Filter - Driver Group
    SafeBootNet:64bit: HelpSvc - Service
    SafeBootNet:64bit: MCODS - Reg Error: Value error.
    SafeBootNet:64bit: Messenger - Service
    SafeBootNet:64bit: NDIS Wrapper - Driver Group
    SafeBootNet:64bit: NetBIOSGroup - Driver Group
    SafeBootNet:64bit: NetDDEGroup - Driver Group
    SafeBootNet:64bit: Network - Driver Group
    SafeBootNet:64bit: NetworkProvider - Driver Group
    SafeBootNet:64bit: PCI Configuration - Driver Group
    SafeBootNet:64bit: PNP Filter - Driver Group
    SafeBootNet:64bit: PNP_TDI - Driver Group
    SafeBootNet:64bit: Primary disk - Driver Group
    SafeBootNet:64bit: rdsessmgr - Service
    SafeBootNet:64bit: sacsvr - Service
    SafeBootNet:64bit: SCSI Class - Driver Group
    SafeBootNet:64bit: Streams Drivers - Driver Group
    SafeBootNet:64bit: System Bus Extender - Driver Group
    SafeBootNet:64bit: TDI - Driver Group
    SafeBootNet:64bit: vmms - Service
    SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet:64bit: WudfUsbccidDriver - Driver
    SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootNet: AppMgmt - Service
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: MCODS - Reg Error: Value error.
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SBAMSvc - C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe (GFI Software)
    SafeBootNet: SBPIMSvc - C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe (GFI Software)
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vmms - Service
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2015/03/11 08:25:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Debbie\Desktop\OTL.exe
    [2015/03/06 21:16:59 | 000,000,000 | ---D | C] -- C:\.ikov_cache_32
    [2015/03/01 21:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2015/02/21 10:29:11 | 006,041,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2015/02/21 10:29:11 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
    [2015/02/21 10:29:10 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
    [2015/02/20 16:30:56 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powertracker.dll
    [2015/02/20 16:30:55 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perftrack.dll
    [2015/02/20 16:30:42 | 001,239,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
    [2015/02/20 16:30:42 | 001,098,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
    [2015/02/20 16:30:42 | 000,894,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
    [2015/02/20 16:30:42 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
    [2015/02/20 16:30:42 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
    [2015/02/20 16:30:42 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
    [2015/02/20 16:30:41 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
    [2015/02/20 16:30:41 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
    [2015/02/20 16:30:35 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2015/02/20 16:30:27 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
    [2015/02/20 16:30:27 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2015/02/20 16:30:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
    [2015/02/20 16:30:27 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
    [2015/02/20 16:30:27 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2015/02/20 16:30:26 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2015/02/20 16:30:26 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
    [2015/02/20 16:30:26 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
    [2015/02/20 16:30:26 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    [2015/02/20 16:30:26 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2015/02/20 16:30:24 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2015/02/20 16:30:24 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
    [2015/02/20 16:30:24 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2015/02/20 16:30:24 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2015/02/20 16:30:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2015/02/20 16:30:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
    [2015/02/20 16:30:23 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2015/02/20 16:30:23 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2015/02/20 16:30:23 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2015/02/20 16:30:23 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2015/02/20 16:30:23 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2015/02/20 16:30:22 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2015/02/20 16:30:21 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
    [2015/02/20 16:30:21 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2015/02/20 16:30:21 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2015/02/20 16:30:21 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2015/02/20 16:30:20 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
    [2015/02/20 16:30:20 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2015/02/20 16:30:20 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2015/02/20 16:30:18 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2015/02/20 16:30:17 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2015/02/20 16:30:17 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
    [2015/02/20 16:27:34 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
    [2015/02/20 16:27:25 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2015/02/20 16:27:24 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
    [2015/02/20 16:27:24 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
    [2015/02/20 16:27:24 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
    [2015/02/20 16:27:24 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
    [2015/02/20 16:27:24 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
    [2015/02/20 16:27:24 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
    [2015/02/20 16:27:24 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
    [2015/02/20 16:27:24 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
    [2015/02/20 16:27:24 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
    [2015/02/20 16:27:24 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
    [2015/02/20 16:27:24 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
    [2015/02/20 16:27:19 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2015/02/20 16:27:19 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2015/02/20 16:27:13 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
    [2015/02/20 16:27:09 | 003,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
    [2015/02/20 16:27:08 | 003,221,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
    [2015/02/20 16:27:06 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
    [2015/02/20 16:26:36 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
    [2015/02/20 16:26:36 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
    [2015/02/20 16:26:20 | 005,554,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2015/02/20 16:26:19 | 003,972,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2015/02/20 16:26:19 | 003,917,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2015/02/20 16:26:19 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
    [2015/02/20 16:26:18 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
    [2015/02/20 16:26:17 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
    [2015/02/17 16:28:27 | 000,000,000 | ---D | C] -- C:\Users\Debbie\.pdv4_cache
    [2011/09/17 14:34:19 | 017,491,272 | ---- | C] (Sage Software ) -- C:\Users\Debbie\AppData\Roaming\ACT2011Hotfix_SS.exe

    ========== Files - Modified Within 30 Days ==========

    [2015/03/11 08:25:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Debbie\Desktop\OTL.exe
    [2015/03/11 08:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2015/03/11 08:21:02 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2015/03/11 08:21:02 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2015/03/11 08:18:04 | 000,892,872 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2015/03/11 08:18:04 | 000,741,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2015/03/11 08:18:04 | 000,151,298 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2015/03/11 08:17:51 | 000,852,604 | ---- | M] () -- C:\Users\Debbie\Desktop\SecurityCheck.exe
    [2015/03/11 08:15:09 | 000,000,900 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
    [2015/03/11 08:13:48 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2015/03/11 08:13:32 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2015/03/11 08:13:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2015/03/11 08:13:22 | 334,737,407 | -HS- | M] () -- C:\hiberfil.sys
    [2015/03/11 07:40:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2015/03/10 18:19:11 | 000,000,632 | RHS- | M] () -- C:\Users\Debbie\ntuser.pol
    [2015/03/05 04:07:02 | 000,884,878 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2015/03/04 17:33:49 | 000,000,024 | ---- | M] () -- C:\Users\Debbie\random.dat
    [2015/03/04 17:22:36 | 000,000,032 | ---- | M] () -- C:\Users\Debbie\jagex_cl_runescape_LIVE.dat
    [2015/03/01 21:25:52 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2015/03/01 11:58:37 | 000,014,231 | ---- | M] () -- C:\Users\Debbie\Desktop\Capone.odt
    [2015/02/25 16:57:11 | 000,568,677 | ---- | M] () -- C:\Users\Debbie\Desktop\clwt.pdf
    [2015/02/25 16:50:53 | 000,208,671 | ---- | M] () -- C:\Users\Debbie\Desktop\dlwt2.pdf
    [2015/02/25 16:48:55 | 000,348,019 | ---- | M] () -- C:\Users\Debbie\Desktop\dlwt1.pdf
    [2015/02/22 11:15:31 | 000,780,460 | ---- | M] () -- C:\Users\Debbie\Desktop\STARRnick.pdf
    [2015/02/22 11:10:48 | 000,780,919 | ---- | M] () -- C:\Users\Debbie\Documents\STARRnick.pdf
    [2015/02/22 04:17:09 | 000,000,498 | ---- | M] () -- C:\Windows\SysWow64\CountScans.XML
    [2015/02/21 07:02:01 | 000,317,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2015/02/20 16:41:56 | 000,002,104 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2015/02/18 15:27:04 | 513,917,035 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2015/02/17 16:58:42 | 000,000,059 | ---- | M] () -- C:\Windows\JQHApp.dat
    [2015/02/10 12:44:17 | 000,011,479 | ---- | M] () -- C:\Users\Debbie\Documents\February 11, 2015.odt

    ========== Files Created - No Company Name ==========

    [2015/03/11 08:17:41 | 000,852,604 | ---- | C] () -- C:\Users\Debbie\Desktop\SecurityCheck.exe
    [2015/03/01 11:58:35 | 000,014,231 | ---- | C] () -- C:\Users\Debbie\Desktop\Capone.odt
    [2015/02/25 16:57:11 | 000,568,677 | ---- | C] () -- C:\Users\Debbie\Desktop\clwt.pdf
    [2015/02/25 16:50:53 | 000,208,671 | ---- | C] () -- C:\Users\Debbie\Desktop\dlwt2.pdf
    [2015/02/25 16:48:55 | 000,348,019 | ---- | C] () -- C:\Users\Debbie\Desktop\dlwt1.pdf
    [2015/02/22 11:15:30 | 000,780,460 | ---- | C] () -- C:\Users\Debbie\Desktop\STARRnick.pdf
    [2015/02/22 11:10:48 | 000,780,919 | ---- | C] () -- C:\Users\Debbie\Documents\STARRnick.pdf
    [2015/02/17 19:41:31 | 000,000,032 | ---- | C] () -- C:\Users\Debbie\jagex_cl_runescape_LIVE.dat
    [2015/02/10 12:43:47 | 000,011,479 | ---- | C] () -- C:\Users\Debbie\Documents\February 11, 2015.odt
    [2015/01/05 14:53:05 | 000,000,024 | ---- | C] () -- C:\Users\Debbie\random.dat
    [2015/01/05 14:18:31 | 000,000,045 | ---- | C] () -- C:\Users\Debbie\jagex_cl_oldschool_LIVE.dat
    [2014/06/21 12:10:40 | 000,068,609 | ---- | C] () -- C:\Users\Debbie\AppData\Local\lrctfxwo
    [2014/06/17 17:18:41 | 000,000,059 | ---- | C] () -- C:\Windows\JQHApp.dat
    [2013/11/01 16:37:17 | 000,281,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2013/11/01 16:37:11 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/06/14 12:45:59 | 000,000,632 | RHS- | C] () -- C:\Users\Debbie\ntuser.pol
    [2012/01/06 11:03:55 | 000,000,041 | ---- | C] () -- C:\Users\Debbie\AppData\Roaming\PriceBlink.dat
    [2012/01/04 08:09:32 | 000,013,312 | ---- | C] () -- C:\Users\Debbie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/09/17 14:51:13 | 000,000,900 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2011/09/17 14:51:13 | 000,000,088 | RHS- | C] () -- C:\ProgramData\D4DF3AE592.sys
    [2011/05/17 11:02:19 | 000,103,784 | ---- | C] () -- C:\Users\Debbie\GoToAssistDownloadHelper.exe
    [2011/05/17 10:52:10 | 000,000,936 | ---- | C] () -- C:\Users\Debbie\Windows Easy Transfer.lnk
    [2011/05/17 10:52:10 | 000,000,706 | ---- | C] () -- C:\Users\Debbie\autorun.inf
    [2011/05/03 19:32:21 | 000,000,096 | ---- | C] () -- C:\Users\Debbie\.asadminpass

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    [2011/09/17 14:44:29 | 000,000,000 | ---D | M] -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Desktop

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/07/02 17:11:56 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\.minecraft
    [2011/09/17 14:50:16 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\ACT
    [2013/11/16 20:21:28 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Awesomium
    [2013/12/17 15:54:42 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\BANDISOFT
    [2011/10/17 10:40:49 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Catalina Marketing Corp
    [2012/01/19 10:31:15 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2015/01/06 20:47:02 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Curse Client
    [2011/10/18 07:43:47 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\E-centives
    [2012/03/03 11:58:52 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Fingertapps
    [2012/05/28 13:25:23 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\GFI Software
    [2014/04/28 09:57:58 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Individual Software
    [2011/09/17 14:23:37 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\iolo
    [2011/09/17 14:51:13 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\IsolatedStorage
    [2013/03/29 10:29:26 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\LolClient
    [2011/08/22 15:18:15 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\MyPublisher
    [2013/02/25 09:16:44 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Nokia
    [2013/02/25 09:16:44 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Nokia Suite
    [2012/07/02 09:43:20 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\OpenOffice.org
    [2014/04/22 13:48:02 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Oracle
    [2013/11/04 06:21:09 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Origin
    [2012/06/10 18:34:29 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\PC Suite
    [2011/05/27 16:07:20 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\PCDr
    [2015/01/05 14:58:49 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\RSBot
    [2014/06/09 12:24:59 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Samsung
    [2015/03/05 19:43:17 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\SoftGrid Client
    [2012/11/28 17:34:57 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Solveig Multimedia
    [2014/06/20 13:59:32 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\SplitMediaLabs
    [2012/06/07 16:06:32 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\TeamViewer
    [2011/05/31 10:19:06 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\TomTom
    [2011/05/17 07:45:59 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\TP
    [2011/05/17 11:19:57 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\URSoft
    [2013/01/22 12:13:43 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\WildTangent
    [2012/04/13 15:46:17 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Windows Live Writer
    [2015/01/09 22:34:33 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\.fallout
    [2013/05/01 18:21:47 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\.GrinderCache
    [2014/04/29 18:07:44 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\.minecraft
    [2014/05/29 19:06:30 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\.nr2
    [2013/07/08 14:10:03 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\.soulsplit
    [2015/01/25 10:02:12 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\0780A580-66F6-474B-B658-7D285D871049
    [2013/03/25 18:04:49 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\ACT
    [2013/08/28 19:24:40 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2014/04/26 21:03:28 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\Curse
    [2014/04/26 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\Curse Advertising
    [2015/03/05 15:55:02 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\Curse Client
    [2013/03/25 18:04:32 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\Fingertapps
    [2013/03/25 18:04:14 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\GFI Software
    [2014/04/19 16:01:11 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\IsolatedStorage
    [2014/04/29 18:06:21 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\java
    [2013/03/29 18:33:53 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\LolClient
    [2013/04/10 14:39:12 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\OpenOffice.org
    [2014/04/07 16:13:36 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\Oracle
    [2013/11/04 15:53:23 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\Origin
    [2013/05/04 13:31:10 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\PeerNetworking
    [2014/06/16 22:09:04 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\Riot Games
    [2015/01/06 20:50:17 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\RSBot
    [2014/05/13 09:05:00 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\SoftGrid Client
    [2013/08/04 18:58:12 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\System Configuration
    [2013/05/27 17:28:01 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\TeamViewer
    [2015/03/03 15:56:56 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\TS3Client
    [2013/05/04 11:27:23 | 000,000,000 | ---D | M] -- C:\Users\Nickel\AppData\Roaming\WildTangent
    [2015/01/05 15:50:37 | 000,000,000 | ---D | M] -- C:\Users\nike\AppData\Roaming\ACT
    [2015/01/05 15:50:40 | 000,000,000 | ---D | M] -- C:\Users\nike\AppData\Roaming\Fingertapps
    [2015/01/05 15:50:24 | 000,000,000 | ---D | M] -- C:\Users\nike\AppData\Roaming\GFI Software
    [2015/01/05 15:50:51 | 000,000,000 | ---D | M] -- C:\Users\nike\AppData\Roaming\IsolatedStorage
    [2015/01/05 15:51:59 | 000,000,000 | ---D | M] -- C:\Users\nike\AppData\Roaming\LolClient
    [2015/01/05 19:46:33 | 000,000,000 | ---D | M] -- C:\Users\nike\AppData\Roaming\RSBot
    [2015/01/31 00:51:41 | 000,000,000 | ---D | M] -- C:\Users\nike\AppData\Roaming\TS3Client

    ========== Purity Check ==========



    ========== Custom Scans ==========

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: ST31000524AS ATA Device
    Partitions: 3
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE1 -
    Interface type: USB
    Media Type:
    Model: Generic- SD/MMC USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE2 -
    Interface type: USB
    Media Type:
    Model: Generic- Compact Flash USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE3 -
    Interface type: USB
    Media Type:
    Model: Generic- SM/xD Picture USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE4 -
    Interface type: USB
    Media Type:
    Model: Generic- MS/MS-Pro USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 39.00MB
    Starting Offset: 32256
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 14.00GB
    Starting Offset: 41943040
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #2
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 918.00GB
    Starting Offset: 14870904832
    Hidden sectors: 0
     
  5. clester

    clester Thread Starter

    Joined:
    Dec 11, 2008
    Messages:
    190
    < %systemroot%\assembly\GAC_32\*.ini >

    < %systemroot%\assembly\GAC_64\*.ini >

    < %ALLUSERSPROFILE%\Application Data\*.exe >

    < %APPDATA%\*. >
    [2012/07/02 17:11:56 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\.minecraft
    [2011/09/17 14:50:16 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\ACT
    [2012/05/07 08:34:55 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Adobe
    [2014/09/21 21:15:48 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Apple Computer
    [2011/05/12 17:24:50 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\ATI
    [2013/11/16 20:21:28 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Awesomium
    [2013/12/17 15:54:42 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\BANDISOFT
    [2011/10/17 10:40:49 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Catalina Marketing Corp
    [2012/01/19 10:31:15 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2015/01/06 20:47:02 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Curse Client
    [2011/08/10 10:46:37 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Dell
    [2011/05/12 17:24:51 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Dell Touch Zone
    [2011/10/18 07:43:47 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\E-centives
    [2012/03/03 11:58:52 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Fingertapps
    [2012/05/28 13:25:23 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\GFI Software
    [2011/08/16 18:37:47 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Google
    [2012/04/30 09:16:15 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\HpUpdate
    [2011/05/12 17:24:29 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Identities
    [2014/04/28 09:57:58 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Individual Software
    [2011/09/17 14:23:37 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\iolo
    [2011/09/17 14:51:13 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\IsolatedStorage
    [2013/03/29 10:29:26 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\LolClient
    [2011/05/12 17:26:00 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Macromedia
    [2014/06/10 10:05:14 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Malwarebytes
    [2009/07/14 02:44:38 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Media Center Programs
    [2013/06/03 08:02:55 | 000,000,000 | --SD | M] -- C:\Users\Debbie\AppData\Roaming\Microsoft
    [2013/05/10 06:00:17 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Mozilla
    [2011/08/22 15:18:15 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\MyPublisher
    [2013/02/25 09:16:44 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Nokia
    [2013/02/25 09:16:44 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Nokia Suite
    [2012/07/02 09:43:20 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\OpenOffice.org
    [2014/04/22 13:48:02 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Oracle
    [2013/11/04 06:21:09 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Origin
    [2012/06/10 18:34:29 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\PC Suite
    [2011/05/27 16:07:20 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\PCDr
    [2011/05/12 17:24:50 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Roxio
    [2011/09/18 06:40:59 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Roxio Burn
    [2013/11/30 09:42:42 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Roxio Log Files
    [2015/01/05 14:58:49 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\RSBot
    [2014/06/09 12:24:59 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Samsung
    [2015/03/11 08:30:18 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Skype
    [2015/03/05 19:43:17 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\SoftGrid Client
    [2012/11/28 17:34:57 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Solveig Multimedia
    [2014/06/20 13:59:32 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\SplitMediaLabs
    [2012/06/07 16:06:32 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\TeamViewer
    [2011/05/31 10:19:06 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\TomTom
    [2011/05/17 07:45:59 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\TP
    [2011/05/17 11:19:57 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\URSoft
    [2012/01/22 08:40:30 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\vlc
    [2013/01/22 12:13:43 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\WildTangent
    [2012/04/13 15:46:17 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Windows Live Writer
    [2012/07/02 16:33:45 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\WinRAR

    < %SYSTEMDRIVE%\*.* >
    [2009/11/19 20:06:32 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2005/12/04 11:02:49 | 000,001,843 | ---- | M] () -- C:\AU.bat
    [2002/08/21 01:24:24 | 000,004,490 | RH-- | M] () -- C:\DELL (1).SDR
    [2011/05/07 08:24:02 | 000,030,879 | RH-- | M] () -- C:\dell.sdr
    [2008/04/11 10:07:18 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2015/03/11 08:13:22 | 334,737,407 | -HS- | M] () -- C:\hiberfil.sys
    [2008/08/23 11:11:27 | 000,000,164 | ---- | M] () -- C:\install.dat
    [2008/04/11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    [2008/04/11 10:07:18 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2009/07/28 16:51:52 | 000,000,000 | ---- | M] () -- C:\install.rdf
    [2008/04/11 08:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2008/04/11 08:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2008/04/11 08:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2008/04/11 08:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2008/04/11 08:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2008/04/11 08:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2008/04/11 08:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2008/04/11 10:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
    [2008/04/11 08:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2008/04/11 08:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2004/03/23 11:52:05 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
    [2015/03/11 08:13:23 | 1877,975,039 | -HS- | M] () -- C:\pagefile.sys
    [2008/12/05 21:04:29 | 000,000,204 | ---- | M] () -- C:\Plugins
    [2005/11/24 12:29:10 | 000,002,152 | ---- | M] () -- C:\register.bat
    [2012/01/19 10:02:34 | 000,001,491 | ---- | M] () -- C:\user.js
    [2008/04/11 10:07:18 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2008/04/11 10:09:38 | 003,797,292 | ---- | M] () -- C:\VC_RED.cab
    [2008/04/11 10:11:40 | 000,233,472 | ---- | M] () -- C:\VC_RED.MSI
    [2013/05/04 11:27:56 | 000,002,071 | ---- | M] () -- C:\WildTangent Games App - dell.lnk
    [2009/02/27 10:42:10 | 000,025,204 | -H-- | M] () -- C:\ZbThumbnail.info

    < %PROGRAMFILES%\*.exe >

    < %LOCALAPPDATA%\*.exe >

    < %windir%\Installer\*.* >
    [2012/09/23 22:47:27 | 002,385,920 | ---- | M] () -- C:\Windows\Installer\100c4bd.msi
    [2013/12/21 02:58:56 | 019,824,640 | R--- | M] () -- C:\Windows\Installer\100c4be.msp
    [2011/08/10 10:48:55 | 067,429,888 | ---- | M] () -- C:\Windows\Installer\105e469e.msi
    [2010/03/30 22:18:14 | 033,000,960 | ---- | M] () -- C:\Windows\Installer\1063b4b8.msi
    [2014/12/24 20:33:20 | 000,026,112 | ---- | M] () -- C:\Windows\Installer\109aa.msi
    [2014/07/24 03:01:27 | 053,303,296 | R--- | M] () -- C:\Windows\Installer\12185956.msp
    [2012/05/09 10:06:27 | 012,815,360 | ---- | M] () -- C:\Windows\Installer\122d983e.msi
    [2012/05/09 10:06:31 | 012,307,968 | ---- | M] () -- C:\Windows\Installer\122d9845.msi
    [2012/05/09 10:06:34 | 028,236,288 | ---- | M] () -- C:\Windows\Installer\122d984c.msi
    [2012/05/09 10:06:36 | 024,828,928 | ---- | M] () -- C:\Windows\Installer\122d9853.msi
    [2012/05/09 10:06:39 | 000,503,808 | ---- | M] () -- C:\Windows\Installer\122d985a.msi
    [2012/05/09 10:06:40 | 000,536,064 | ---- | M] () -- C:\Windows\Installer\122d9861.msi
    [2014/04/28 09:46:04 | 257,392,640 | ---- | M] () -- C:\Windows\Installer\122fc517.msi
    [2014/06/16 22:08:34 | 001,379,328 | ---- | M] () -- C:\Windows\Installer\1250343.msi
    [2012/04/30 09:14:04 | 002,348,544 | ---- | M] () -- C:\Windows\Installer\12c9f0bc.msi
    [2009/07/22 00:01:04 | 000,251,904 | ---- | M] () -- C:\Windows\Installer\13dcf840.msi
    [2010/06/10 20:22:34 | 005,893,120 | R--- | M] () -- C:\Windows\Installer\13dcf862.msp
    [2010/06/10 20:22:30 | 008,934,912 | R--- | M] () -- C:\Windows\Installer\13dcf863.msp
    [2014/06/20 13:59:36 | 001,694,208 | ---- | M] () -- C:\Windows\Installer\13fe3129.msi
    [2014/03/12 10:55:56 | 001,944,064 | ---- | M] () -- C:\Windows\Installer\14154594.msi
    [2015/02/06 15:35:12 | 000,028,160 | ---- | M] () -- C:\Windows\Installer\1474776.msi
    [2014/01/14 13:11:57 | 045,903,872 | ---- | M] () -- C:\Windows\Installer\14811282.msi
    [2013/11/08 10:43:11 | 000,274,432 | ---- | M] () -- C:\Windows\Installer\1587518f.msi
    [2013/07/10 03:01:58 | 053,242,368 | R--- | M] () -- C:\Windows\Installer\1758687b.msp
    [2010/09/08 14:56:21 | 027,747,328 | ---- | M] () -- C:\Windows\Installer\184ec8.msi
    [2010/09/08 14:57:59 | 021,570,560 | ---- | M] () -- C:\Windows\Installer\184ecf.msi
    [2010/09/08 14:58:09 | 002,211,328 | ---- | M] () -- C:\Windows\Installer\184ed5.msi
    [2010/09/08 14:58:10 | 000,725,504 | ---- | M] () -- C:\Windows\Installer\184edb.msi
    [2010/09/08 14:58:10 | 003,670,016 | ---- | M] () -- C:\Windows\Installer\184ee1.msi
    [2010/09/08 14:58:10 | 001,997,312 | ---- | M] () -- C:\Windows\Installer\184ee7.msi
    [2011/09/17 14:20:27 | 000,024,064 | ---- | M] () -- C:\Windows\Installer\184ef9.msi
    [2006/12/02 07:09:06 | 002,818,048 | ---- | M] () -- C:\Windows\Installer\184eff.msi
    [2006/12/02 02:20:42 | 003,227,648 | ---- | M] () -- C:\Windows\Installer\184f05.msi
    [2012/02/25 17:26:46 | 030,600,704 | ---- | M] () -- C:\Windows\Installer\1a4ff.msi
    [2014/04/12 11:48:44 | 001,572,864 | ---- | M] () -- C:\Windows\Installer\1aae2db.msi
    [2011/05/18 00:00:27 | 020,672,000 | ---- | M] () -- C:\Windows\Installer\1b444.msi
    [2012/01/12 03:01:16 | 021,030,912 | R--- | M] () -- C:\Windows\Installer\1cf48e6.msp
    [2014/02/12 09:01:20 | 033,079,296 | ---- | M] () -- C:\Windows\Installer\212b1644.msi
    [2014/02/12 09:01:33 | 011,522,048 | ---- | M] () -- C:\Windows\Installer\212b16c8.msi
    [2014/02/12 09:02:57 | 071,852,032 | ---- | M] () -- C:\Windows\Installer\212b280b.msi
    [2011/04/13 15:04:38 | 002,081,792 | ---- | M] () -- C:\Windows\Installer\21ba1b15.msi
    [2011/04/13 15:04:36 | 001,880,064 | ---- | M] () -- C:\Windows\Installer\21ba1b1b.msi
    [2011/04/19 04:21:02 | 000,235,520 | ---- | M] () -- C:\Windows\Installer\235010a.msi
    [2014/03/12 03:02:23 | 053,303,296 | R--- | M] () -- C:\Windows\Installer\2674b5a0.msp
    [2014/01/31 16:19:26 | 006,185,472 | R--- | M] () -- C:\Windows\Installer\2674b5a7.msp
    [2013/10/30 06:09:12 | 000,151,552 | ---- | M] () -- C:\Windows\Installer\2a06df1.msi
    [2013/10/30 06:08:34 | 000,151,552 | ---- | M] () -- C:\Windows\Installer\2a06dfb.msi
    [2013/10/30 06:08:42 | 000,151,552 | ---- | M] () -- C:\Windows\Installer\2a06e05.msi
    [2013/10/30 06:08:42 | 000,151,552 | ---- | M] () -- C:\Windows\Installer\2a06e0f.msi
    [2012/04/13 15:54:55 | 008,822,784 | ---- | M] () -- C:\Windows\Installer\2b22577.msi
    [2012/04/13 15:54:55 | 000,026,112 | ---- | M] () -- C:\Windows\Installer\2b2257b.msi
    [2011/05/07 05:53:32 | 000,074,240 | ---- | M] () -- C:\Windows\Installer\2b22584.msi
    [2012/04/13 15:54:56 | 000,039,936 | R--- | M] () -- C:\Windows\Installer\2b22589.msp
    [2011/05/07 05:53:41 | 009,433,088 | ---- | M] () -- C:\Windows\Installer\2b2258e.msi
    [2012/04/13 15:54:57 | 004,426,240 | R--- | M] () -- C:\Windows\Installer\2b2259d.msp
    [2011/05/07 05:53:43 | 007,710,720 | ---- | M] () -- C:\Windows\Installer\2b225a2.msi
    [2012/04/13 15:54:58 | 002,932,224 | R--- | M] () -- C:\Windows\Installer\2b225b6.msp
    [2011/05/07 05:53:54 | 000,429,056 | ---- | M] () -- C:\Windows\Installer\2b225bb.msi
    [2012/04/13 15:55:00 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\2b225c0.msp
    [2011/05/07 05:53:55 | 004,004,864 | ---- | M] () -- C:\Windows\Installer\2b225c5.msi
    [2012/04/13 15:55:00 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\2b225d1.msp
    [2011/05/07 05:53:55 | 002,310,656 | ---- | M] () -- C:\Windows\Installer\2b225d6.msi
    [2012/04/13 15:55:02 | 000,715,264 | R--- | M] () -- C:\Windows\Installer\2b225de.msp
    [2011/05/07 05:53:57 | 008,332,288 | ---- | M] () -- C:\Windows\Installer\2b225e6.msi
    [2012/04/13 15:55:03 | 003,312,128 | R--- | M] () -- C:\Windows\Installer\2b22602.msp
    [2012/04/13 15:55:04 | 022,647,296 | ---- | M] () -- C:\Windows\Installer\2b22615.msi
    [2012/04/13 15:55:06 | 005,535,744 | R--- | M] () -- C:\Windows\Installer\2b22639.msp
    [2011/05/07 05:54:02 | 013,850,624 | ---- | M] () -- C:\Windows\Installer\2b22640.msi
    [2012/04/13 15:55:07 | 005,868,544 | R--- | M] () -- C:\Windows\Installer\2b22657.msp
    [2011/05/07 05:54:15 | 008,313,856 | ---- | M] () -- C:\Windows\Installer\2b2265c.msi
    [2012/04/13 15:55:09 | 002,957,312 | R--- | M] () -- C:\Windows\Installer\2b22676.msp
    [2011/05/07 05:54:25 | 034,193,408 | ---- | M] () -- C:\Windows\Installer\2b22681.msi
    [2012/04/13 15:55:12 | 014,624,256 | R--- | M] () -- C:\Windows\Installer\2b226ad.msp
    [2011/05/07 05:54:28 | 011,846,656 | ---- | M] () -- C:\Windows\Installer\2b226b5.msi
    [2012/04/13 15:55:13 | 003,734,016 | R--- | M] () -- C:\Windows\Installer\2b226be.msp
    [2011/05/07 05:54:30 | 000,775,168 | ---- | M] () -- C:\Windows\Installer\2b226c7.msi
    [2012/04/13 15:55:13 | 000,205,824 | R--- | M] () -- C:\Windows\Installer\2b226d0.msp
    [2012/04/13 15:55:14 | 006,363,136 | ---- | M] () -- C:\Windows\Installer\2b226e8.msi
    [2012/04/13 15:55:15 | 000,276,480 | R--- | M] () -- C:\Windows\Installer\2b22725.msp
    [2011/05/07 05:54:34 | 006,195,200 | ---- | M] () -- C:\Windows\Installer\2b2272d.msi
    [2012/04/13 15:55:16 | 003,105,792 | R--- | M] () -- C:\Windows\Installer\2b22738.msp
    [2011/05/07 05:54:35 | 003,454,976 | ---- | M] () -- C:\Windows\Installer\2b2273e.msi
    [2012/04/13 15:55:17 | 001,829,376 | R--- | M] () -- C:\Windows\Installer\2b22747.msp
    [2011/05/07 05:54:36 | 000,067,072 | ---- | M] () -- C:\Windows\Installer\2b2274c.msi
    [2012/04/13 15:55:18 | 000,029,184 | R--- | M] () -- C:\Windows\Installer\2b22752.msp
    [2011/05/07 05:54:36 | 001,492,992 | ---- | M] () -- C:\Windows\Installer\2b22757.msi
    [2012/04/13 15:55:18 | 000,625,664 | R--- | M] () -- C:\Windows\Installer\2b22760.msp
    [2011/05/07 05:54:37 | 001,070,592 | ---- | M] () -- C:\Windows\Installer\2b22765.msi
    [2012/04/13 15:55:19 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\2b2276f.msp
    [2012/04/13 15:55:20 | 006,661,632 | ---- | M] () -- C:\Windows\Installer\2b22784.msi
    [2012/04/13 15:55:21 | 005,124,096 | R--- | M] () -- C:\Windows\Installer\2b2278e.msp
    [2011/05/07 05:54:39 | 003,410,944 | ---- | M] () -- C:\Windows\Installer\2b22794.msi
    [2012/04/13 15:55:21 | 000,635,904 | R--- | M] () -- C:\Windows\Installer\2b2279a.msp
    [2011/05/07 05:54:40 | 004,175,360 | ---- | M] () -- C:\Windows\Installer\2b2279f.msi
    [2012/04/13 15:55:22 | 000,509,952 | R--- | M] () -- C:\Windows\Installer\2b227a4.msp
    [2011/05/07 05:54:41 | 004,250,112 | ---- | M] () -- C:\Windows\Installer\2b227aa.msi
    [2012/04/13 15:55:24 | 002,146,304 | R--- | M] () -- C:\Windows\Installer\2b227b5.msp
    [2011/05/07 05:54:42 | 000,153,600 | ---- | M] () -- C:\Windows\Installer\2b227bb.msi
    [2012/04/13 15:55:24 | 000,060,416 | R--- | M] () -- C:\Windows\Installer\2b227c0.msp
    [2011/05/07 05:54:43 | 000,029,696 | ---- | M] () -- C:\Windows\Installer\2b227c6.msi
    [2012/04/13 15:55:25 | 000,023,552 | R--- | M] () -- C:\Windows\Installer\2b227cb.msp
    [2011/05/07 05:54:50 | 000,074,240 | ---- | M] () -- C:\Windows\Installer\2b227d0.msi
    [2012/04/13 15:55:25 | 000,030,720 | R--- | M] () -- C:\Windows\Installer\2b227d5.msp
    [2011/05/07 05:54:57 | 000,056,832 | ---- | M] () -- C:\Windows\Installer\2b227da.msi
    [2012/04/13 15:55:26 | 000,024,576 | R--- | M] () -- C:\Windows\Installer\2b227e1.msp
    [2014/06/13 03:45:53 | 038,260,736 | R--- | M] () -- C:\Windows\Installer\2b50ee.msp
    [2011/08/21 23:14:54 | 020,647,936 | R--- | M] () -- C:\Windows\Installer\2ddce7c.msp
    [2011/04/16 08:44:26 | 002,770,944 | ---- | M] () -- C:\Windows\Installer\30dbccff.msi
    [2014/12/08 08:57:56 | 045,113,344 | R--- | M] () -- C:\Windows\Installer\342a026.msp
    [2015/03/01 08:27:47 | 040,599,552 | ---- | M] () -- C:\Windows\Installer\36f95fa.msi
    [2011/06/04 20:01:02 | 001,313,792 | ---- | M] () -- C:\Windows\Installer\3c5d5b2.msi
    [2013/10/10 03:25:20 | 053,242,880 | R--- | M] () -- C:\Windows\Installer\3c6afcc.msp
    [2011/04/16 00:14:54 | 003,186,176 | ---- | M] () -- C:\Windows\Installer\461e5d7.msi
    [2011/04/19 04:54:14 | 000,227,328 | ---- | M] () -- C:\Windows\Installer\461e5de.msi
    [2011/02/19 22:57:00 | 000,177,664 | ---- | M] () -- C:\Windows\Installer\4889eea4.msi
    [2011/02/19 23:08:16 | 000,163,840 | ---- | M] () -- C:\Windows\Installer\488a18b0.msi
    [2011/06/28 21:21:32 | 004,637,184 | R--- | M] () -- C:\Windows\Installer\4b0ec61e.msp
    [2011/06/28 21:27:28 | 004,028,928 | R--- | M] () -- C:\Windows\Installer\4b1416d6.msp
    [2008/09/30 21:07:10 | 006,042,112 | ---- | M] () -- C:\Windows\Installer\512af41.msi
    [2009/07/21 00:29:14 | 006,057,984 | ---- | M] () -- C:\Windows\Installer\512af47.msi
    [2011/08/16 17:43:07 | 000,028,160 | ---- | M] () -- C:\Windows\Installer\531b975.msi
    [2013/07/23 09:53:32 | 027,610,624 | ---- | M] () -- C:\Windows\Installer\53dcb25.msi
    [2012/05/28 13:27:22 | 029,776,896 | ---- | M] () -- C:\Windows\Installer\566c2.msi
    [2013/05/05 10:45:44 | 004,074,496 | ---- | M] () -- C:\Windows\Installer\597849.msi
    [2010/11/16 19:01:57 | 003,455,488 | ---- | M] () -- C:\Windows\Installer\5bf84ac.msi
    [2010/11/16 19:01:57 | 000,146,432 | ---- | M] () -- C:\Windows\Installer\5bf84b2.msi
    [2010/11/16 19:01:57 | 000,232,448 | ---- | M] () -- C:\Windows\Installer\5bf84b8.msi
    [2010/11/16 19:01:57 | 000,131,072 | ---- | M] () -- C:\Windows\Installer\5bf84c5.msi
    [2010/11/16 19:01:57 | 000,515,072 | ---- | M] () -- C:\Windows\Installer\5bf84cb.msi
    [2008/08/08 14:46:10 | 000,242,176 | ---- | M] () -- C:\Windows\Installer\5cd2cf.msi
    [2008/04/11 10:11:40 | 000,233,472 | ---- | M] () -- C:\Windows\Installer\5cd2d5.msi
    [2012/04/19 01:53:04 | 003,121,152 | ---- | M] () -- C:\Windows\Installer\5cd2d9.msi
    [2010/10/14 05:11:24 | 006,142,976 | ---- | M] () -- C:\Windows\Installer\5d7b25f.msi
    [2014/11/12 01:00:14 | 001,543,168 | R--- | M] () -- C:\Windows\Installer\5e350c.msp
    [2011/12/07 12:57:38 | 002,682,368 | ---- | M] () -- C:\Windows\Installer\5faa38e.msi
    [2015/03/01 21:25:44 | 006,365,184 | ---- | M] () -- C:\Windows\Installer\637d30c.msi
    [2015/03/01 21:25:43 | 000,913,408 | ---- | M] () -- C:\Windows\Installer\637d31b.msi
    [2013/02/14 09:58:46 | 005,850,624 | R--- | M] () -- C:\Windows\Installer\6a44351.msp
    [2013/01/24 22:46:08 | 000,037,888 | ---- | M] () -- C:\Windows\Installer\6a4441f.msi
    [2013/03/14 03:01:34 | 053,209,600 | R--- | M] () -- C:\Windows\Installer\6a44427.msp
    [2010/05/05 23:02:20 | 003,261,952 | ---- | M] () -- C:\Windows\Installer\6cf16.msi
    [2010/05/05 23:04:12 | 008,113,152 | ---- | M] () -- C:\Windows\Installer\6cf1c.msi
    [2010/05/05 23:04:14 | 008,849,408 | ---- | M] () -- C:\Windows\Installer\6cf22.msi
    [2010/05/06 00:24:48 | 001,724,416 | ---- | M] () -- C:\Windows\Installer\6cf28.msi
    [2010/05/05 22:58:56 | 003,171,328 | ---- | M] () -- C:\Windows\Installer\6cf36.msi
    [2010/05/06 00:11:06 | 001,469,440 | ---- | M] () -- C:\Windows\Installer\6cf3f.msi
    [2010/05/06 00:22:26 | 001,880,064 | ---- | M] () -- C:\Windows\Installer\6cf45.msi
    [2010/05/05 23:00:48 | 001,396,736 | ---- | M] () -- C:\Windows\Installer\6cf4b.msi
    [2010/05/05 23:01:38 | 001,403,904 | ---- | M] () -- C:\Windows\Installer\6cf51.msi
    [2010/05/05 22:58:58 | 005,587,968 | ---- | M] () -- C:\Windows\Installer\6cf58.msi
    [2010/05/06 00:24:48 | 002,341,376 | ---- | M] () -- C:\Windows\Installer\6cf5e.msi
    [2010/05/06 00:20:32 | 005,447,680 | ---- | M] () -- C:\Windows\Installer\6cf64.msi
    [2010/05/05 23:01:32 | 005,388,288 | ---- | M] () -- C:\Windows\Installer\6cf6a.msi
    [2010/08/19 02:09:30 | 003,638,520 | ---- | M] () -- C:\Windows\Installer\6cf72.msi
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\6cf78.msi
    [2013/07/24 08:12:50 | 006,168,064 | R--- | M] () -- C:\Windows\Installer\746f8e4.msp
    [2013/07/24 08:08:20 | 028,968,448 | R--- | M] () -- C:\Windows\Installer\746f91d.msp
    [2014/07/08 14:31:20 | 000,514,048 | ---- | M] () -- C:\Windows\Installer\7b0948.msi
    [2014/04/17 16:09:20 | 001,133,568 | R--- | M] () -- C:\Windows\Installer\90773bf.msp
    [2014/04/22 16:00:46 | 006,168,064 | R--- | M] () -- C:\Windows\Installer\90773c6.msp
    [2013/10/02 13:37:31 | 027,313,152 | ---- | M] () -- C:\Windows\Installer\94571b7.msi
    [2012/01/19 10:31:45 | 000,032,256 | ---- | M] () -- C:\Windows\Installer\9d166.msi
    [2012/01/19 10:32:25 | 000,029,184 | ---- | M] () -- C:\Windows\Installer\9d1f3.msi
    [2011/06/02 06:52:03 | 003,971,584 | ---- | M] () -- C:\Windows\Installer\a341fd7.msi
    [2011/04/22 06:58:26 | 001,948,160 | ---- | M] () -- C:\Windows\Installer\a4ac0f.msi
    [2014/04/26 21:03:28 | 003,630,080 | ---- | M] () -- C:\Windows\Installer\a59e6bf.msi
    [2008/10/25 03:18:18 | 002,692,608 | ---- | M] () -- C:\Windows\Installer\a75c0.msi
    [2009/05/04 19:23:02 | 000,396,800 | ---- | M] () -- C:\Windows\Installer\aadf.msi
    [2009/10/05 01:53:36 | 002,821,632 | ---- | M] () -- C:\Windows\Installer\aae4.msi
    [2009/10/05 01:55:02 | 000,969,216 | ---- | M] () -- C:\Windows\Installer\aae9.msi
    [2009/10/05 01:54:42 | 006,880,256 | ---- | M] () -- C:\Windows\Installer\aaee.msi
    [2009/10/05 01:54:50 | 000,409,600 | ---- | M] () -- C:\Windows\Installer\aaf3.msi
    [2009/10/05 01:53:04 | 001,887,744 | ---- | M] () -- C:\Windows\Installer\aaf8.msi
    [2009/10/05 01:52:52 | 005,749,248 | ---- | M] () -- C:\Windows\Installer\aafd.msi
    [2009/10/05 01:53:20 | 000,410,112 | ---- | M] () -- C:\Windows\Installer\ab02.msi
    [2009/10/05 01:58:38 | 001,742,336 | ---- | M] () -- C:\Windows\Installer\ab07.msi
    [2009/10/05 01:55:12 | 001,242,624 | ---- | M] () -- C:\Windows\Installer\ab0c.msi
    [2009/10/05 01:55:22 | 001,228,288 | ---- | M] () -- C:\Windows\Installer\ab11.msi
    [2009/10/05 01:55:30 | 001,211,392 | ---- | M] () -- C:\Windows\Installer\ab16.msi
    [2009/10/05 01:55:38 | 001,281,024 | ---- | M] () -- C:\Windows\Installer\ab1b.msi
    [2009/10/05 01:55:48 | 000,701,952 | ---- | M] () -- C:\Windows\Installer\ab20.msi
    [2009/10/05 01:55:56 | 001,228,288 | ---- | M] () -- C:\Windows\Installer\ab25.msi
    [2009/10/05 01:56:06 | 001,232,896 | ---- | M] () -- C:\Windows\Installer\ab2a.msi
    [2009/10/05 01:56:14 | 001,236,992 | ---- | M] () -- C:\Windows\Installer\ab2f.msi
    [2009/10/05 01:56:24 | 001,250,304 | ---- | M] () -- C:\Windows\Installer\ab34.msi
    [2009/10/05 01:56:34 | 001,228,288 | ---- | M] () -- C:\Windows\Installer\ab39.msi
    [2009/10/05 01:56:42 | 001,258,496 | ---- | M] () -- C:\Windows\Installer\ab3e.msi
    [2009/10/05 01:56:50 | 001,242,624 | ---- | M] () -- C:\Windows\Installer\ab43.msi
    [2009/10/05 01:57:00 | 001,234,432 | ---- | M] () -- C:\Windows\Installer\ab48.msi
    [2009/10/05 01:57:10 | 001,222,144 | ---- | M] () -- C:\Windows\Installer\ab4d.msi
    [2009/10/05 01:57:18 | 001,237,504 | ---- | M] () -- C:\Windows\Installer\ab52.msi
    [2009/10/05 01:57:28 | 001,234,432 | ---- | M] () -- C:\Windows\Installer\ab57.msi
    [2009/10/05 01:57:36 | 001,266,176 | ---- | M] () -- C:\Windows\Installer\ab5c.msi
    [2009/10/05 01:57:46 | 001,225,216 | ---- | M] () -- C:\Windows\Installer\ab61.msi
    [2009/10/05 01:57:54 | 001,254,400 | ---- | M] () -- C:\Windows\Installer\ab66.msi
    [2009/10/05 01:58:04 | 001,232,896 | ---- | M] () -- C:\Windows\Installer\ab6b.msi
    [2009/10/05 01:58:12 | 000,920,064 | ---- | M] () -- C:\Windows\Installer\ab70.msi
    [2009/10/05 01:58:22 | 001,222,656 | ---- | M] () -- C:\Windows\Installer\ab75.msi
    [2009/10/05 01:59:04 | 000,274,432 | ---- | M] () -- C:\Windows\Installer\ab7a.msi
    [2009/10/05 01:54:16 | 002,420,224 | ---- | M] () -- C:\Windows\Installer\ab7f.msi
    [2010/01/15 16:59:58 | 000,312,832 | ---- | M] () -- C:\Windows\Installer\abb2.msi
    [2010/11/22 19:49:46 | 000,839,680 | ---- | M] () -- C:\Windows\Installer\abcd.msi
    [2011/02/09 00:29:40 | 002,669,056 | ---- | M] () -- C:\Windows\Installer\abd8.msi
    [2011/05/07 05:52:57 | 050,918,400 | ---- | M] () -- C:\Windows\Installer\abec.msi
    [2010/06/28 12:28:30 | 000,696,320 | ---- | M] () -- C:\Windows\Installer\abf2.msi
    [2011/05/07 05:53:31 | 004,227,072 | ---- | M] () -- C:\Windows\Installer\ac07.msi
    [2011/05/07 05:53:37 | 000,039,936 | R--- | M] () -- C:\Windows\Installer\ac18.msp
    [2011/05/07 05:53:33 | 002,856,448 | ---- | M] () -- C:\Windows\Installer\ac1c.msi
    [2011/05/07 05:53:38 | 000,053,248 | ---- | M] () -- C:\Windows\Installer\ac20.msi
    [2011/05/07 05:53:39 | 000,037,888 | ---- | M] () -- C:\Windows\Installer\ac24.msi
    [2011/05/07 05:53:42 | 004,427,776 | R--- | M] () -- C:\Windows\Installer\ac37.msp
    [2011/05/07 05:53:46 | 002,932,736 | R--- | M] () -- C:\Windows\Installer\ac4f.msp
    [2011/05/07 05:53:45 | 004,680,704 | ---- | M] () -- C:\Windows\Installer\ac53.msi
    [2011/05/07 05:53:47 | 002,343,936 | ---- | M] () -- C:\Windows\Installer\ac57.msi
    [2011/05/07 05:53:53 | 000,147,968 | ---- | M] () -- C:\Windows\Installer\ac5b.msi
    [2011/05/07 05:53:54 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\ac64.msp
    [2011/05/07 05:53:56 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\ac74.msp
    [2011/05/07 05:53:59 | 003,314,688 | R--- | M] () -- C:\Windows\Installer\ac98.msp
    [2011/05/07 05:53:59 | 003,664,384 | ---- | M] () -- C:\Windows\Installer\acb5.msi
    [2011/05/07 05:54:00 | 003,734,016 | ---- | M] () -- C:\Windows\Installer\acb9.msi
    [2011/05/07 05:54:06 | 005,870,080 | R--- | M] () -- C:\Windows\Installer\acd4.msp
    [2011/05/07 05:54:21 | 002,958,336 | R--- | M] () -- C:\Windows\Installer\acf2.msp
    [2011/05/07 05:54:22 | 001,819,136 | ---- | M] () -- C:\Windows\Installer\acf6.msi
    [2011/05/07 05:54:27 | 014,617,088 | R--- | M] () -- C:\Windows\Installer\ad26.msp
    [2011/05/07 05:54:29 | 003,733,504 | R--- | M] () -- C:\Windows\Installer\ad34.msp
    [2011/05/07 05:54:31 | 000,205,312 | R--- | M] () -- C:\Windows\Installer\ad42.msp
    [2011/05/07 05:54:33 | 000,113,664 | R--- | M] () -- C:\Windows\Installer\ad83.msp
    [2011/05/07 05:54:35 | 001,830,400 | R--- | M] () -- C:\Windows\Installer\ad94.msp
    [2011/05/07 05:54:37 | 000,624,640 | R--- | M] () -- C:\Windows\Installer\ada5.msp
    [2011/05/07 05:54:37 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\adb3.msp
    [2011/05/07 05:54:40 | 000,636,928 | R--- | M] () -- C:\Windows\Installer\adcd.msp
    [2011/05/07 05:54:41 | 000,510,976 | R--- | M] () -- C:\Windows\Installer\add6.msp
    [2011/05/07 05:54:42 | 002,144,256 | R--- | M] () -- C:\Windows\Installer\ade6.msp
    [2011/05/07 05:54:43 | 000,060,416 | R--- | M] () -- C:\Windows\Installer\adf0.msp
    [2011/05/07 05:54:44 | 000,023,552 | R--- | M] () -- C:\Windows\Installer\adfa.msp
    [2011/05/07 05:54:49 | 002,631,168 | ---- | M] () -- C:\Windows\Installer\adfe.msi
    [2011/05/07 05:54:57 | 000,024,576 | R--- | M] () -- C:\Windows\Installer\ae0c.msp
    [2010/09/17 17:25:54 | 000,266,240 | ---- | M] () -- C:\Windows\Installer\ae1e.msi
    [2011/01/24 17:16:02 | 000,014,336 | R--- | M] () -- C:\Windows\Installer\b0eb5.msp
    [2014/04/24 18:01:25 | 000,704,512 | ---- | M] () -- C:\Windows\Installer\d72fe16.msi
    [2009/07/22 01:08:34 | 000,262,144 | ---- | M] () -- C:\Windows\Installer\ede15b4.msi
    [2015/01/01 20:09:31 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\SourceHash{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
    [2015/03/05 04:03:45 | 000,028,672 | ---- | M] () -- C:\Windows\Installer\SourceHash{26784146-6E05-3FF9-9335-786C7C0FB5BE}
    [2015/03/01 21:25:48 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F83218031F0}
    [2015/02/21 04:17:53 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\SourceHash{37B8F9C7-03FB-3253-8781-2517C99D7C00}
    [2015/03/01 21:26:33 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\SourceHash{4A03706F-666A-4037-7777-5F2748764D10}
    [2015/02/06 15:40:01 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\SourceHash{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
    [2015/02/21 04:18:07 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\SourceHash{B175520C-86A2-35A7-8619-86DC379688B9}
    [2015/02/21 04:18:00 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\SourceHash{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
    [2015/02/21 04:17:46 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\SourceHash{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
    [2014/01/14 13:06:57 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}.SchedServiceConfig.rmi
    [2013/03/12 08:51:04 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{2F72F540-1F60-4266-9506-952B21D6640D}.SchedServiceConfig.rmi
    [2011/06/07 08:54:07 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{439760BC-7737-4386-9B1D-A90A3E8A22EA}.SchedServiceConfig.rmi
    [2011/12/07 12:59:19 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{75104836-CAC7-444E-A39E-3F54151942F5}.SchedServiceConfig.rmi
    [2013/02/19 09:54:24 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}.SchedServiceConfig.rmi
    [2011/05/07 05:57:14 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}.SchedServiceConfig.rmi
    [2014/02/12 09:05:35 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}.SchedServiceConfig.rmi
    [18 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

    < %windir%\system32\tasks\*.* >

    < %windir%\system32\tasks\*.* /64 >
    [2015/02/05 02:00:41 | 000,003,768 | ---- | M] () -- C:\Windows\SysNative\tasks\Adobe Flash Player Updater
    [2012/05/07 08:34:51 | 000,003,506 | ---- | M] () -- C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Debbie-PC-Debbie
    [2013/08/28 19:27:03 | 000,003,506 | ---- | M] () -- C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Debbie-PC-Nickel
    [2015/02/06 15:35:21 | 000,003,642 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore
    [2015/02/06 15:35:22 | 000,003,894 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA
    [2011/06/01 10:08:16 | 000,003,626 | ---- | M] () -- C:\Windows\SysNative\tasks\HPCustParticipation HP Officejet Pro 8500 A910
    [2011/05/25 10:42:02 | 000,003,040 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft_Hardware_Launch_IPoint_exe
    [2011/09/14 09:01:31 | 000,003,128 | ---- | M] () -- C:\Windows\SysNative\tasks\{46144598-8076-415D-B807-55385BDE9E45}
    [2011/05/25 10:42:39 | 000,003,036 | ---- | M] () -- C:\Windows\SysNative\tasks\{FE5719B6-EE82-4484-9C08-158CFE5851BD}

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\*. /mp /s >

    < MD5 for: ATAPI.SYS >
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
    [2002/01/30 14:49:08 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=48BC2767CEEC6E8B0E15B0289F18232E -- C:\I386\atapi.sys

    < MD5 for: CSRSS.EXE >
    [2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
    [2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
    [2001/08/18 06:00:00 | 000,004,096 | ---- | M] (Microsoft Corporation) MD5=B82CD0AD8B605F64EAD6C46D70A2C993 -- C:\I386\CSRSS.EXE

    < MD5 for: EXPLORER.EXE >
    [2011/05/07 08:21:23 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
    [2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2011/05/07 08:21:46 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2011/05/07 08:21:23 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
    [2011/05/07 08:21:28 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2011/05/07 08:21:46 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2011/05/07 08:21:28 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2011/05/07 08:21:46 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2011/05/07 08:21:28 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2011/05/07 08:21:46 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011/05/07 08:21:23 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
    [2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2011/05/07 08:21:28 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
    [2011/05/07 08:21:23 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

    < MD5 for: MSWSOCK.DLL >
    [2009/07/13 20:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
    [2001/08/18 06:00:00 | 000,228,352 | ---- | M] (Microsoft Corporation) MD5=18A8BE5A66B93F9C9615F7D4C148EDE2 -- C:\I386\MSWSOCK.DLL
    [2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
    [2013/09/06 21:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
    [2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
    [2013/09/07 21:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\SysNative\mswsock.dll
    [2013/09/07 21:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
    [2013/09/06 21:24:39 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
    [2013/09/07 21:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll
    [2013/09/07 21:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll
    [2009/07/13 20:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

    < MD5 for: NAPINSP.DLL >
    [2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
    [2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
    [2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
    [2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

    < MD5 for: NLAAPI.DLL >
    [2009/07/13 20:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
    [2012/01/13 02:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
    [2010/11/20 07:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
    [2012/10/03 11:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
    [2010/11/20 08:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
    [2012/10/18 15:31:53 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=39170EE9D22ED3DAF45501ED19E145D6 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22893_none_c5de055b3ae94990\nlaapi.dll
    [2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
    [2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
    [2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.18685_none_c561372a21c1c35c\nlaapi.dll
    [2014/12/05 23:18:18 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=5A6A55BB31693D2D7064D7F44ADDB98D -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22893_none_d032afad6f4a0b8b\nlaapi.dll
    [2009/07/13 20:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll
    [2012/10/03 12:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll
    [2014/12/05 22:50:19 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=FE48346938C1CDDDF4E4097DB9B99764 -- C:\Windows\SysWOW64\nlaapi.dll
    [2014/12/05 22:50:19 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=FE48346938C1CDDDF4E4097DB9B99764 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.18685_none_cfb5e17c56228557\nlaapi.dll

    < MD5 for: NWPROVAU.DLL >
    [2001/08/18 06:00:00 | 000,133,632 | ---- | M] (Microsoft Corporation) MD5=AC38BB5E8F2666CB8CC0AE2D37FCFA71 -- C:\I386\NWPROVAU.DLL

    < MD5 for: PNRPNSP.DLL >
    [2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
    [2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
    [2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
    [2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

    < MD5 for: PRINTISOLATIONHOST.EXE >
    [2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
    [2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

    < MD5 for: REGEDIT.EXE >
    [2001/08/18 06:00:00 | 000,134,144 | ---- | M] (Microsoft Corporation) MD5=21AC6A552BE4E0AFCD2AF628780108F0 -- C:\I386\REGEDIT.EXE
    [2009/07/13 20:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
    [2009/07/13 20:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
    [2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
    [2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

    < MD5 for: SERVICES.EXE >
    [2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2001/08/18 06:00:00 | 000,101,376 | ---- | M] (Microsoft Corporation) MD5=E3DF4A0252D287C44606EE55355E1623 -- C:\I386\SERVICES.EXE

    < MD5 for: SVCHOST.EXE >
    [2001/08/18 06:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\I386\SVCHOST.EXE
    [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2014/11/21 07:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
    [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: USER32.DLL >
    [2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
    [2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    [2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [2001/08/18 06:00:00 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=BE57A5C3ABD240514B98F6BCA872FB21 -- C:\I386\USER32.DLL
    [2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    [2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
    [2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

    < MD5 for: USERINIT.EXE >
    [2001/08/18 06:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=585398603F570F9705774D65D292E5D1 -- C:\I386\USERINIT.EXE
    [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2014/11/21 07:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
    [2014/03/04 06:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
    [2014/03/04 04:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
    [2014/07/16 21:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
    [2014/07/16 21:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
    [2014/07/15 22:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
    [2011/05/07 08:21:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2002/02/21 10:54:16 | 000,429,056 | ---- | M] (Microsoft Corporation) MD5=C605FFF733AAD029D6B533E609C8A6E6 -- C:\I386\winlogon.exe
    [2011/05/07 08:21:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < MD5 for: WINRNR.DLL >
    [2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
    [2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
    [2001/08/18 06:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=54332DB2DC5B851709CD78D2DA22F2FB -- C:\I386\WINRNR.DLL
    [2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
    [2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

    < MD5 for: WSHELPER.DLL >
    [2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
    [2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
    [2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
    [2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2015/02/17 17:45:00 | 000,843,592 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2015/02/17 17:45:00 | 000,843,592 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2015/02/17 17:45:00 | 000,843,592 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2015/02/17 17:45:00 | 000,843,592 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2015/01/14 00:47:41 | 000,813,744 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2015/01/14 00:47:41 | 000,813,744 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2015/02/17 17:45:00 | 000,843,592 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2015/02/17 17:45:00 | 000,843,592 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2015/02/17 17:45:00 | 000,843,592 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2015/02/17 17:45:00 | 000,843,592 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2015/01/11 20:48:50 | 000,718,848 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2015/01/11 20:48:50 | 000,718,848 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2015/01/11 20:48:50 | 000,718,848 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2015/01/14 00:47:41 | 000,813,744 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2015/01/14 00:47:41 | 000,813,744 | ---- | M] (Microsoft Corporation)

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < C:\Windows\assembly\tmp\U\*.* /s >
    [2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
    [2009/07/14 00:08:49 | 000,032,656 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/08/16 17:42:58 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    [2011/08/16 17:42:59 | 000,000,898 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/02 10:04:15 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

    < %Temp%\smtmp\* \s >

    < %Temp%\smtmp\1\*.* >

    < %Temp%\smtmp\2\*.* >

    < %Temp%\smtmp\3\*.* >

    < %Temp%\smtmp\4\*.* >

    < dir "%systemdrive%\*" /S /A:L /C >
    Volume in drive C is OS
    Volume Serial Number is B6A8-4E31
    Directory of C:\
    07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
    0 File(s) 0 bytes
    Directory of C:\ProgramData
    07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
    07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
    07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
    07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\ProgramData\Oracle\Java\javapath
    03/01/2015 09:27 PM <SYMLINK> java.exe [C:\Program Files (x86)\Java\jre1.8.0_31\bin\java.exe]
    03/01/2015 09:27 PM <SYMLINK> javaw.exe [C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe]
    03/01/2015 09:27 PM <SYMLINK> javaws.exe [C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaws.exe]
    3 File(s) 0 bytes
    Directory of C:\Users
    07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
    07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
    0 File(s) 0 bytes
    Directory of C:\Users\Administrator
    05/17/2011 12:51 PM <JUNCTION> Application Data [C:\Users\Administrator\AppData\Roaming]
    05/17/2011 12:51 PM <JUNCTION> Cookies [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies]
    05/17/2011 12:51 PM <JUNCTION> Local Settings [C:\Users\Administrator\AppData\Local]
    05/17/2011 12:51 PM <JUNCTION> My Documents [C:\Users\Administrator\Documents]
    05/17/2011 12:51 PM <JUNCTION> NetHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    05/17/2011 12:51 PM <JUNCTION> PrintHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    05/17/2011 12:51 PM <JUNCTION> Recent [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent]
    05/17/2011 12:51 PM <JUNCTION> SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
    05/17/2011 12:51 PM <JUNCTION> Start Menu [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
    05/17/2011 12:51 PM <JUNCTION> Templates [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Administrator\AppData\Local
    05/17/2011 12:51 PM <JUNCTION> Application Data [C:\Users\Administrator\AppData\Local]
    05/17/2011 12:51 PM <JUNCTION> History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
    05/17/2011 12:51 PM <JUNCTION> Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Administrator\Documents
    05/17/2011 12:51 PM <JUNCTION> My Music [C:\Users\Administrator\Music]
    05/17/2011 12:51 PM <JUNCTION> My Pictures [C:\Users\Administrator\Pictures]
    05/17/2011 12:51 PM <JUNCTION> My Videos [C:\Users\Administrator\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\All Users
    07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
    07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
    07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
    07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\All Users\Oracle\Java\javapath
    03/01/2015 09:27 PM <SYMLINK> java.exe [C:\Program Files (x86)\Java\jre1.8.0_31\bin\java.exe]
    03/01/2015 09:27 PM <SYMLINK> javaw.exe [C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe]
    03/01/2015 09:27 PM <SYMLINK> javaws.exe [C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaws.exe]
    3 File(s) 0 bytes
    Directory of C:\Users\Debbie
    05/12/2011 05:19 PM <JUNCTION> Application Data [C:\Users\Debbie\AppData\Roaming]
    05/12/2011 05:19 PM <JUNCTION> Cookies [C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Cookies]
    05/12/2011 05:19 PM <JUNCTION> Local Settings [C:\Users\Debbie\AppData\Local]
    05/12/2011 05:19 PM <JUNCTION> My Documents [C:\Users\Debbie\Documents]
    05/12/2011 05:19 PM <JUNCTION> NetHood [C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    05/12/2011 05:19 PM <JUNCTION> PrintHood [C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    05/12/2011 05:19 PM <JUNCTION> Recent [C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Recent]
    05/12/2011 05:19 PM <JUNCTION> SendTo [C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\SendTo]
    05/12/2011 05:19 PM <JUNCTION> Start Menu [C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu]
    05/12/2011 05:19 PM <JUNCTION> Templates [C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Debbie\AppData\Local
    05/12/2011 05:19 PM <JUNCTION> Application Data [C:\Users\Debbie\AppData\Local]
    05/12/2011 05:19 PM <JUNCTION> History [C:\Users\Debbie\AppData\Local\Microsoft\Windows\History]
    05/12/2011 05:19 PM <JUNCTION> Temporary Internet Files [C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Debbie\Documents
    05/12/2011 05:19 PM <JUNCTION> My Music [C:\Users\Debbie\Music]
    05/12/2011 05:19 PM <JUNCTION> My Pictures [C:\Users\Debbie\Pictures]
    05/12/2011 05:19 PM <JUNCTION> My Videos [C:\Users\Debbie\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Default
    07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
    07/14/2009 12:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
    07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
    07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
    07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
    07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
    07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
    07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\AppData\Local
    07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
    07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
    07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\Documents
    07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
    07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
    07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Nickel
    03/25/2013 06:03 PM <JUNCTION> Application Data [C:\Users\Nickel\AppData\Roaming]
    03/25/2013 06:03 PM <JUNCTION> Cookies [C:\Users\Nickel\AppData\Roaming\Microsoft\Windows\Cookies]
    03/25/2013 06:03 PM <JUNCTION> Local Settings [C:\Users\Nickel\AppData\Local]
    03/25/2013 06:03 PM <JUNCTION> My Documents [C:\Users\Nickel\Documents]
    03/25/2013 06:03 PM <JUNCTION> NetHood [C:\Users\Nickel\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    03/25/2013 06:03 PM <JUNCTION> PrintHood [C:\Users\Nickel\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    03/25/2013 06:03 PM <JUNCTION> Recent [C:\Users\Nickel\AppData\Roaming\Microsoft\Windows\Recent]
    03/25/2013 06:03 PM <JUNCTION> SendTo [C:\Users\Nickel\AppData\Roaming\Microsoft\Windows\SendTo]
    03/25/2013 06:03 PM <JUNCTION> Start Menu [C:\Users\Nickel\AppData\Roaming\Microsoft\Windows\Start Menu]
    03/25/2013 06:03 PM <JUNCTION> Templates [C:\Users\Nickel\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Nickel\AppData\Local
    03/25/2013 06:03 PM <JUNCTION> Application Data [C:\Users\Nickel\AppData\Local]
    03/25/2013 06:03 PM <JUNCTION> History [C:\Users\Nickel\AppData\Local\Microsoft\Windows\History]
    03/25/2013 06:03 PM <JUNCTION> Temporary Internet Files [C:\Users\Nickel\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Nickel\Documents
    03/25/2013 06:03 PM <JUNCTION> My Music [C:\Users\Nickel\Music]
    03/25/2013 06:03 PM <JUNCTION> My Pictures [C:\Users\Nickel\Pictures]
    03/25/2013 06:03 PM <JUNCTION> My Videos [C:\Users\Nickel\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\nike
    01/05/2015 03:49 PM <JUNCTION> Application Data [C:\Users\nike\AppData\Roaming]
    01/05/2015 03:49 PM <JUNCTION> Cookies [C:\Users\nike\AppData\Roaming\Microsoft\Windows\Cookies]
    01/05/2015 03:49 PM <JUNCTION> Local Settings [C:\Users\nike\AppData\Local]
    01/05/2015 03:49 PM <JUNCTION> My Documents [C:\Users\nike\Documents]
    01/05/2015 03:49 PM <JUNCTION> NetHood [C:\Users\nike\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    01/05/2015 03:49 PM <JUNCTION> PrintHood [C:\Users\nike\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    01/05/2015 03:49 PM <JUNCTION> Recent [C:\Users\nike\AppData\Roaming\Microsoft\Windows\Recent]
    01/05/2015 03:49 PM <JUNCTION> SendTo [C:\Users\nike\AppData\Roaming\Microsoft\Windows\SendTo]
    01/05/2015 03:49 PM <JUNCTION> Start Menu [C:\Users\nike\AppData\Roaming\Microsoft\Windows\Start Menu]
    01/05/2015 03:49 PM <JUNCTION> Templates [C:\Users\nike\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\nike\AppData\Local
    01/05/2015 03:49 PM <JUNCTION> Application Data [C:\Users\nike\AppData\Local]
    01/05/2015 03:49 PM <JUNCTION> History [C:\Users\nike\AppData\Local\Microsoft\Windows\History]
    01/05/2015 03:49 PM <JUNCTION> Temporary Internet Files [C:\Users\nike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\nike\Documents
    01/05/2015 03:49 PM <JUNCTION> My Music [C:\Users\nike\Music]
    01/05/2015 03:49 PM <JUNCTION> My Pictures [C:\Users\nike\Pictures]
    01/05/2015 03:49 PM <JUNCTION> My Videos [C:\Users\nike\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Public\Documents
    07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
    07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
    07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
    0 File(s) 0 bytes
    Total Files Listed:
    6 File(s) 0 bytes
    96 Dir(s) 788,666,372,096 bytes free

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:1CE11B51
    < End of report >
     
  6. clester

    clester Thread Starter

    Joined:
    Dec 11, 2008
    Messages:
    190
    < %systemroot%\assembly\GAC_32\*.ini >

    < %systemroot%\assembly\GAC_64\*.ini >

    < %ALLUSERSPROFILE%\Application Data\*.exe >

    < %APPDATA%\*. >
    [2012/07/02 17:11:56 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\.minecraft
    [2011/09/17 14:50:16 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\ACT
    [2012/05/07 08:34:55 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Adobe
    [2014/09/21 21:15:48 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Apple Computer
    [2011/05/12 17:24:50 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\ATI
    [2013/11/16 20:21:28 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Awesomium
    [2013/12/17 15:54:42 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\BANDISOFT
    [2011/10/17 10:40:49 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Catalina Marketing Corp
    [2012/01/19 10:31:15 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2015/01/06 20:47:02 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Curse Client
    [2011/08/10 10:46:37 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Dell
    [2011/05/12 17:24:51 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Dell Touch Zone
    [2011/10/18 07:43:47 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\E-centives
    [2012/03/03 11:58:52 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Fingertapps
    [2012/05/28 13:25:23 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\GFI Software
    [2011/08/16 18:37:47 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Google
    [2012/04/30 09:16:15 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\HpUpdate
    [2011/05/12 17:24:29 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Identities
    [2014/04/28 09:57:58 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Individual Software
    [2011/09/17 14:23:37 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\iolo
    [2011/09/17 14:51:13 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\IsolatedStorage
    [2013/03/29 10:29:26 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\LolClient
    [2011/05/12 17:26:00 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Macromedia
    [2014/06/10 10:05:14 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Malwarebytes
    [2009/07/14 02:44:38 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Media Center Programs
    [2013/06/03 08:02:55 | 000,000,000 | --SD | M] -- C:\Users\Debbie\AppData\Roaming\Microsoft
    [2013/05/10 06:00:17 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Mozilla
    [2011/08/22 15:18:15 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\MyPublisher
    [2013/02/25 09:16:44 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Nokia
    [2013/02/25 09:16:44 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Nokia Suite
    [2012/07/02 09:43:20 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\OpenOffice.org
    [2014/04/22 13:48:02 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Oracle
    [2013/11/04 06:21:09 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Origin
    [2012/06/10 18:34:29 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\PC Suite
    [2011/05/27 16:07:20 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\PCDr
    [2011/05/12 17:24:50 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Roxio
    [2011/09/18 06:40:59 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Roxio Burn
    [2013/11/30 09:42:42 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Roxio Log Files
    [2015/01/05 14:58:49 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\RSBot
    [2014/06/09 12:24:59 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Samsung
    [2015/03/11 08:30:18 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Skype
    [2015/03/05 19:43:17 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\SoftGrid Client
    [2012/11/28 17:34:57 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Solveig Multimedia
    [2014/06/20 13:59:32 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\SplitMediaLabs
    [2012/06/07 16:06:32 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\TeamViewer
    [2011/05/31 10:19:06 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\TomTom
    [2011/05/17 07:45:59 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\TP
    [2011/05/17 11:19:57 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\URSoft
    [2012/01/22 08:40:30 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\vlc
    [2013/01/22 12:13:43 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\WildTangent
    [2012/04/13 15:46:17 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\Windows Live Writer
    [2012/07/02 16:33:45 | 000,000,000 | ---D | M] -- C:\Users\Debbie\AppData\Roaming\WinRAR

    < %SYSTEMDRIVE%\*.* >
    [2009/11/19 20:06:32 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2005/12/04 11:02:49 | 000,001,843 | ---- | M] () -- C:\AU.bat
    [2002/08/21 01:24:24 | 000,004,490 | RH-- | M] () -- C:\DELL (1).SDR
    [2011/05/07 08:24:02 | 000,030,879 | RH-- | M] () -- C:\dell.sdr
    [2008/04/11 10:07:18 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2015/03/11 08:13:22 | 334,737,407 | -HS- | M] () -- C:\hiberfil.sys
    [2008/08/23 11:11:27 | 000,000,164 | ---- | M] () -- C:\install.dat
    [2008/04/11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    [2008/04/11 10:07:18 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2009/07/28 16:51:52 | 000,000,000 | ---- | M] () -- C:\install.rdf
    [2008/04/11 08:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2008/04/11 08:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2008/04/11 08:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2008/04/11 08:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2008/04/11 08:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2008/04/11 08:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2008/04/11 08:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2008/04/11 10:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
    [2008/04/11 08:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2008/04/11 08:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2004/03/23 11:52:05 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
    [2015/03/11 08:13:23 | 1877,975,039 | -HS- | M] () -- C:\pagefile.sys
    [2008/12/05 21:04:29 | 000,000,204 | ---- | M] () -- C:\Plugins
    [2005/11/24 12:29:10 | 000,002,152 | ---- | M] () -- C:\register.bat
    [2012/01/19 10:02:34 | 000,001,491 | ---- | M] () -- C:\user.js
    [2008/04/11 10:07:18 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2008/04/11 10:09:38 | 003,797,292 | ---- | M] () -- C:\VC_RED.cab
    [2008/04/11 10:11:40 | 000,233,472 | ---- | M] () -- C:\VC_RED.MSI
    [2013/05/04 11:27:56 | 000,002,071 | ---- | M] () -- C:\WildTangent Games App - dell.lnk
    [2009/02/27 10:42:10 | 000,025,204 | -H-- | M] () -- C:\ZbThumbnail.info

    < %PROGRAMFILES%\*.exe >

    < %LOCALAPPDATA%\*.exe >

    < %windir%\Installer\*.* >
    [2012/09/23 22:47:27 | 002,385,920 | ---- | M] () -- C:\Windows\Installer\100c4bd.msi
    [2013/12/21 02:58:56 | 019,824,640 | R--- | M] () -- C:\Windows\Installer\100c4be.msp
    [2011/08/10 10:48:55 | 067,429,888 | ---- | M] () -- C:\Windows\Installer\105e469e.msi
    [2010/03/30 22:18:14 | 033,000,960 | ---- | M] () -- C:\Windows\Installer\1063b4b8.msi
    [2014/12/24 20:33:20 | 000,026,112 | ---- | M] () -- C:\Windows\Installer\109aa.msi
    [2014/07/24 03:01:27 | 053,303,296 | R--- | M] () -- C:\Windows\Installer\12185956.msp
    [2012/05/09 10:06:27 | 012,815,360 | ---- | M] () -- C:\Windows\Installer\122d983e.msi
    [2012/05/09 10:06:31 | 012,307,968 | ---- | M] () -- C:\Windows\Installer\122d9845.msi
    [2012/05/09 10:06:34 | 028,236,288 | ---- | M] () -- C:\Windows\Installer\122d984c.msi
    [2012/05/09 10:06:36 | 024,828,928 | ---- | M] () -- C:\Windows\Installer\122d9853.msi
    [2012/05/09 10:06:39 | 000,503,808 | ---- | M] () -- C:\Windows\Installer\122d985a.msi
    [2012/05/09 10:06:40 | 000,536,064 | ---- | M] () -- C:\Windows\Installer\122d9861.msi
    [2014/04/28 09:46:04 | 257,392,640 | ---- | M] () -- C:\Windows\Installer\122fc517.msi
    [2014/06/16 22:08:34 | 001,379,328 | ---- | M] () -- C:\Windows\Installer\1250343.msi
    [2012/04/30 09:14:04 | 002,348,544 | ---- | M] () -- C:\Windows\Installer\12c9f0bc.msi
    [2009/07/22 00:01:04 | 000,251,904 | ---- | M] () -- C:\Windows\Installer\13dcf840.msi
    [2010/06/10 20:22:34 | 005,893,120 | R--- | M] () -- C:\Windows\Installer\13dcf862.msp
    [2010/06/10 20:22:30 | 008,934,912 | R--- | M] () -- C:\Windows\Installer\13dcf863.msp
    [2014/06/20 13:59:36 | 001,694,208 | ---- | M] () -- C:\Windows\Installer\13fe3129.msi
    [2014/03/12 10:55:56 | 001,944,064 | ---- | M] () -- C:\Windows\Installer\14154594.msi
    [2015/02/06 15:35:12 | 000,028,160 | ---- | M] () -- C:\Windows\Installer\1474776.msi
    [2014/01/14 13:11:57 | 045,903,872 | ---- | M] () -- C:\Windows\Installer\14811282.msi
    [2013/11/08 10:43:11 | 000,274,432 | ---- | M] () -- C:\Windows\Installer\1587518f.msi
    [2013/07/10 03:01:58 | 053,242,368 | R--- | M] () -- C:\Windows\Installer\1758687b.msp
    [2010/09/08 14:56:21 | 027,747,328 | ---- | M] () -- C:\Windows\Installer\184ec8.msi
    [2010/09/08 14:57:59 | 021,570,560 | ---- | M] () -- C:\Windows\Installer\184ecf.msi
    [2010/09/08 14:58:09 | 002,211,328 | ---- | M] () -- C:\Windows\Installer\184ed5.msi
    [2010/09/08 14:58:10 | 000,725,504 | ---- | M] () -- C:\Windows\Installer\184edb.msi
    [2010/09/08 14:58:10 | 003,670,016 | ---- | M] () -- C:\Windows\Installer\184ee1.msi
    [2010/09/08 14:58:10 | 001,997,312 | ---- | M] () -- C:\Windows\Installer\184ee7.msi
    [2011/09/17 14:20:27 | 000,024,064 | ---- | M] () -- C:\Windows\Installer\184ef9.msi
    [2006/12/02 07:09:06 | 002,818,048 | ---- | M] () -- C:\Windows\Installer\184eff.msi
    [2006/12/02 02:20:42 | 003,227,648 | ---- | M] () -- C:\Windows\Installer\184f05.msi
    [2012/02/25 17:26:46 | 030,600,704 | ---- | M] () -- C:\Windows\Installer\1a4ff.msi
    [2014/04/12 11:48:44 | 001,572,864 | ---- | M] () -- C:\Windows\Installer\1aae2db.msi
    [2011/05/18 00:00:27 | 020,672,000 | ---- | M] () -- C:\Windows\Installer\1b444.msi
    [2012/01/12 03:01:16 | 021,030,912 | R--- | M] () -- C:\Windows\Installer\1cf48e6.msp
    [2014/02/12 09:01:20 | 033,079,296 | ---- | M] () -- C:\Windows\Installer\212b1644.msi
    [2014/02/12 09:01:33 | 011,522,048 | ---- | M] () -- C:\Windows\Installer\212b16c8.msi
    [2014/02/12 09:02:57 | 071,852,032 | ---- | M] () -- C:\Windows\Installer\212b280b.msi
    [2011/04/13 15:04:38 | 002,081,792 | ---- | M] () -- C:\Windows\Installer\21ba1b15.msi
    [2011/04/13 15:04:36 | 001,880,064 | ---- | M] () -- C:\Windows\Installer\21ba1b1b.msi
    [2011/04/19 04:21:02 | 000,235,520 | ---- | M] () -- C:\Windows\Installer\235010a.msi
    [2014/03/12 03:02:23 | 053,303,296 | R--- | M] () -- C:\Windows\Installer\2674b5a0.msp
    [2014/01/31 16:19:26 | 006,185,472 | R--- | M] () -- C:\Windows\Installer\2674b5a7.msp
    [2013/10/30 06:09:12 | 000,151,552 | ---- | M] () -- C:\Windows\Installer\2a06df1.msi
    [2013/10/30 06:08:34 | 000,151,552 | ---- | M] () -- C:\Windows\Installer\2a06dfb.msi
    [2013/10/30 06:08:42 | 000,151,552 | ---- | M] () -- C:\Windows\Installer\2a06e05.msi
    [2013/10/30 06:08:42 | 000,151,552 | ---- | M] () -- C:\Windows\Installer\2a06e0f.msi
    [2012/04/13 15:54:55 | 008,822,784 | ---- | M] () -- C:\Windows\Installer\2b22577.msi
    [2012/04/13 15:54:55 | 000,026,112 | ---- | M] () -- C:\Windows\Installer\2b2257b.msi
    [2011/05/07 05:53:32 | 000,074,240 | ---- | M] () -- C:\Windows\Installer\2b22584.msi
    [2012/04/13 15:54:56 | 000,039,936 | R--- | M] () -- C:\Windows\Installer\2b22589.msp
    [2011/05/07 05:53:41 | 009,433,088 | ---- | M] () -- C:\Windows\Installer\2b2258e.msi
    [2012/04/13 15:54:57 | 004,426,240 | R--- | M] () -- C:\Windows\Installer\2b2259d.msp
    [2011/05/07 05:53:43 | 007,710,720 | ---- | M] () -- C:\Windows\Installer\2b225a2.msi
    [2012/04/13 15:54:58 | 002,932,224 | R--- | M] () -- C:\Windows\Installer\2b225b6.msp
    [2011/05/07 05:53:54 | 000,429,056 | ---- | M] () -- C:\Windows\Installer\2b225bb.msi
    [2012/04/13 15:55:00 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\2b225c0.msp
    [2011/05/07 05:53:55 | 004,004,864 | ---- | M] () -- C:\Windows\Installer\2b225c5.msi
    [2012/04/13 15:55:00 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\2b225d1.msp
    [2011/05/07 05:53:55 | 002,310,656 | ---- | M] () -- C:\Windows\Installer\2b225d6.msi
    [2012/04/13 15:55:02 | 000,715,264 | R--- | M] () -- C:\Windows\Installer\2b225de.msp
    [2011/05/07 05:53:57 | 008,332,288 | ---- | M] () -- C:\Windows\Installer\2b225e6.msi
    [2012/04/13 15:55:03 | 003,312,128 | R--- | M] () -- C:\Windows\Installer\2b22602.msp
    [2012/04/13 15:55:04 | 022,647,296 | ---- | M] () -- C:\Windows\Installer\2b22615.msi
    [2012/04/13 15:55:06 | 005,535,744 | R--- | M] () -- C:\Windows\Installer\2b22639.msp
    [2011/05/07 05:54:02 | 013,850,624 | ---- | M] () -- C:\Windows\Installer\2b22640.msi
    [2012/04/13 15:55:07 | 005,868,544 | R--- | M] () -- C:\Windows\Installer\2b22657.msp
    [2011/05/07 05:54:15 | 008,313,856 | ---- | M] () -- C:\Windows\Installer\2b2265c.msi
    [2012/04/13 15:55:09 | 002,957,312 | R--- | M] () -- C:\Windows\Installer\2b22676.msp
    [2011/05/07 05:54:25 | 034,193,408 | ---- | M] () -- C:\Windows\Installer\2b22681.msi
    [2012/04/13 15:55:12 | 014,624,256 | R--- | M] () -- C:\Windows\Installer\2b226ad.msp
    [2011/05/07 05:54:28 | 011,846,656 | ---- | M] () -- C:\Windows\Installer\2b226b5.msi
    [2012/04/13 15:55:13 | 003,734,016 | R--- | M] () -- C:\Windows\Installer\2b226be.msp
    [2011/05/07 05:54:30 | 000,775,168 | ---- | M] () -- C:\Windows\Installer\2b226c7.msi
    [2012/04/13 15:55:13 | 000,205,824 | R--- | M] () -- C:\Windows\Installer\2b226d0.msp
    [2012/04/13 15:55:14 | 006,363,136 | ---- | M] () -- C:\Windows\Installer\2b226e8.msi
    [2012/04/13 15:55:15 | 000,276,480 | R--- | M] () -- C:\Windows\Installer\2b22725.msp
    [2011/05/07 05:54:34 | 006,195,200 | ---- | M] () -- C:\Windows\Installer\2b2272d.msi
    [2012/04/13 15:55:16 | 003,105,792 | R--- | M] () -- C:\Windows\Installer\2b22738.msp
    [2011/05/07 05:54:35 | 003,454,976 | ---- | M] () -- C:\Windows\Installer\2b2273e.msi
    [2012/04/13 15:55:17 | 001,829,376 | R--- | M] () -- C:\Windows\Installer\2b22747.msp
    [2011/05/07 05:54:36 | 000,067,072 | ---- | M] () -- C:\Windows\Installer\2b2274c.msi
    [2012/04/13 15:55:18 | 000,029,184 | R--- | M] () -- C:\Windows\Installer\2b22752.msp
    [2011/05/07 05:54:36 | 001,492,992 | ---- | M] () -- C:\Windows\Installer\2b22757.msi
    [2012/04/13 15:55:18 | 000,625,664 | R--- | M] () -- C:\Windows\Installer\2b22760.msp
    [2011/05/07 05:54:37 | 001,070,592 | ---- | M] () -- C:\Windows\Installer\2b22765.msi
    [2012/04/13 15:55:19 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\2b2276f.msp
    [2012/04/13 15:55:20 | 006,661,632 | ---- | M] () -- C:\Windows\Installer\2b22784.msi
    [2012/04/13 15:55:21 | 005,124,096 | R--- | M] () -- C:\Windows\Installer\2b2278e.msp
    [2011/05/07 05:54:39 | 003,410,944 | ---- | M] () -- C:\Windows\Installer\2b22794.msi
    [2012/04/13 15:55:21 | 000,635,904 | R--- | M] () -- C:\Windows\Installer\2b2279a.msp
    [2011/05/07 05:54:40 | 004,175,360 | ---- | M] () -- C:\Windows\Installer\2b2279f.msi
    [2012/04/13 15:55:22 | 000,509,952 | R--- | M] () -- C:\Windows\Installer\2b227a4.msp
    [2011/05/07 05:54:41 | 004,250,112 | ---- | M] () -- C:\Windows\Installer\2b227aa.msi
    [2012/04/13 15:55:24 | 002,146,304 | R--- | M] () -- C:\Windows\Installer\2b227b5.msp
    [2011/05/07 05:54:42 | 000,153,600 | ---- | M] () -- C:\Windows\Installer\2b227bb.msi
    [2012/04/13 15:55:24 | 000,060,416 | R--- | M] () -- C:\Windows\Installer\2b227c0.msp
    [2011/05/07 05:54:43 | 000,029,696 | ---- | M] () -- C:\Windows\Installer\2b227c6.msi
    [2012/04/13 15:55:25 | 000,023,552 | R--- | M] () -- C:\Windows\Installer\2b227cb.msp
    [2011/05/07 05:54:50 | 000,074,240 | ---- | M] () -- C:\Windows\Installer\2b227d0.msi
    [2012/04/13 15:55:25 | 000,030,720 | R--- | M] () -- C:\Windows\Installer\2b227d5.msp
    [2011/05/07 05:54:57 | 000,056,832 | ---- | M] () -- C:\Windows\Installer\2b227da.msi
    [2012/04/13 15:55:26 | 000,024,576 | R--- | M] () -- C:\Windows\Installer\2b227e1.msp
    [2014/06/13 03:45:53 | 038,260,736 | R--- | M] () -- C:\Windows\Installer\2b50ee.msp
    [2011/08/21 23:14:54 | 020,647,936 | R--- | M] () -- C:\Windows\Installer\2ddce7c.msp
    [2011/04/16 08:44:26 | 002,770,944 | ---- | M] () -- C:\Windows\Installer\30dbccff.msi
    [2014/12/08 08:57:56 | 045,113,344 | R--- | M] () -- C:\Windows\Installer\342a026.msp
    [2015/03/01 08:27:47 | 040,599,552 | ---- | M] () -- C:\Windows\Installer\36f95fa.msi
    [2011/06/04 20:01:02 | 001,313,792 | ---- | M] () -- C:\Windows\Installer\3c5d5b2.msi
    [2013/10/10 03:25:20 | 053,242,880 | R--- | M] () -- C:\Windows\Installer\3c6afcc.msp
    [2011/04/16 00:14:54 | 003,186,176 | ---- | M] () -- C:\Windows\Installer\461e5d7.msi
    [2011/04/19 04:54:14 | 000,227,328 | ---- | M] () -- C:\Windows\Installer\461e5de.msi
    [2011/02/19 22:57:00 | 000,177,664 | ---- | M] () -- C:\Windows\Installer\4889eea4.msi
    [2011/02/19 23:08:16 | 000,163,840 | ---- | M] () -- C:\Windows\Installer\488a18b0.msi
    [2011/06/28 21:21:32 | 004,637,184 | R--- | M] () -- C:\Windows\Installer\4b0ec61e.msp
    [2011/06/28 21:27:28 | 004,028,928 | R--- | M] () -- C:\Windows\Installer\4b1416d6.msp
    [2008/09/30 21:07:10 | 006,042,112 | ---- | M] () -- C:\Windows\Installer\512af41.msi
    [2009/07/21 00:29:14 | 006,057,984 | ---- | M] () -- C:\Windows\Installer\512af47.msi
    [2011/08/16 17:43:07 | 000,028,160 | ---- | M] () -- C:\Windows\Installer\531b975.msi
    [2013/07/23 09:53:32 | 027,610,624 | ---- | M] () -- C:\Windows\Installer\53dcb25.msi
    [2012/05/28 13:27:22 | 029,776,896 | ---- | M] () -- C:\Windows\Installer\566c2.msi
    [2013/05/05 10:45:44 | 004,074,496 | ---- | M] () -- C:\Windows\Installer\597849.msi
    [2010/11/16 19:01:57 | 003,455,488 | ---- | M] () -- C:\Windows\Installer\5bf84ac.msi
    [2010/11/16 19:01:57 | 000,146,432 | ---- | M] () -- C:\Windows\Installer\5bf84b2.msi
    [2010/11/16 19:01:57 | 000,232,448 | ---- | M] () -- C:\Windows\Installer\5bf84b8.msi
    [2010/11/16 19:01:57 | 000,131,072 | ---- | M] () -- C:\Windows\Installer\5bf84c5.msi
    [2010/11/16 19:01:57 | 000,515,072 | ---- | M] () -- C:\Windows\Installer\5bf84cb.msi
    [2008/08/08 14:46:10 | 000,242,176 | ---- | M] () -- C:\Windows\Installer\5cd2cf.msi
    [2008/04/11 10:11:40 | 000,233,472 | ---- | M] () -- C:\Windows\Installer\5cd2d5.msi
    [2012/04/19 01:53:04 | 003,121,152 | ---- | M] () -- C:\Windows\Installer\5cd2d9.msi
    [2010/10/14 05:11:24 | 006,142,976 | ---- | M] () -- C:\Windows\Installer\5d7b25f.msi
    [2014/11/12 01:00:14 | 001,543,168 | R--- | M] () -- C:\Windows\Installer\5e350c.msp
    [2011/12/07 12:57:38 | 002,682,368 | ---- | M] () -- C:\Windows\Installer\5faa38e.msi
    [2015/03/01 21:25:44 | 006,365,184 | ---- | M] () -- C:\Windows\Installer\637d30c.msi
    [2015/03/01 21:25:43 | 000,913,408 | ---- | M] () -- C:\Windows\Installer\637d31b.msi
    [2013/02/14 09:58:46 | 005,850,624 | R--- | M] () -- C:\Windows\Installer\6a44351.msp
    [2013/01/24 22:46:08 | 000,037,888 | ---- | M] () -- C:\Windows\Installer\6a4441f.msi
    [2013/03/14 03:01:34 | 053,209,600 | R--- | M] () -- C:\Windows\Installer\6a44427.msp
    [2010/05/05 23:02:20 | 003,261,952 | ---- | M] () -- C:\Windows\Installer\6cf16.msi
    [2010/05/05 23:04:12 | 008,113,152 | ---- | M] () -- C:\Windows\Installer\6cf1c.msi
    [2010/05/05 23:04:14 | 008,849,408 | ---- | M] () -- C:\Windows\Installer\6cf22.msi
    [2010/05/06 00:24:48 | 001,724,416 | ---- | M] () -- C:\Windows\Installer\6cf28.msi
    [2010/05/05 22:58:56 | 003,171,328 | ---- | M] () -- C:\Windows\Installer\6cf36.msi
    [2010/05/06 00:11:06 | 001,469,440 | ---- | M] () -- C:\Windows\Installer\6cf3f.msi
    [2010/05/06 00:22:26 | 001,880,064 | ---- | M] () -- C:\Windows\Installer\6cf45.msi
    [2010/05/05 23:00:48 | 001,396,736 | ---- | M] () -- C:\Windows\Installer\6cf4b.msi
    [2010/05/05 23:01:38 | 001,403,904 | ---- | M] () -- C:\Windows\Installer\6cf51.msi
    [2010/05/05 22:58:58 | 005,587,968 | ---- | M] () -- C:\Windows\Installer\6cf58.msi
    [2010/05/06 00:24:48 | 002,341,376 | ---- | M] () -- C:\Windows\Installer\6cf5e.msi
    [2010/05/06 00:20:32 | 005,447,680 | ---- | M] () -- C:\Windows\Installer\6cf64.msi
    [2010/05/05 23:01:32 | 005,388,288 | ---- | M] () -- C:\Windows\Installer\6cf6a.msi
    [2010/08/19 02:09:30 | 003,638,520 | ---- | M] () -- C:\Windows\Installer\6cf72.msi
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\6cf78.msi
    [2013/07/24 08:12:50 | 006,168,064 | R--- | M] () -- C:\Windows\Installer\746f8e4.msp
    [2013/07/24 08:08:20 | 028,968,448 | R--- | M] () -- C:\Windows\Installer\746f91d.msp
    [2014/07/08 14:31:20 | 000,514,048 | ---- | M] () -- C:\Windows\Installer\7b0948.msi
    [2014/04/17 16:09:20 | 001,133,568 | R--- | M] () -- C:\Windows\Installer\90773bf.msp
    [2014/04/22 16:00:46 | 006,168,064 | R--- | M] () -- C:\Windows\Installer\90773c6.msp
    [2013/10/02 13:37:31 | 027,313,152 | ---- | M] () -- C:\Windows\Installer\94571b7.msi
    [2012/01/19 10:31:45 | 000,032,256 | ---- | M] () -- C:\Windows\Installer\9d166.msi
    [2012/01/19 10:32:25 | 000,029,184 | ---- | M] () -- C:\Windows\Installer\9d1f3.msi
    [2011/06/02 06:52:03 | 003,971,584 | ---- | M] () -- C:\Windows\Installer\a341fd7.msi
    [2011/04/22 06:58:26 | 001,948,160 | ---- | M] () -- C:\Windows\Installer\a4ac0f.msi
    [2014/04/26 21:03:28 | 003,630,080 | ---- | M] () -- C:\Windows\Installer\a59e6bf.msi
    [2008/10/25 03:18:18 | 002,692,608 | ---- | M] () -- C:\Windows\Installer\a75c0.msi
    [2009/05/04 19:23:02 | 000,396,800 | ---- | M] () -- C:\Windows\Installer\aadf.msi
    [2009/10/05 01:53:36 | 002,821,632 | ---- | M] () -- C:\Windows\Installer\aae4.msi
    [2009/10/05 01:55:02 | 000,969,216 | ---- | M] () -- C:\Windows\Installer\aae9.msi
    [2009/10/05 01:54:42 | 006,880,256 | ---- | M] () -- C:\Windows\Installer\aaee.msi
    [2009/10/05 01:54:50 | 000,409,600 | ---- | M] () -- C:\Windows\Installer\aaf3.msi
    [2009/10/05 01:53:04 | 001,887,744 | ---- | M] () -- C:\Windows\Installer\aaf8.msi
    [2009/10/05 01:52:52 | 005,749,248 | ---- | M] () -- C:\Windows\Installer\aafd.msi
    [2009/10/05 01:53:20 | 000,410,112 | ---- | M] () -- C:\Windows\Installer\ab02.msi
    [2009/10/05 01:58:38 | 001,742,336 | ---- | M] () -- C:\Windows\Installer\ab07.msi
    [2009/10/05 01:55:12 | 001,242,624 | ---- | M] () -- C:\Windows\Installer\ab0c.msi
    [2009/10/05 01:55:22 | 001,228,288 | ---- | M] () -- C:\Windows\Installer\ab11.msi
    [2009/10/05 01:55:30 | 001,211,392 | ---- | M] () -- C:\Windows\Installer\ab16.msi
    [2009/10/05 01:55:38 | 001,281,024 | ---- | M] () -- C:\Windows\Installer\ab1b.msi
    [2009/10/05 01:55:48 | 000,701,952 | ---- | M] () -- C:\Windows\Installer\ab20.msi
    [2009/10/05 01:55:56 | 001,228,288 | ---- | M] () -- C:\Windows\Installer\ab25.msi
    [2009/10/05 01:56:06 | 001,232,896 | ---- | M] () -- C:\Windows\Installer\ab2a.msi
    [2009/10/05 01:56:14 | 001,236,992 | ---- | M] () -- C:\Windows\Installer\ab2f.msi
    [2009/10/05 01:56:24 | 001,250,304 | ---- | M] () -- C:\Windows\Installer\ab34.msi
    [2009/10/05 01:56:34 | 001,228,288 | ---- | M] () -- C:\Windows\Installer\ab39.msi
    [2009/10/05 01:56:42 | 001,258,496 | ---- | M] () -- C:\Windows\Installer\ab3e.msi
    [2009/10/05 01:56:50 | 001,242,624 | ---- | M] () -- C:\Windows\Installer\ab43.msi
    [2009/10/05 01:57:00 | 001,234,432 | ---- | M] () -- C:\Windows\Installer\ab48.msi
    [2009/10/05 01:57:10 | 001,222,144 | ---- | M] () -- C:\Windows\Installer\ab4d.msi
    [2009/10/05 01:57:18 | 001,237,504 | ---- | M] () -- C:\Windows\Installer\ab52.msi
    [2009/10/05 01:57:28 | 001,234,432 | ---- | M] () -- C:\Windows\Installer\ab57.msi
    [2009/10/05 01:57:36 | 001,266,176 | ---- | M] () -- C:\Windows\Installer\ab5c.msi
    [2009/10/05 01:57:46 | 001,225,216 | ---- | M] () -- C:\Windows\Installer\ab61.msi
    [2009/10/05 01:57:54 | 001,254,400 | ---- | M] () -- C:\Windows\Installer\ab66.msi
    [2009/10/05 01:58:04 | 001,232,896 | ---- | M] () -- C:\Windows\Installer\ab6b.msi
    [2009/10/05 01:58:12 | 000,920,064 | ---- | M] () -- C:\Windows\Installer\ab70.msi
    [2009/10/05 01:58:22 | 001,222,656 | ---- | M] () -- C:\Windows\Installer\ab75.msi
    [2009/10/05 01:59:04 | 000,274,432 | ---- | M] () -- C:\Windows\Installer\ab7a.msi
    [2009/10/05 01:54:16 | 002,420,224 | ---- | M] () -- C:\Windows\Installer\ab7f.msi
    [2010/01/15 16:59:58 | 000,312,832 | ---- | M] () -- C:\Windows\Installer\abb2.msi
    [2010/11/22 19:49:46 | 000,839,680 | ---- | M] () -- C:\Windows\Installer\abcd.msi
    [2011/02/09 00:29:40 | 002,669,056 | ---- | M] () -- C:\Windows\Installer\abd8.msi
    [2011/05/07 05:52:57 | 050,918,400 | ---- | M] () -- C:\Windows\Installer\abec.msi
    [2010/06/28 12:28:30 | 000,696,320 | ---- | M] () -- C:\Windows\Installer\abf2.msi
    [2011/05/07 05:53:31 | 004,227,072 | ---- | M] () -- C:\Windows\Installer\ac07.msi
    [2011/05/07 05:53:37 | 000,039,936 | R--- | M] () -- C:\Windows\Installer\ac18.msp
    [2011/05/07 05:53:33 | 002,856,448 | ---- | M] () -- C:\Windows\Installer\ac1c.msi
    [2011/05/07 05:53:38 | 000,053,248 | ---- | M] () -- C:\Windows\Installer\ac20.msi
    [2011/05/07 05:53:39 | 000,037,888 | ---- | M] () -- C:\Windows\Installer\ac24.msi
    [2011/05/07 05:53:42 | 004,427,776 | R--- | M] () -- C:\Windows\Installer\ac37.msp
    [2011/05/07 05:53:46 | 002,932,736 | R--- | M] () -- C:\Windows\Installer\ac4f.msp
    [2011/05/07 05:53:45 | 004,680,704 | ---- | M] () -- C:\Windows\Installer\ac53.msi
    [2011/05/07 05:53:47 | 002,343,936 | ---- | M] () -- C:\Windows\Installer\ac57.msi
    [2011/05/07 05:53:53 | 000,147,968 | ---- | M] () -- C:\Windows\Installer\ac5b.msi
    [2011/05/07 05:53:54 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\ac64.msp
    [2011/05/07 05:53:56 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\ac74.msp
    [2011/05/07 05:53:59 | 003,314,688 | R--- | M] () -- C:\Windows\Installer\ac98.msp
    [2011/05/07 05:53:59 | 003,664,384 | ---- | M] () -- C:\Windows\Installer\acb5.msi
    [2011/05/07 05:54:00 | 003,734,016 | ---- | M] () -- C:\Windows\Installer\acb9.msi
    [2011/05/07 05:54:06 | 005,870,080 | R--- | M] () -- C:\Windows\Installer\acd4.msp
    [2011/05/07 05:54:21 | 002,958,336 | R--- | M] () -- C:\Windows\Installer\acf2.msp
    [2011/05/07 05:54:22 | 001,819,136 | ---- | M] () -- C:\Windows\Installer\acf6.msi
    [2011/05/07 05:54:27 | 014,617,088 | R--- | M] () -- C:\Windows\Installer\ad26.msp
    [2011/05/07 05:54:29 | 003,733,504 | R--- | M] () -- C:\Windows\Installer\ad34.msp
    [2011/05/07 05:54:31 | 000,205,312 | R--- | M] () -- C:\Windows\Installer\ad42.msp
    [2011/05/07 05:54:33 | 000,113,664 | R--- | M] () -- C:\Windows\Installer\ad83.msp
    [2011/05/07 05:54:35 | 001,830,400 | R--- | M] () -- C:\Windows\Installer\ad94.msp
    [2011/05/07 05:54:37 | 000,624,640 | R--- | M] () -- C:\Windows\Installer\ada5.msp
    [2011/05/07 05:54:37 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\adb3.msp
    [2011/05/07 05:54:40 | 000,636,928 | R--- | M] () -- C:\Windows\Installer\adcd.msp
    [2011/05/07 05:54:41 | 000,510,976 | R--- | M] () -- C:\Windows\Installer\add6.msp
    [2011/05/07 05:54:42 | 002,144,256 | R--- | M] () -- C:\Windows\Installer\ade6.msp
    [2011/05/07 05:54:43 | 000,060,416 | R--- | M] () -- C:\Windows\Installer\adf0.msp
    [2011/05/07 05:54:44 | 000,023,552 | R--- | M] () -- C:\Windows\Installer\adfa.msp
    [2011/05/07 05:54:49 | 002,631,168 | ---- | M] () -- C:\Windows\Installer\adfe.msi
    [2011/05/07 05:54:57 | 000,024,576 | R--- | M] () -- C:\Windows\Installer\ae0c.msp
    [2010/09/17 17:25:54 | 000,266,240 | ---- | M] () -- C:\Windows\Installer\ae1e.msi
    [2011/01/24 17:16:02 | 000,014,336 | R--- | M] () -- C:\Windows\Installer\b0eb5.msp
    [2014/04/24 18:01:25 | 000,704,512 | ---- | M] () -- C:\Windows\Installer\d72fe16.msi
    [2009/07/22 01:08:34 | 000,262,144 | ---- | M] () -- C:\Windows\Installer\ede15b4.msi
    [2015/01/01 20:09:31 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\SourceHash{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
    [2015/03/05 04:03:45 | 000,028,672 | ---- | M] () -- C:\Windows\Installer\SourceHash{26784146-6E05-3FF9-9335-786C7C0FB5BE}
    [2015/03/01 21:25:48 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F83218031F0}
    [2015/02/21 04:17:53 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\SourceHash{37B8F9C7-03FB-3253-8781-2517C99D7C00}
    [2015/03/01 21:26:33 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\SourceHash{4A03706F-666A-4037-7777-5F2748764D10}
    [2015/02/06 15:40:01 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\SourceHash{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
    [2015/02/21 04:18:07 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\SourceHash{B175520C-86A2-35A7-8619-86DC379688B9}
    [2015/02/21 04:18:00 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\SourceHash{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
    [2015/02/21 04:17:46 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\SourceHash{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
    [2014/01/14 13:06:57 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}.SchedServiceConfig.rmi
    [2013/03/12 08:51:04 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{2F72F540-1F60-4266-9506-952B21D6640D}.SchedServiceConfig.rmi
    [2011/06/07 08:54:07 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{439760BC-7737-4386-9B1D-A90A3E8A22EA}.SchedServiceConfig.rmi
    [2011/12/07 12:59:19 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{75104836-CAC7-444E-A39E-3F54151942F5}.SchedServiceConfig.rmi
    [2013/02/19 09:54:24 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}.SchedServiceConfig.rmi
    [2011/05/07 05:57:14 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}.SchedServiceConfig.rmi
    [2014/02/12 09:05:35 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}.SchedServiceConfig.rmi
    [18 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

    < %windir%\system32\tasks\*.* >

    < %windir%\system32\tasks\*.* /64 >
    [2015/02/05 02:00:41 | 000,003,768 | ---- | M] () -- C:\Windows\SysNative\tasks\Adobe Flash Player Updater
    [2012/05/07 08:34:51 | 000,003,506 | ---- | M] () -- C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Debbie-PC-Debbie
    [2013/08/28 19:27:03 | 000,003,506 | ---- | M] () -- C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Debbie-PC-Nickel
    [2015/02/06 15:35:21 | 000,003,642 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore
    [2015/02/06 15:35:22 | 000,003,894 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA
    [2011/06/01 10:08:16 | 000,003,626 | ---- | M] () -- C:\Windows\SysNative\tasks\HPCustParticipation HP Officejet Pro 8500 A910
    [2011/05/25 10:42:02 | 000,003,040 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft_Hardware_Launch_IPoint_exe
    [2011/09/14 09:01:31 | 000,003,128 | ---- | M] () -- C:\Windows\SysNative\tasks\{46144598-8076-415D-B807-55385BDE9E45}
    [2011/05/25 10:42:39 | 000,003,036 | ---- | M] () -- C:\Windows\SysNative\tasks\{FE5719B6-EE82-4484-9C08-158CFE5851BD}

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\*. /mp /s >

    < MD5 for: ATAPI.SYS >
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
    [2002/01/30 14:49:08 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=48BC2767CEEC6E8B0E15B0289F18232E -- C:\I386\atapi.sys

    < MD5 for: CSRSS.EXE >
    [2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
    [2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
    [2001/08/18 06:00:00 | 000,004,096 | ---- | M] (Microsoft Corporation) MD5=B82CD0AD8B605F64EAD6C46D70A2C993 -- C:\I386\CSRSS.EXE

    < MD5 for: EXPLORER.EXE >
    [2011/05/07 08:21:23 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
    [2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2011/05/07 08:21:46 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2011/05/07 08:21:23 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
    [2011/05/07 08:21:28 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2011/05/07 08:21:46 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2011/05/07 08:21:28 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2011/05/07 08:21:46 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2011/05/07 08:21:28 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2011/05/07 08:21:46 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011/05/07 08:21:23 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
    [2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2011/05/07 08:21:28 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
    [2011/05/07 08:21:23 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

    < MD5 for: MSWSOCK.DLL >
    [2009/07/13 20:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
    [2001/08/18 06:00:00 | 000,228,352 | ---- | M] (Microsoft Corporation) MD5=18A8BE5A66B93F9C9615F7D4C148EDE2 -- C:\I386\MSWSOCK.DLL
    [2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
    [2013/09/06 21:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
    [2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
    [2013/09/07 21:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\SysNative\mswsock.dll
    [2013/09/07 21:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
    [2013/09/06 21:24:39 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
    [2013/09/07 21:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll
    [2013/09/07 21:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll
    [2009/07/13 20:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

    < MD5 for: NAPINSP.DLL >
    [2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
    [2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
    [2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
    [2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

    < MD5 for: NLAAPI.DLL >
    [2009/07/13 20:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
    [2012/01/13 02:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
    [2010/11/20 07:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
    [2012/10/03 11:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
    [2010/11/20 08:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
    [2012/10/18 15:31:53 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=39170EE9D22ED3DAF45501ED19E145D6 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22893_none_c5de055b3ae94990\nlaapi.dll
    [2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
    [2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
    [2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.18685_none_c561372a21c1c35c\nlaapi.dll
    [2014/12/05 23:18:18 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=5A6A55BB31693D2D7064D7F44ADDB98D -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22893_none_d032afad6f4a0b8b\nlaapi.dll
    [2009/07/13 20:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll
    [2012/10/03 12:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll
    [2014/12/05 22:50:19 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=FE48346938C1CDDDF4E4097DB9B99764 -- C:\Windows\SysWOW64\nlaapi.dll
    [2014/12/05 22:50:19 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=FE48346938C1CDDDF4E4097DB9B99764 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.18685_none_cfb5e17c56228557\nlaapi.dll

    < MD5 for: NWPROVAU.DLL >
    [2001/08/18 06:00:00 | 000,133,632 | ---- | M] (Microsoft Corporation) MD5=AC38BB5E8F2666CB8CC0AE2D37FCFA71 -- C:\I386\NWPROVAU.DLL
     
  7. clester

    clester Thread Starter

    Joined:
    Dec 11, 2008
    Messages:
    190
    < MD5 for: PNRPNSP.DLL >
    [2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
    [2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
    [2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
    [2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

    < MD5 for: PRINTISOLATIONHOST.EXE >
    [2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
    [2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

    < MD5 for: REGEDIT.EXE >
    [2001/08/18 06:00:00 | 000,134,144 | ---- | M] (Microsoft Corporation) MD5=21AC6A552BE4E0AFCD2AF628780108F0 -- C:\I386\REGEDIT.EXE
    [2009/07/13 20:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
    [2009/07/13 20:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
    [2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
    [2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

    < MD5 for: SERVICES.EXE >
    [2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2001/08/18 06:00:00 | 000,101,376 | ---- | M] (Microsoft Corporation) MD5=E3DF4A0252D287C44606EE55355E1623 -- C:\I386\SERVICES.EXE

    < MD5 for: SVCHOST.EXE >
    [2001/08/18 06:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\I386\SVCHOST.EXE
    [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2014/11/21 07:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
    [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: USER32.DLL >
    [2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
    [2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    [2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [2001/08/18 06:00:00 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=BE57A5C3ABD240514B98F6BCA872FB21 -- C:\I386\USER32.DLL
    [2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    [2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
    [2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

    < MD5 for: USERINIT.EXE >
    [2001/08/18 06:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=585398603F570F9705774D65D292E5D1 -- C:\I386\USERINIT.EXE
    [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2014/11/21 07:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
    [2014/03/04 06:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
    [2014/03/04 04:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
    [2014/07/16 21:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
    [2014/07/16 21:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
    [2014/07/15 22:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
    [2011/05/07 08:21:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2002/02/21 10:54:16 | 000,429,056 | ---- | M] (Microsoft Corporation) MD5=C605FFF733AAD029D6B533E609C8A6E6 -- C:\I386\winlogon.exe
    [2011/05/07 08:21:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < MD5 for: WINRNR.DLL >
    [2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
    [2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
    [2001/08/18 06:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=54332DB2DC5B851709CD78D2DA22F2FB -- C:\I386\WINRNR.DLL
    [2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
    [2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

    < MD5 for: WSHELPER.DLL >
    [2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
    [2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
    [2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
    [2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2015/02/17 17:45:00 | 000,843,592 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2015/02/17 17:45:00 | 000,843,592 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2015/02/17 17:45:00 | 000,843,592 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2015/02/17 17:45:00 | 000,843,592 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2015/01/14 00:47:41 | 000,813,744 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2015/01/14 00:47:41 | 000,813,744 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2015/02/17 17:45:00 | 000,843,592 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2015/02/17 17:45:00 | 000,843,592 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2015/02/17 17:45:00 | 000,843,592 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2015/02/17 17:45:00 | 000,843,592 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2015/01/11 20:48:50 | 000,718,848 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2015/01/11 20:48:50 | 000,718,848 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2015/01/11 20:48:50 | 000,718,848 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2015/01/14 00:47:41 | 000,813,744 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2015/01/14 00:47:41 | 000,813,744 | ---- | M] (Microsoft Corporation)

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < C:\Windows\assembly\tmp\U\*.* /s >
    [2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
    [2009/07/14 00:08:49 | 000,032,656 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/08/16 17:42:58 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    [2011/08/16 17:42:59 | 000,000,898 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/02 10:04:15 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

    < %Temp%\smtmp\* \s >

    < %Temp%\smtmp\1\*.* >

    < %Temp%\smtmp\2\*.* >

    < %Temp%\smtmp\3\*.* >

    < %Temp%\smtmp\4\*.* >

    < dir "%systemdrive%\*" /S /A:L /C >
    Volume in drive C is OS
    Volume Serial Number is B6A8-4E31
    Directory of C:\
    07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
    0 File(s) 0 bytes
    Directory of C:\ProgramData
    07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
    07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
    07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
    07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\ProgramData\Oracle\Java\javapath
    03/01/2015 09:27 PM <SYMLINK> java.exe [C:\Program Files (x86)\Java\jre1.8.0_31\bin\java.exe]
    03/01/2015 09:27 PM <SYMLINK> javaw.exe [C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe]
    03/01/2015 09:27 PM <SYMLINK> javaws.exe [C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaws.exe]
    3 File(s) 0 bytes
    Directory of C:\Users
    07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
    07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
    0 File(s) 0 bytes
    Directory of C:\Users\Administrator
    05/17/2011 12:51 PM <JUNCTION> Application Data [C:\Users\Administrator\AppData\Roaming]
    05/17/2011 12:51 PM <JUNCTION> Cookies [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies]
    05/17/2011 12:51 PM <JUNCTION> Local Settings [C:\Users\Administrator\AppData\Local]
    05/17/2011 12:51 PM <JUNCTION> My Documents [C:\Users\Administrator\Documents]
    05/17/2011 12:51 PM <JUNCTION> NetHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    05/17/2011 12:51 PM <JUNCTION> PrintHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    05/17/2011 12:51 PM <JUNCTION> Recent [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent]
    05/17/2011 12:51 PM <JUNCTION> SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
    05/17/2011 12:51 PM <JUNCTION> Start Menu [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
    05/17/2011 12:51 PM <JUNCTION> Templates [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Administrator\AppData\Local
    05/17/2011 12:51 PM <JUNCTION> Application Data [C:\Users\Administrator\AppData\Local]
    05/17/2011 12:51 PM <JUNCTION> History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
    05/17/2011 12:51 PM <JUNCTION> Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Administrator\Documents
    05/17/2011 12:51 PM <JUNCTION> My Music [C:\Users\Administrator\Music]
    05/17/2011 12:51 PM <JUNCTION> My Pictures [C:\Users\Administrator\Pictures]
    05/17/2011 12:51 PM <JUNCTION> My Videos [C:\Users\Administrator\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\All Users
    07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
    07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
    07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
    07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\All Users\Oracle\Java\javapath
    03/01/2015 09:27 PM <SYMLINK> java.exe [C:\Program Files (x86)\Java\jre1.8.0_31\bin\java.exe]
    03/01/2015 09:27 PM <SYMLINK> javaw.exe [C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe]
    03/01/2015 09:27 PM <SYMLINK> javaws.exe [C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaws.exe]
    3 File(s) 0 bytes
    Directory of C:\Users\Debbie
    05/12/2011 05:19 PM <JUNCTION> Application Data [C:\Users\Debbie\AppData\Roaming]
    05/12/2011 05:19 PM <JUNCTION> Cookies [C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Cookies]
    05/12/2011 05:19 PM <JUNCTION> Local Settings [C:\Users\Debbie\AppData\Local]
    05/12/2011 05:19 PM <JUNCTION> My Documents [C:\Users\Debbie\Documents]
    05/12/2011 05:19 PM <JUNCTION> NetHood [C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    05/12/2011 05:19 PM <JUNCTION> PrintHood [C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    05/12/2011 05:19 PM <JUNCTION> Recent [C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Recent]
    05/12/2011 05:19 PM <JUNCTION> SendTo [C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\SendTo]
    05/12/2011 05:19 PM <JUNCTION> Start Menu [C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu]
    05/12/2011 05:19 PM <JUNCTION> Templates [C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Debbie\AppData\Local
    05/12/2011 05:19 PM <JUNCTION> Application Data [C:\Users\Debbie\AppData\Local]
    05/12/2011 05:19 PM <JUNCTION> History [C:\Users\Debbie\AppData\Local\Microsoft\Windows\History]
    05/12/2011 05:19 PM <JUNCTION> Temporary Internet Files [C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Debbie\Documents
    05/12/2011 05:19 PM <JUNCTION> My Music [C:\Users\Debbie\Music]
    05/12/2011 05:19 PM <JUNCTION> My Pictures [C:\Users\Debbie\Pictures]
    05/12/2011 05:19 PM <JUNCTION> My Videos [C:\Users\Debbie\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Default
    07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
    07/14/2009 12:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
    07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
    07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
    07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
    07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
    07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
    07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\AppData\Local
    07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
    07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
    07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\Documents
    07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
    07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
    07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Nickel
    03/25/2013 06:03 PM <JUNCTION> Application Data [C:\Users\Nickel\AppData\Roaming]
    03/25/2013 06:03 PM <JUNCTION> Cookies [C:\Users\Nickel\AppData\Roaming\Microsoft\Windows\Cookies]
    03/25/2013 06:03 PM <JUNCTION> Local Settings [C:\Users\Nickel\AppData\Local]
    03/25/2013 06:03 PM <JUNCTION> My Documents [C:\Users\Nickel\Documents]
    03/25/2013 06:03 PM <JUNCTION> NetHood [C:\Users\Nickel\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    03/25/2013 06:03 PM <JUNCTION> PrintHood [C:\Users\Nickel\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    03/25/2013 06:03 PM <JUNCTION> Recent [C:\Users\Nickel\AppData\Roaming\Microsoft\Windows\Recent]
    03/25/2013 06:03 PM <JUNCTION> SendTo [C:\Users\Nickel\AppData\Roaming\Microsoft\Windows\SendTo]
    03/25/2013 06:03 PM <JUNCTION> Start Menu [C:\Users\Nickel\AppData\Roaming\Microsoft\Windows\Start Menu]
    03/25/2013 06:03 PM <JUNCTION> Templates [C:\Users\Nickel\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Nickel\AppData\Local
    03/25/2013 06:03 PM <JUNCTION> Application Data [C:\Users\Nickel\AppData\Local]
    03/25/2013 06:03 PM <JUNCTION> History [C:\Users\Nickel\AppData\Local\Microsoft\Windows\History]
    03/25/2013 06:03 PM <JUNCTION> Temporary Internet Files [C:\Users\Nickel\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Nickel\Documents
    03/25/2013 06:03 PM <JUNCTION> My Music [C:\Users\Nickel\Music]
    03/25/2013 06:03 PM <JUNCTION> My Pictures [C:\Users\Nickel\Pictures]
    03/25/2013 06:03 PM <JUNCTION> My Videos [C:\Users\Nickel\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\nike
    01/05/2015 03:49 PM <JUNCTION> Application Data [C:\Users\nike\AppData\Roaming]
    01/05/2015 03:49 PM <JUNCTION> Cookies [C:\Users\nike\AppData\Roaming\Microsoft\Windows\Cookies]
    01/05/2015 03:49 PM <JUNCTION> Local Settings [C:\Users\nike\AppData\Local]
    01/05/2015 03:49 PM <JUNCTION> My Documents [C:\Users\nike\Documents]
    01/05/2015 03:49 PM <JUNCTION> NetHood [C:\Users\nike\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    01/05/2015 03:49 PM <JUNCTION> PrintHood [C:\Users\nike\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    01/05/2015 03:49 PM <JUNCTION> Recent [C:\Users\nike\AppData\Roaming\Microsoft\Windows\Recent]
    01/05/2015 03:49 PM <JUNCTION> SendTo [C:\Users\nike\AppData\Roaming\Microsoft\Windows\SendTo]
    01/05/2015 03:49 PM <JUNCTION> Start Menu [C:\Users\nike\AppData\Roaming\Microsoft\Windows\Start Menu]
    01/05/2015 03:49 PM <JUNCTION> Templates [C:\Users\nike\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\nike\AppData\Local
    01/05/2015 03:49 PM <JUNCTION> Application Data [C:\Users\nike\AppData\Local]
    01/05/2015 03:49 PM <JUNCTION> History [C:\Users\nike\AppData\Local\Microsoft\Windows\History]
    01/05/2015 03:49 PM <JUNCTION> Temporary Internet Files [C:\Users\nike\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\nike\Documents
    01/05/2015 03:49 PM <JUNCTION> My Music [C:\Users\nike\Music]
    01/05/2015 03:49 PM <JUNCTION> My Pictures [C:\Users\nike\Pictures]
    01/05/2015 03:49 PM <JUNCTION> My Videos [C:\Users\nike\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Public\Documents
    07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
    07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
    07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
    0 File(s) 0 bytes
    Total Files Listed:
    6 File(s) 0 bytes
    96 Dir(s) 788,666,372,096 bytes free

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:1CE11B51
    < End of report >
     
  8. clester

    clester Thread Starter

    Joined:
    Dec 11, 2008
    Messages:
    190
    OTL Extras logfile created on: 3/11/2015 8:27:00 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Debbie\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17633)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.75 Gb Total Physical Memory | 3.79 Gb Available Physical Memory | 65.92% Memory free
    11.50 Gb Paging File | 9.09 Gb Available in Paging File | 79.04% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 917.66 Gb Total Space | 735.15 Gb Free Space | 80.11% Space Free | Partition Type: NTFS

    Computer Name: DEBBIE-PC | User Name: Debbie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .reg [@ = regfile] -- regedit.exe "%1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .reg [@ = regfile] -- regedit.exe "%1"

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [open] -- regedit.exe "%1"
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V"
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [open] -- regedit.exe "%1"
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V"
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{016B44BD-AEF7-4CEA-80BB-EC99B95A0C4E}" = rport=138 | protocol=17 | dir=out | app=system |
    "{02679281-4CF4-49D5-B18B-2FABCA7B88B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{06B70B88-3648-49C0-A266-6557B75FD8FF}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
    "{205A9BAA-56DC-468E-87E8-345477E50C92}" = rport=139 | protocol=6 | dir=out | app=system |
    "{21AACFB6-B043-44EE-A308-353ACF4FB7F2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{4E2244A1-0436-4F8B-BC93-61395AD61193}" = lport=445 | protocol=6 | dir=in | app=system |
    "{5A1CE1A2-2AB7-42B0-BC40-0A632D532857}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{67781982-F04B-42F2-B27F-894FD63EE09D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{6B9B0A50-4F83-4151-9B5E-A55487903393}" = lport=137 | protocol=17 | dir=in | app=system |
    "{6CDFFA60-5575-4318-8757-5AEF1BCF527B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{88E2BF88-7F52-4CBF-8D40-A281CFF581AF}" = rport=137 | protocol=17 | dir=out | app=system |
    "{A720CD25-3AB9-4E20-96BA-564551C80424}" = lport=139 | protocol=6 | dir=in | app=system |
    "{AF004018-E8C7-43FF-8770-8D4988E650B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D96D0465-F7BD-48C5-A50D-F88CFF0400D5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{E653519E-F083-40B8-8EE7-EFC1AA7793DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F32956C2-73E3-4FCF-A730-1F23D9DA4E3D}" = rport=445 | protocol=6 | dir=out | app=system |
    "{F77DF0C0-1BCE-4EBB-91CD-C5374D3C3144}" = lport=138 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01BF698D-D919-4E33-9F7C-E750EE49F7DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{01D7DC63-3607-4A7B-89C1-E40C083CFD92}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{038B08BB-21EC-4534-820B-057654E073F2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ava\reactor.exe |
    "{0BB5351D-F086-4CD9-A709-2EFF4668D028}" = protocol=58 | dir=in | [email protected],-28545 |
    "{0C3549C1-4971-40F0-BC15-36E0321D2AD6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{0D6EEEFE-7334-4C23-A506-C77C1B7FCF69}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
    "{10AD3295-CB96-4D77-B1AE-C47A2299AA4B}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
    "{10C707D1-C718-4B34-85F9-07C68673E508}" = protocol=1 | dir=in | [email protected],-28543 |
    "{118FA0AE-50C5-4839-938D-2DD21FCF13F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
    "{12EFCA9B-E58B-4D2E-9B2D-5801BDD6338D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
    "{13FA6B31-72ED-49CC-BFFC-D87576A7F807}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{26BAB6CB-5215-4AB4-A4F2-A6783B3C1C45}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
    "{28E5986F-3775-4773-8220-1D84B0FEFCD2}" = protocol=1 | dir=out | [email protected],-28544 |
    "{2A0410B3-322D-41FB-AD76-467BCF9E8A0E}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
    "{2EBD66D9-41FB-4522-BE05-2D34CEE36815}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe |
    "{30C22F1B-CFC6-4BA8-A6A7-EC4A08831EC2}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
    "{36832DCA-00D6-4277-9685-1608E593816F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{3BC71D26-54DD-4175-BA47-C557B6F005A2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{3E34179A-4DD8-45C1-9B54-C073E593AFCC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{4460B086-FFF8-4C2E-A9B1-F2E6AB8E36B1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{45771740-7B3B-4E16-9BEE-76FD4FAD6499}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{47889701-F67B-4808-A352-173B3D451C10}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
    "{4C8913CB-B4AA-4387-8559-6B23D483B224}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{5D9C4E7D-4A1E-4B3F-8DDB-3FAB03E1324B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{65B81444-9F26-47D0-BF8C-EE7FC819CD8E}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
    "{6B6FEEE0-0387-4D5C-8F02-0A2BDEA161C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{704E99DF-5ED3-4C26-A90E-2A58AE351C2D}" = protocol=58 | dir=out | [email protected],-28546 |
    "{70BB1EAD-8BBD-4386-83A9-20A105088779}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{7693BDBE-1C8F-4BEF-ABAB-771DB15714E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{778E75AD-B04D-40B4-A6A6-7677ED8019CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{7B8DCAA9-876C-47F4-AD4E-9399856BC88B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
    "{81D9177C-6147-4D8F-8AE4-764E86608EAA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{887C3D7F-60BA-40AD-AE2F-ABE9CDE68EF8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{8898375A-586E-40C0-9BAC-037F11F71DFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
    "{890E21B1-D9B7-4E77-9510-AFEF6579868B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8EE81C95-D72D-4021-A580-68B94F56C51E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{90C7A672-1ED2-44B2-B797-78998F2CC4A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
    "{9126334E-B38C-4173-9353-52F0129FB48A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
    "{944A0451-0008-4D15-8BB0-728364DC8A99}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{9D8C0E70-FE8C-4754-A7DD-3A337B1D1CDD}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
    "{A0F5BFD8-D715-4A43-BBB0-7DA14A68C955}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{A65638D7-F6A0-4CD8-B280-083FE5FE2A2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe |
    "{AA7804F2-A262-4071-BA87-18014E69AD23}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{B14EC4C4-CBEF-4F4D-BAB1-CB7F9997F2CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{B81DACF1-EBF5-4056-88CD-78DB6C6F1D47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B8294F51-38C6-45D8-A9A6-80A7336264E8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{B83BE22F-7320-479E-967E-60BF6B81873D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{D2DA891B-CB0D-42AE-A9EA-1E08AC224FD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E7446141-70BC-4E6F-8890-D51D0C542085}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
    "{ED6DD247-3556-47C7-BD22-B64A54A90837}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ava\reactor.exe |
    "TCP Query User{2FAF5507-87BF-4B61-A3A7-F5CE70C06C74}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "TCP Query User{7224A463-65B9-4BAB-8171-782BD273FADD}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
    "TCP Query User{750A6CEE-CE20-4B66-9A55-765D55BD224B}C:\program files (x86)\couponalert_2p\bar\1.bin\2pmedint.exe" = protocol=6 | dir=in | app=c:\program files (x86)\couponalert_2p\bar\1.bin\2pmedint.exe |
    "TCP Query User{82A7EEFA-BFA6-45DD-8069-A385930C6FDA}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
    "TCP Query User{A89E8C05-66F0-4FD2-AA05-827933CD7E7B}C:\program files (x86)\act\act for windows\actsage.exe" = protocol=6 | dir=in | app=c:\program files (x86)\act\act for windows\actsage.exe |
    "TCP Query User{D7835CF1-B7AD-456F-80EF-3EF55A990163}C:\program files (x86)\act\act for windows\actsage.exe" = protocol=6 | dir=in | app=c:\program files (x86)\act\act for windows\actsage.exe |
    "UDP Query User{4D9926C3-A422-4264-87B3-205BB8C50B9B}C:\program files (x86)\couponalert_2p\bar\1.bin\2pmedint.exe" = protocol=17 | dir=in | app=c:\program files (x86)\couponalert_2p\bar\1.bin\2pmedint.exe |
    "UDP Query User{57F98D06-B6E4-4C75-9EB8-0DA198057972}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
    "UDP Query User{86F253B6-2BCC-4A3D-8B69-2B11511336BC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "UDP Query User{919F3C52-281B-489C-98DA-0B86AEDA05E8}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
    "UDP Query User{9FE581BD-666B-4E62-8BCB-A664B31633C4}C:\program files (x86)\act\act for windows\actsage.exe" = protocol=17 | dir=in | app=c:\program files (x86)\act\act for windows\actsage.exe |
    "UDP Query User{B7A2C744-13D0-46BE-A9AD-81DFE8841E1A}C:\program files (x86)\act\act for windows\actsage.exe" = protocol=17 | dir=in | app=c:\program files (x86)\act\act for windows\actsage.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{0308919C-E317-4293-8D3C-97EF307BCDBC}" = HP Officejet Pro 8500 A910 Product Improvement Study
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{2180B33F-3225-423E-BBC1-7798CFD3CD1F}" = Microsoft SQL Server 2008 R2 Native Client
    "{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
    "{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
    "{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
    "{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
    "{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
    "{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
    "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{64A3A4F4-B792-11D6-A78A-00B0D0170600}" = Java SE Development Kit 7 Update 60 (64-bit)
    "{64A3A4F4-B792-11D6-A78A-00B0D0180050}" = Java SE Development Kit 8 Update 5 (64-bit)
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.8
    "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
    "{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}" = Microsoft SQL Server 2008 R2 Setup (English)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}" = iTunes
    "{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
    "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
    "{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
    "{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E06357A3-5F44-B1AE-F4BA-9DAC26A209C9}" = ccc-utility64
    "{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}" = HP Officejet Pro 8500 A910 Basic Device Software
    "{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
    "{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support
    "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D29B7E9-CDFF-807D-1D4E-FFB77D809836}" = CCC Help Italian
    "{144D9816-818D-C36E-33A0-889A19C5EDA6}" = CCC Help Portuguese
    "{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18BED011-2EEF-1148-E90C-D6556565B2EC}" = CCC Help Polish
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20C2435C-5B06-2E12-5087-116D8EF658B8}" = CCC Help Korean
    "{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}" = Apple Application Support
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.1
    "{2629C583-7B37-4d32-ABEE-F7731C371D96}" = HP Smart Print 1.0.6.0
    "{26791563-0BDF-1FBE-CC21-994A09559CCE}" = Catalyst Control Center Graphics Previews Common
    "{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31
    "{27E6D8B1-70BC-4981-AE4D-B7C73475C416}" = XSplit Gamecaster
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3A1F3A32-7E9D-4AD2-A2E2-DFC98BAA9DC7}" = XSplit Broadcaster
    "{3A25676C-038C-504A-FA32-F971B36BF7EE}" = Catalyst Control Center Graphics Previews Vista
    "{3B8FF075-F41B-89DD-41F7-B90A6A01B8F8}" = Catalyst Control Center Graphics Full New
    "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
    "{44453D07-5BDB-45F8-E3DF-20A7F76407D0}" = CCC Help Czech
    "{466E1C7A-AEAF-2F55-26E2-A727B761AAB0}" = CCC Help Dutch
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{50ED6ABB-078C-8B17-1181-DC6DDB4E52DC}" = Catalyst Control Center InstallProxy
    "{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
    "{569E52E4-5043-4F93-AE2B-6D8E489D4AAB}" = Sage ACT! Pro 2011
    "{56E55229-CBE7-211E-0CD1-AB3712AF177A}" = CCC Help Danish
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5CE2D957-59C2-4489-481E-2E38EAE59762}" = CCC Help Spanish
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{5DEB2BA0-0E1F-D5CB-A0C4-F738590BE973}" = Catalyst Control Center Core Implementation
    "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
    "{61933675-EFC7-4190-90B6-5AD56E1D9294}" = Marketsplash Print Software
    "{6675371D-22CD-F426-DC4C-9DDF594D0BBE}" = CCC Help Chinese Traditional
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6839108F-BC82-30BC-776F-D635EDA2B3D4}" = CCC Help Russian
    "{6B1ADEE1-1595-82C4-6FB9-97B65F68E9EE}" = CCC Help Swedish
    "{6B206787-2964-D9D8-A1F6-7D98B6BCD7F9}" = CCC Help Hungarian
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73EFFD76-009E-A554-AA1F-106DBE475525}" = CCC Help French
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{775FCAEB-C804-02B9-135F-D9A189A1CCDC}" = CCC Help English
    "{77D41B26-31DE-4EBA-F974-26D67B728FDB}" = CCC Help Turkish
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
    "{833FE2B0-DCD7-8995-6374-F69F1A84055F}" = CCC Help German
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help
    "{89263C19-557E-4D23-AAD7-113F6175DFC1}" = Dell MusicStage
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8D0BED50-BD2B-5EBA-7F04-5513F1B9EC74}" = CCC Help Thai
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{98C7AEBC-350A-52D6-6886-76FB98C6A503}" = Catalyst Control Center Graphics Full Existing
    "{99072AB4-D795-44D5-9D65-E3C9F8322C97}" = TomTom HOME
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
    "{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}" = RuneScape Launcher 1.2.2
    "{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
    "{BE6F906F-9F86-5CED-E122-8C6A162295B8}" = Skins
    "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
    "{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
    "{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Internet Security
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
    "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D1E89604-DFBE-2DF8-BE82-A0076107AA32}" = CCC Help Finnish
    "{D2E80193-7318-4707-A9DE-49AF663ADA73}" = ResumeMaker Professional
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}" = Curse
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
    "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
    "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
    "{E50D9AC2-EB3C-3161-FF97-4E800D106D0E}" = CCC Help Norwegian
    "{E50E17ED-B85A-49BF-9F07-2BE5017A98F8}" = VIPRE Internet Security
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E65DADC9-D6B1-6706-41DE-FA19149869E5}" = Catalyst Control Center Graphics Light
    "{EBF60699-3D2E-6677-D504-5B4846171C8E}" = ccc-core-static
    "{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F3FCB08B-E752-444D-86A0-0634A4F3B23D}" = System Requirements Lab CYRI
    "{F4044E58-9707-2918-1DA9-D3E400F0B699}" = CCC Help Japanese
    "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
    "{F70ACEA1-05C5-6D98-9C0C-F3AD818E1E33}" = CCC Help Chinese Standard
    "{F835D378-5073-8C86-70EF-9A3B739F9897}" = CCC Help Greek
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFD3A1EB-F550-3309-7AFE-17E4BB778423}" = Catalyst Control Center Localization All
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
    "Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
    "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Google Chrome" = Google Chrome
    "InstallShield_{569E52E4-5043-4F93-AE2B-6D8E489D4AAB}" = Sage ACT! Pro 2011
    "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "League of Legends 3.0.0" = League of Legends
    "Macro Recorder_is1" = Macro Recorder 5.6.5
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
    "NoIPDUC" = No-IP DUC
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
    "VLC media player" = VideoLAN VLC media player 0.8.6f
    "WildTangent dell Master Uninstall" = WildTangent Games
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 5.10 (32-bit)
    "YTdetect" = Yahoo! Detect

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2402950803-3680726036-3035458503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "MK LOL" = MK LOL
    "MKLOL" = MKLOL
    "MyFreeCodec" = MyFreeCodec

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 3/4/2015 8:06:21 PM | Computer Name = Debbie-PC | Source = ACT! Scheduler | ID = 0
    Description = Service cannot be started. System.Exception: Unable to start scheduler
    service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[]
    args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error - 3/4/2015 9:10:35 PM | Computer Name = Debbie-PC | Source = ACT! Scheduler | ID = 0
    Description = Service cannot be started. System.Exception: Unable to start scheduler
    service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[]
    args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error - 3/4/2015 9:16:45 PM | Computer Name = Debbie-PC | Source = ACT! Scheduler | ID = 0
    Description = Service cannot be started. System.Exception: Unable to start scheduler
    service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[]
    args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error - 3/5/2015 5:30:22 AM | Computer Name = Debbie-PC | Source = ACT! Scheduler | ID = 0
    Description = Service cannot be started. System.Exception: Unable to start scheduler
    service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[]
    args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error - 3/6/2015 11:17:48 PM | Computer Name = Debbie-PC | Source = .NET Runtime | ID = 1026
    Description =

    Error - 3/6/2015 11:17:49 PM | Computer Name = Debbie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp:
    0x515663e0 Faulting module name: WebKit.dll, version: 6531.9.0.0, time stamp: 0x51566370
    Exception
    code: 0xc0000005 Fault offset: 0x000a9965 Faulting process id: 0x1f0c Faulting application
    start time: 0x01d0587fb0af7746 Faulting application path: C:\Riot Games\League of
    Legends\RADS\projects\lol_air_client\releases\0.0.1.131\deploy\LolClient.exe Faulting
    module path: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.131\deploy\Adobe
    AIR\Versions\1.0\Resources\WebKit.dll Report Id: 880e41d9-c478-11e4-99d8-f04da2eae79e

    Error - 3/8/2015 4:53:06 AM | Computer Name = Debbie-PC | Source = ACT! Scheduler | ID = 0
    Description = Service cannot be started. System.Exception: Unable to start scheduler
    service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[]
    args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error - 3/8/2015 11:17:59 PM | Computer Name = Debbie-PC | Source = Application Hang | ID = 1002
    Description = The program rads_user_kernel.exe version 0.0.0.0 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1f7c Start
    Time: 01d05a179e391bac Termination Time: 1 Application Path: C:\Riot Games\League
    of Legends\RADS\system\rads_user_kernel.exe Report Id: e03faac6-c60a-11e4-b6c6-f04da2eae79e

    Error - 3/10/2015 5:41:11 PM | Computer Name = Debbie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: LoLPatcher.exe, version: 0.9.0.98, time
    stamp: 0x54e6b90e Faulting module name: LoLPatcher.exe, version: 0.9.0.98, time
    stamp: 0x54e6b90e Exception code: 0xc0000005 Fault offset: 0x000545aa Faulting process
    id: 0x1848 Faulting application start time: 0x01d05b7aeac146c2 Faulting application
    path: C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.22\deploy\LoLPatcher.exe
    Faulting
    module path: C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.22\deploy\LoLPatcher.exe
    Report
    Id: 2a76d84c-c76e-11e4-b6c6-f04da2eae79e

    Error - 3/11/2015 9:13:31 AM | Computer Name = Debbie-PC | Source = ACT! Scheduler | ID = 0
    Description = Service cannot be started. System.Exception: Unable to start scheduler
    service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[]
    args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    [ Dell Events ]
    Error - 8/27/2011 11:53:26 AM | Computer Name = Debbie-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/1/2011 9:42:57 AM | Computer Name = Debbie-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/1/2011 9:42:57 AM | Computer Name = Debbie-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/3/2011 12:32:51 PM | Computer Name = Debbie-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/3/2011 12:32:51 PM | Computer Name = Debbie-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/9/2011 9:14:12 AM | Computer Name = Debbie-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/9/2011 9:14:12 AM | Computer Name = Debbie-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/9/2011 4:22:08 PM | Computer Name = Debbie-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/9/2011 4:22:08 PM | Computer Name = Debbie-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/14/2011 9:47:33 AM | Computer Name = Debbie-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ System Events ]
    Error - 3/3/2015 10:33:44 PM | Computer Name = Debbie-PC | Source = NetBT | ID = 4321
    Description = The name "DEBBIE-PC :20" could not be registered on the interface
    with IP address 192.168.1.72. The computer with the IP address 192.168.1.73 did
    not allow the name to be claimed by this computer.

    Error - 3/4/2015 8:06:12 PM | Computer Name = Debbie-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:04:35 PM on ?3/?4/?2015 was unexpected.

    Error - 3/4/2015 9:20:22 PM | Computer Name = Debbie-PC | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 70. The internal error state
    is 105.

    Error - 3/4/2015 9:20:24 PM | Computer Name = Debbie-PC | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 70. The internal error state
    is 105.

    Error - 3/5/2015 8:31:20 PM | Computer Name = Debbie-PC | Source = DCOM | ID = 10016
    Description =

    Error - 3/5/2015 8:31:20 PM | Computer Name = Debbie-PC | Source = DCOM | ID = 10016
    Description =

    Error - 3/5/2015 8:42:31 PM | Computer Name = Debbie-PC | Source = DCOM | ID = 10016
    Description =

    Error - 3/5/2015 8:42:31 PM | Computer Name = Debbie-PC | Source = DCOM | ID = 10016
    Description =

    Error - 3/8/2015 4:52:56 AM | Computer Name = Debbie-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 3:51:53 AM on ?3/?8/?2015 was unexpected.

    Error - 3/8/2015 11:07:34 PM | Computer Name = Debbie-PC | Source = Schannel | ID = 36887
    Description = The following fatal alert was received: 40.


    < End of report >
     
  9. clester

    clester Thread Starter

    Joined:
    Dec 11, 2008
    Messages:
    190
    Security Check never created a file to copy and paste
     
  10. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,047
    Its okay about Security Check ;)

    As for the above log, there are a few entries I'm curious about, so lets run some automated tools to see what they bring up:

    ---------------

    [​IMG] Please download Malwarebytes Anti-Malware to your desktop
    • Double-click mbam-setup-version.exe and follow the prompts to install the program.
    • At the end, be sure to uncheck the following:
      1. Enable free trial of Malwarebytes Anti-Malware Premium
    • Then click Finish.
    • If an update is found, you will be prompted to download and install the latest version.
    • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
    • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
    • Reboot your computer if prompted.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

    ----------------

    Go here, to download and save AdwCleaner.exe to your desktop.

    [​IMG]

    Just click on the Download Now @BleepingComputer

    Note: It looks like a gray bug with 6 black legs.

    Close all open windows first, then double-click AdwCleaner.exe to load its main window.

    Click the Scan button, then click "OK".

    Allow the scan process to finish.

    If it appears to freeze, be patient for a few minutes.

    When it's finished, click on the Report button.

    Return here to your thread, then copy-and-paste the ENTIRE log here


    Thanks

    eddie
     
  11. clester

    clester Thread Starter

    Joined:
    Dec 11, 2008
    Messages:
    190
    AdwCleaner v4.112 - Logfile created 12/03/2015 at 09:33:28
    # Updated 09/03/2015 by Xplode
    # Database : 2015-03-05.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Debbie - DEBBIE-PC
    # Running from : C:\Users\Debbie\Downloads\adwcleaner_4.112.exe
    # Option : Cleaning
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    ***** [ Scheduled tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\couponalert.dl.mywebsearch.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mywebsearch.com
    ***** [ Web browsers ] *****
    -\\ Internet Explorer v11.0.9600.17689

    -\\ Google Chrome v40.0.2214.115

    *************************
    AdwCleaner[R0].txt - [26921 bytes] - [09/06/2014 09:14:40]
    AdwCleaner[R1].txt - [977 bytes] - [10/06/2014 09:19:45]
    AdwCleaner[R2].txt - [1103 bytes] - [25/06/2014 05:31:32]
    AdwCleaner[R3].txt - [5303 bytes] - [01/01/2015 10:56:30]
    AdwCleaner[R4].txt - [5363 bytes] - [01/01/2015 13:42:54]
    AdwCleaner[R5].txt - [5544 bytes] - [16/01/2015 11:13:25]
    AdwCleaner[R6].txt - [1860 bytes] - [03/02/2015 10:56:16]
    AdwCleaner[R7].txt - [1741 bytes] - [04/03/2015 19:09:22]
    AdwCleaner[R8].txt - [1795 bytes] - [12/03/2015 09:29:04]
    AdwCleaner[S0].txt - [26275 bytes] - [09/06/2014 09:16:09]
    AdwCleaner[S1].txt - [1037 bytes] - [10/06/2014 09:36:30]
    AdwCleaner[S2].txt - [5685 bytes] - [16/01/2015 11:16:03]
    AdwCleaner[S3].txt - [1818 bytes] - [03/02/2015 11:00:23]
    AdwCleaner[S4].txt - [1730 bytes] - [12/03/2015 09:33:28]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1789 bytes] ##########
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,047
    Okay, been looking deeper at the logs, and something may be fishy. So, can you run ComboFix, to see if it picks it up. It may be legit, as the file is in a different place.

    Also, did you install these programs

    No-IP DUC
    Macro Recorder 5.6.5


    Still looking at some stuff whilst you run the scan :)

    Delete any copies of Combofix that you have.

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    eddie
     
  13. clester

    clester Thread Starter

    Joined:
    Dec 11, 2008
    Messages:
    190
    ComboFix 15-03-09.01 - Debbie 03/13/2015 9:16.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.2109 [GMT -5:00]
    Running from: c:\users\Debbie\Desktop\123.exe
    AV: GFI Software VIPRE *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
    FW: GFI Software VIPRE *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
    SP: GFI Software VIPRE *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\programdata\D4DF3AE592.sys
    c:\users\Debbie\GoToAssistDownloadHelper.exe
    c:\users\Debbie\WINDOWS
    c:\users\Debbie\WINDOWS\crc32.crc
    c:\users\Nickel\WINDOWS
    c:\users\Nickel\WINDOWS\crc32.crc
    c:\users\Public\sdelevURL.tmp
    c:\windows\security\Database\tmp.edb
    c:\windows\SysWow64\Cache
    c:\windows\SysWow64\Cache\075884af680ff6dc.fb
    c:\windows\SysWow64\Cache\227113dfa1ca894d.fb
    c:\windows\SysWow64\Cache\49fbbc5a8678d502.fb
    c:\windows\SysWow64\Cache\613e8ce7ab7106af.fb
    c:\windows\SysWow64\Cache\633a76311867bd11.fb
    c:\windows\SysWow64\Cache\643b4dffda4bf9aa.fb
    c:\windows\SysWow64\Cache\691f14230153a9e1.fb
    c:\windows\SysWow64\Cache\6cb409d7ac73d9f1.fb
    c:\windows\SysWow64\Cache\7614bd6cfa99e546.fb
    c:\windows\SysWow64\Cache\77664b6ccc36be9f.fb
    c:\windows\SysWow64\Cache\881b3593316772f0.fb
    c:\windows\SysWow64\Cache\98657d0579ae1930.fb
    c:\windows\SysWow64\Cache\bc98d1b88121d4a8.fb
    c:\windows\SysWow64\Cache\be121c8bd86e385d.fb
    c:\windows\SysWow64\Cache\d5c0f4e7bbe35bf3.fb
    c:\windows\SysWow64\Cache\d9ca663388d21ec0.fb
    c:\windows\SysWow64\Cache\f2cda51fd108941f.fb
    c:\windows\SysWow64\Cache\f34d8db84131d925.fb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-02-13 to 2015-03-13 )))))))))))))))))))))))))))))))
    .
    .
    2015-03-11 12:53 . 2015-02-03 03:34 693176 ----a-w- c:\windows\system32\winload.efi
    2015-03-11 12:52 . 2015-03-06 05:42 341504 ----a-w- c:\windows\system32\schannel.dll
    2015-03-10 21:44 . 2015-03-10 21:44 -------- d-----w- c:\users\Nickel\nrcachev1
    2015-03-07 02:16 . 2015-03-07 02:16 -------- d-----w- c:\users\Nickel\Ikov
    2015-03-07 02:16 . 2015-03-07 02:16 -------- d-----w- C:\.ikov_cache_32
    2015-03-02 02:26 . 2015-03-02 02:26 -------- d-----w- c:\program files (x86)\Common Files\Java
    2015-02-20 21:30 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
    2015-02-20 21:30 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
    2015-02-20 21:30 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
    2015-02-20 21:30 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
    2015-02-20 21:30 . 2015-02-04 03:16 609280 ----a-w- c:\windows\system32\generaltel.dll
    2015-02-20 21:30 . 2015-02-04 03:16 762368 ----a-w- c:\windows\system32\invagent.dll
    2015-02-20 21:30 . 2015-02-04 03:16 414720 ----a-w- c:\windows\system32\devinv.dll
    2015-02-20 21:30 . 2015-02-04 03:16 894976 ----a-w- c:\windows\system32\appraiser.dll
    2015-02-20 21:30 . 2015-02-04 03:13 1098752 ----a-w- c:\windows\system32\aeinv.dll
    2015-02-20 21:30 . 2015-01-27 23:36 1239720 ----a-w- c:\windows\system32\aitstatic.exe
    2015-02-20 21:30 . 2015-02-04 03:16 227328 ----a-w- c:\windows\system32\aepdu.dll
    2015-02-20 21:30 . 2015-02-04 03:16 192000 ----a-w- c:\windows\system32\aepic.dll
    2015-02-20 21:27 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2015-02-20 21:27 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2015-02-20 21:27 . 2014-10-04 02:10 3722752 ----a-w- c:\windows\system32\mstscax.dll
    2015-02-20 21:27 . 2014-10-04 01:42 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
    2015-02-20 21:27 . 2014-10-04 01:42 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
    2015-02-20 21:26 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
    2015-02-20 21:26 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
    2015-02-17 21:28 . 2015-02-17 21:30 -------- d-----w- c:\users\Debbie\.pdv4_cache
    2015-02-14 03:57 . 2015-02-14 03:59 -------- d-----w- c:\users\Nickel\.pdv4_cache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-03-12 19:35 . 2011-09-17 19:51 900 --sha-w- c:\programdata\KGyGaAvL.sys
    2015-03-12 13:29 . 2014-06-10 15:05 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-03-12 08:04 . 2011-06-06 20:02 122905848 ----a-w- c:\windows\system32\MRT.exe
    2015-03-02 02:25 . 2014-12-26 01:15 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2015-02-05 07:00 . 2012-04-02 15:04 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-02-05 07:00 . 2011-05-25 16:09 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-01-09 13:36 . 2014-07-08 19:34 320936 ----a-w- c:\windows\system32\javaws.exe
    2015-01-09 13:36 . 2014-04-19 20:51 191400 ----a-w- c:\windows\system32\javaw.exe
    2015-01-09 13:36 . 2014-04-19 20:51 190888 ----a-w- c:\windows\system32\java.exe
    2014-12-19 03:06 . 2015-01-14 03:08 210432 ----a-w- c:\windows\system32\profsvc.dll
    2014-12-19 01:46 . 2015-01-14 03:08 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-16 39408]
    "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2013-07-02 248208]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-01-23 31087200]
    "MKLOL"="c:\users\Debbie\Desktop\MKJogo\MKLOL\MK.exe" [2015-02-17 846536]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
    "MK LOL"="c:\program files (x86)\MKJogo\MK IM\Bin\MKIM.exe" [2015-01-10 1092296]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-15 98304]
    "SBAMTray"="c:\program files (x86)\GFI Software\VIPRE\SBAMTray.exe" [2011-12-19 3050352]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848]
    "Act.Outlook.Service"="c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-08-19 28672]
    "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\ActSage.exe" [2010-08-19 337224]
    "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Marketsplash Print Software.lnk - c:\program files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe [2010-10-11 93752]
    Sage ACT! Outlook Sync.lnk - c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Sync.exe D [2010-8-19 91136]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
    @="Service"
    .
    R2 ACT! Scheduler;ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys;c:\windows\SYSNATIVE\DRIVERS\rcmirror.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
    R3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
    R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0150.sys [x]
    R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [x]
    S2 SBAMSvc;VIPRE Internet Security;c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe;c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe [x]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
    S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe;c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
    S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x]
    S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys;c:\windows\SYSNATIVE\DRIVERS\sbwtis.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - SBHIPS
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-03-12 18:41 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 07:00]
    .
    2015-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 01:33]
    .
    2015-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 01:33]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
    "SBRegRebootCleaner"="c:\program files (x86)\GFI Software\VIPRE\SBRC.exe" [2011-12-19 200560]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    Trusted Zone: adobe.com\get
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-LOLReplay Recorder - c:\users\Debbie\Desktop\LOLReplay\LOLRecorder.exe
    Wow6432Node-HKLM-RunOnce-c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe - c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
    c:\users\Nickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk - c:\users\Debbie\AppData\Roaming\Curse Client\Bin\Curse.exe /startup
    Toolbar-Locked - (no file)
    HKLM-Run-KiesTrayAgent - c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.16"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-03-13 09:36:22
    ComboFix-quarantined-files.txt 2015-03-13 14:36
    ComboFix2.txt 2010-06-24 20:27
    .
    Pre-Run: 785,219,833,856 bytes free
    Post-Run: 786,964,910,080 bytes free
    .
    - - End Of File - - B0721D7D8C08D12811933BB78E23F8D1
    5C616939100B85E558DA92B899A0FC36
     
  14. clester

    clester Thread Starter

    Joined:
    Dec 11, 2008
    Messages:
    190
    As far the other 2 files at beginning of post I do not remember installing them.
     
  15. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,047
    I assume you play League of Legends on this computer. Just checking as you have MK LOL, which is a League of Legends program.


    Okay, for the two programs, these are them:

    No-IP DUC

    http://no-ip-duc.software.informer.com/

    Macro Recorder 5.6.5

    https://www.jitbit.com/macro-recorder/


    So, the first is this:

    And the second:

    So, these both look like to be suspects in this case. You can uninstall via Programs and Features in the Control Panel, or in Start | Programs.

    If they're not able to be uninstalled, let me know.

    There are also a couple of files/folders I would like to double check, but uninstall the programs first, then run the below. They may be related, so may not be found ;)


    ------------------------

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :dir
      C:\Users\Debbie\AppData\Local\lrctfxwo /s
      C:\.ikov_cache_32 /s
      C:\Users\Nickel\AppData\Roaming\0780A580-66F6-474B-B658-7D285D871049 /s
      C:\Users\nike\AppData\Roaming\RSBot /s
      :contents
      C:\Windows\JQHApp.dat
      C:\Users\Debbie\random.dat
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found at on your Desktop entitled SystemLook.txt

    Thanks

    eddie
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1143850

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice