Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91803 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Keylogger? Bot? Outlook issue? [Solved]

keylogger bot outlook

  • This topic is locked This topic is locked
10 replies to this topic

#1 Nick*

Nick*

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 24 February 2014 - 03:14 PM

Hi folks, my webhost says I may have a keylogger.

 

I'm getting a crazy amount of undelivered mail bouncebacks from emails I never sent. I've changed my email passwords twice and notified my host company. I don't see any malicious software on my email host account server. My host company says I may have a key logger virus / trojan. 

 

I've run both Malwarebytes and Search & Destroy. 

 

Malwarebytes found one issue and removed it, posted below. Search & Destroy found only two browser ad tracking cookies.

 

I then ran OTL. I've posted the two text files below.

 

--- EDIT ---

 

I forgot to mention that I ran Malwarebytes Anti-Rootkit. No issues found.

 

And since posting, I've run TrendMicro Housecall and Rootkit Buster. No issues found.

 

I've also installed RUBotted.

 

--- EDIT ---

 

Thanks,

Nick

 

----------

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.21.09
 
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Marc :: KIDSCOMPUTER [administrator]
 
2/21/2014 2:06:48 PM
mbam-log-2014-02-21 (14-06-48).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 791931
Time elapsed: 2 hour(s), 29 minute(s), 53 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Test IE9\Downloads\SoftonicDownloader_for_ietester.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
 
(end)
 

----------
 

OTL logfile created on: 2/24/2014 2:36:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marc\Desktop\virus
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.87 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 62.40% Memory free
5.73 Gb Paging File | 4.43 Gb Available in Paging File | 77.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.43 Gb Total Space | 73.70 Gb Free Space | 33.13% Space Free | Partition Type: NTFS
 
Computer Name: KIDSCOMPUTER | User Name: Marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Marc\Desktop\virus\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (adfs) -- C:\windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (PAC207) -- C:\Windows\SysNative\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (adfs) -- C:\windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {000B8AEA-AB2A-4863-92EB-3FEEEAA2D56A}
IE:64bit: - HKLM\..\SearchScopes\{000B8AEA-AB2A-4863-92EB-3FEEEAA2D56A}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {9A30A3F8-4AD7-4964-8087-ADA2EC0FF187}
IE - HKLM\..\SearchScopes\{9A30A3F8-4AD7-4964-8087-ADA2EC0FF187}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKCU\..\SearchScopes,DefaultScope = {9A30A3F8-4AD7-4964-8087-ADA2EC0FF187}
IE - HKCU\..\SearchScopes\{5CD5D501-ADE6-4E72-8F62-29CF7FB95B51}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKCU\..\SearchScopes\{9A30A3F8-4AD7-4964-8087-ADA2EC0FF187}: "URL" = http://www.google.co...1I7TSNA_enUS372
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: fiddlerhook%40fiddler2.com:2.2.9.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.1
FF - prefs.js..extensions.enabledItems: flashbug@coursevector.com:1.7.0
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.9.8
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2014/01/15 22:15:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/01/29 08:05:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/22 14:22:08 | 000,000,000 | ---D | M]
 
[2011/01/06 13:49:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Extensions
[2011/01/07 09:34:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\floebvbu.default\extensions
[2011/01/06 13:51:21 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\floebvbu.default\extensions\firebug@software.joehewitt.com
[2011/01/06 13:51:20 | 000,000,000 | ---D | M] (Flashbug) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\floebvbu.default\extensions\flashbug@coursevector.com
[2011/01/06 13:51:20 | 000,000,000 | ---D | M] ("FlashFirebug") -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\floebvbu.default\extensions\flashfirebug@o-minds.com
[2014/01/05 14:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/23 20:34:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/15 22:15:28 | 000,000,000 | ---D | M] (FiddlerHook) -- C:\PROGRAM FILES (X86)\FIDDLER2\FIDDLERHOOK
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Google Wallet = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/01/13 15:52:16 | 000,434,935 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.217.239.152 staging-laprairieswitzerland.com
O1 - Hosts: 74.217.239.151 staging-laprairieswitzerland.ch
O1 - Hosts: 74.217.239.151 staging-laprairie.de
O1 - Hosts: 74.217.239.151 staging-laprairie.es
O1 - Hosts: 74.217.239.151 staging-la-prairie.fr
O1 - Hosts: 74.217.239.151 staging-la-prairie.it
O1 - Hosts: 74.217.239.151 staging-laprairie.at
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 14962 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9:64bit: - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AAC1865-70C9-4D56-A74C-C1609AA0102E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C6E97FB-BE6A-439D-8FF9-BF34FAFFBEF1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{bc5a4196-ef4f-11de-bd94-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bc5a4196-ef4f-11de-bd94-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{bc5a4196-ef4f-11de-bd94-806e6f6e6963}\Shell\configure\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{bc5a4196-ef4f-11de-bd94-806e6f6e6963}\Shell\install\command - "" = D:\SETUP.EXE
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/24 13:35:24 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\virus
[2014/02/23 20:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/02/23 20:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/02/21 16:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/02/21 16:59:05 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/21 16:58:23 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/02/21 16:58:13 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\mbar
[2014/02/21 14:06:22 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Users\Marc\Desktop\startuplite-setup-1.07.exe
[2014/02/21 14:04:07 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Marc\Desktop\mbar-1.07.0.1009.exe
[2014/01/31 13:12:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2014/01/31 13:12:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2014/01/31 13:12:16 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/01/31 13:12:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieakeng.dll
[2014/01/31 13:12:16 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2014/01/31 13:12:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2014/01/31 13:12:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2014/01/31 13:12:15 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2014/01/31 13:12:15 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/01/31 13:12:15 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2014/01/31 13:12:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/01/31 13:12:15 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2014/01/31 13:12:15 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2014/01/31 13:12:15 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ie4uinit.exe
[2014/01/31 13:12:15 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2014/01/31 13:12:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2014/01/31 13:12:15 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/01/31 13:12:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/01/31 13:12:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2014/01/31 13:12:14 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/01/31 13:12:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2014/01/31 13:12:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2014/01/31 13:12:13 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2014/01/31 13:12:13 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2014/01/31 13:12:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/01/31 13:12:13 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2014/01/31 13:12:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/01/31 13:12:13 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2014/01/31 13:12:12 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieaksie.dll
[2014/01/31 13:12:12 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieakui.dll
[2014/01/31 13:12:12 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2014/01/31 13:12:12 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admparse.dll
[2014/01/31 13:12:11 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2014/01/31 13:12:10 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2014/01/31 13:12:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/01/31 13:12:09 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/01/31 13:12:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2014/01/31 13:12:09 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieaksie.dll
[2014/01/31 13:12:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/01/31 13:12:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieakui.dll
[2014/01/31 13:12:09 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2014/01/31 13:12:09 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2014/01/31 13:12:09 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admparse.dll
[2014/01/31 13:12:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2014/01/31 13:12:09 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2014/01/31 13:12:09 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2014/01/31 13:12:08 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieakeng.dll
[2014/01/31 13:12:08 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2014/01/31 13:12:08 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2014/01/31 13:12:08 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2014/01/31 13:12:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2014/01/31 13:12:08 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2014/01/31 13:12:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/01/31 13:12:07 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2014/01/31 13:12:06 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2014/01/31 13:12:06 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/01/31 13:12:06 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/01/31 13:12:06 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2014/01/31 13:12:06 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/01/31 13:12:06 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/01/31 13:12:06 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2014/01/31 13:12:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/01/31 13:12:05 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/01/31 13:12:05 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/01/31 13:12:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/01/31 13:12:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2014/01/31 13:12:05 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2014/01/31 13:12:05 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2014/01/31 13:12:05 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2014/01/31 13:12:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/01/31 13:12:05 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/01/31 13:12:05 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2014/01/31 13:10:33 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2014/01/31 13:10:33 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2014/01/31 13:10:32 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ExplorerFrame.dll
[2014/01/31 13:10:32 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2014/01/31 13:10:32 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ExplorerFrame.dll
[2014/01/31 13:10:32 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2014/01/31 13:10:32 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2014/01/31 13:10:32 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll
[2014/01/31 13:10:32 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2014/01/31 13:10:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll
[2014/01/31 13:10:32 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2014/01/31 13:10:31 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2014/01/31 13:10:31 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2014/01/31 13:10:31 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2014/01/31 13:10:31 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2014/01/31 13:10:31 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsRasterService.dll
[2014/01/31 13:10:31 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsRasterService.dll
[2014/01/31 13:10:30 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mf.dll
[2014/01/31 13:10:30 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mf.dll
[2014/01/31 13:10:30 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfreadwrite.dll
[2014/01/31 13:10:30 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfps.dll
[2014/01/31 13:10:30 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfreadwrite.dll
[2014/01/27 05:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/27 05:41:22 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2014/01/27 05:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/27 05:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/27 05:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/01/27 05:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/01/27 05:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/01/27 05:33:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2009/02/13 10:02:52 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Program Files\devcon_amd64.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/24 14:07:05 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/24 14:07:05 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/24 14:04:35 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/24 14:00:22 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/24 13:58:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/02/24 13:58:16 | 2309,660,672 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/24 13:52:01 | 000,000,598 | ---- | M] () -- C:\windows\tasks\G2MUpdateTask-S-1-5-21-3357349812-2239403225-1323811888-1004.job
[2014/02/24 09:44:29 | 000,781,586 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/02/24 09:44:29 | 000,661,918 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/02/24 09:44:29 | 000,121,714 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/02/23 07:37:48 | 005,063,088 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/02/21 16:59:05 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/21 16:58:23 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/02/21 14:06:22 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Users\Marc\Desktop\startuplite-setup-1.07.exe
[2014/02/21 14:04:08 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Marc\Desktop\mbar-1.07.0.1009.exe
[2014/02/10 20:22:54 | 000,001,449 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/04 21:30:53 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/02/04 21:30:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/31 13:12:17 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/01/31 13:12:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2014/01/31 13:12:16 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2014/01/31 13:12:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieakeng.dll
[2014/01/31 13:12:16 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2014/01/31 13:12:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2014/01/31 13:12:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2014/01/31 13:12:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2014/01/31 13:12:15 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2014/01/31 13:12:15 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/01/31 13:12:15 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2014/01/31 13:12:15 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/01/31 13:12:15 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2014/01/31 13:12:15 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ie4uinit.exe
[2014/01/31 13:12:15 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2014/01/31 13:12:15 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2014/01/31 13:12:15 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2014/01/31 13:12:15 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/01/31 13:12:14 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/01/31 13:12:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2014/01/31 13:12:14 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2014/01/31 13:12:14 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/01/31 13:12:14 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2014/01/31 13:12:14 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2014/01/31 13:12:13 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2014/01/31 13:12:13 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2014/01/31 13:12:13 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/01/31 13:12:13 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2014/01/31 13:12:13 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/01/31 13:12:13 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2014/01/31 13:12:12 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieaksie.dll
[2014/01/31 13:12:12 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieakui.dll
[2014/01/31 13:12:12 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\admparse.dll
[2014/01/31 13:12:11 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2014/01/31 13:12:10 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2014/01/31 13:12:10 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/01/31 13:12:09 | 002,334,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/01/31 13:12:09 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2014/01/31 13:12:09 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieaksie.dll
[2014/01/31 13:12:09 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/01/31 13:12:09 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieakui.dll
[2014/01/31 13:12:09 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2014/01/31 13:12:09 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2014/01/31 13:12:09 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\admparse.dll
[2014/01/31 13:12:09 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2014/01/31 13:12:09 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2014/01/31 13:12:09 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2014/01/31 13:12:08 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieakeng.dll
[2014/01/31 13:12:08 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2014/01/31 13:12:08 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2014/01/31 13:12:08 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2014/01/31 13:12:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2014/01/31 13:12:08 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2014/01/31 13:12:07 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/01/31 13:12:07 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2014/01/31 13:12:06 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2014/01/31 13:12:06 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/01/31 13:12:06 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/01/31 13:12:06 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2014/01/31 13:12:06 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/01/31 13:12:06 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/01/31 13:12:06 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2014/01/31 13:12:06 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2014/01/31 13:12:06 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/01/31 13:12:05 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/01/31 13:12:05 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/01/31 13:12:05 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/01/31 13:12:05 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2014/01/31 13:12:05 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2014/01/31 13:12:05 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2014/01/31 13:12:05 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2014/01/31 13:12:05 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/01/31 13:12:05 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/01/31 13:12:05 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2014/01/31 13:10:33 | 001,888,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2014/01/31 13:10:33 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2014/01/31 13:10:32 | 001,863,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ExplorerFrame.dll
[2014/01/31 13:10:32 | 001,837,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2014/01/31 13:10:32 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ExplorerFrame.dll
[2014/01/31 13:10:32 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2014/01/31 13:10:32 | 000,470,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2014/01/31 13:10:32 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll
[2014/01/31 13:10:32 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2014/01/31 13:10:32 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll
[2014/01/31 13:10:32 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2014/01/31 13:10:31 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mf.dll
[2014/01/31 13:10:31 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2014/01/31 13:10:31 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2014/01/31 13:10:31 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2014/01/31 13:10:31 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2014/01/31 13:10:31 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\XpsRasterService.dll
[2014/01/31 13:10:31 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\XpsRasterService.dll
[2014/01/31 13:10:30 | 004,068,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mf.dll
[2014/01/31 13:10:30 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mfreadwrite.dll
[2014/01/31 13:10:30 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mfps.dll
[2014/01/31 13:10:30 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mfreadwrite.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/10 20:22:54 | 000,001,421 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2014/02/04 20:19:40 | 000,001,542 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2014/02/04 14:41:25 | 000,000,598 | ---- | C] () -- C:\windows\tasks\G2MUpdateTask-S-1-5-21-3357349812-2239403225-1323811888-1004.job
[2014/01/31 13:12:14 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2014/01/31 13:12:05 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/12/30 23:10:35 | 000,000,192 | ---- | C] () -- C:\windows\QUICKEN.INI
[2013/12/27 10:41:19 | 000,007,616 | ---- | C] () -- C:\Users\Marc\AppData\Local\Resmon.ResmonCfg
[2012/10/27 14:08:58 | 000,000,257 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2012/10/27 14:08:58 | 000,000,094 | ---- | C] () -- C:\windows\brpcfx.ini
[2012/10/27 14:03:07 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\BrMuSNMP.dll
[2012/10/27 14:03:07 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2012/10/27 14:03:06 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat
[2012/10/27 13:54:21 | 000,000,419 | ---- | C] () -- C:\windows\BRWMARK.INI
[2012/10/27 13:54:21 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2012/10/27 13:54:02 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\error.dat
[2012/10/27 13:54:02 | 000,000,000 | ---- | C] () -- C:\windows\brmx2001.ini
[2012/10/27 13:52:59 | 000,000,080 | ---- | C] () -- C:\windows\Brownie.ini
[2011/04/21 12:53:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/06 13:51:22 | 000,001,291 | ---- | C] () -- C:\Users\Marc\mm.cfg
[2010/12/09 09:45:33 | 000,000,632 | RHS- | C] () -- C:\Users\Marc\ntuser.pol
[2010/03/29 14:29:42 | 000,000,268 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 09:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 09:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/02/03 14:29:50 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\.minecraft
[2013/01/19 21:06:38 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Broderbund
[2011/11/17 00:46:49 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/01/17 08:23:06 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Scooter Software
[2011/04/21 04:30:27 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Subversion
[2010/03/29 14:29:44 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Template
[2010/03/29 14:34:03 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Toshiba
[2010/03/25 10:24:32 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2009/07/13 21:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/10 15:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-254441E9.PF  >
[2014/02/24 12:45:13 | 000,027,344 | ---- | M] () MD5=E9B0B55EDF509B96492C45807D10CC4C -- C:\Windows\Prefetch\EXPLORER.EXE-254441E9.pf
 
< MD5 for: EXPLORER.EXE-A80E4F97.PF  >
[2014/02/24 12:45:22 | 000,153,358 | ---- | M] () MD5=E5685335BEA0F36522E452551AF9A4D1 -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
 
< MD5 for: IEXPLORE.EXE  >
[2014/01/31 13:12:11 | 000,763,632 | ---- | M] (Microsoft Corporation) MD5=140325733F0DFB82A6A600CE301478EE -- C:\Program Files\Internet Explorer\iexplore.exe
[2014/01/31 13:12:11 | 000,763,632 | ---- | M] (Microsoft Corporation) MD5=140325733F0DFB82A6A600CE301478EE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16526_none_0d599df380650659\iexplore.exe
[2010/09/07 23:36:39 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=14803EA3E5DD7CB37CB446C74CFDA38F -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
[2009/07/13 20:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2014/01/31 13:12:17 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=43E6F2A7FB182F2D7CB0CE5B8F1005CF -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2014/01/31 13:12:17 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=43E6F2A7FB182F2D7CB0CE5B8F1005CF -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16526_none_17ae4845b4c5c854\iexplore.exe
[2010/09/08 00:37:57 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=4879CB864E290BED38C5BDB641144B1B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_0fe467c9579e7a28\iexplore.exe
[2010/09/08 00:49:01 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=498035ABCCF1ED47AE6791D239187587 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_0f6c69ae3e743d20\iexplore.exe
[2010/09/07 23:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=61EDBCE47ADF3E52AB0B9F49EE4AEBB8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
[2011/02/24 00:45:11 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AB2BB40A5FE49AD236791AC22BD08869 -- C:\Windows\SoftwareDistribution\Download\4dcf2c50f89fe861f87e27d41beac164\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1a9d66118bb386fd\iexplore.exe
[2011/02/24 01:29:19 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B4881B8F6EDB48CABD44BCC9FB5475C4 -- C:\Windows\SoftwareDistribution\Download\4dcf2c50f89fe861f87e27d41beac164\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1048bbbf5752c502\iexplore.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2011/02/24 00:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C6697A46554E36541E81182B258A19D6 -- C:\Windows\SoftwareDistribution\Download\4dcf2c50f89fe861f87e27d41beac164\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_19d0e74472c85f04\iexplore.exe
[2011/02/24 01:32:09 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E1BBDE0F187194D4B08335234A4B9FC7 -- C:\Windows\SoftwareDistribution\Download\4dcf2c50f89fe861f87e27d41beac164\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_0f7c3cf23e679d09\iexplore.exe
[2009/07/13 20:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.4524.DMP  >
[2012/05/23 11:33:03 | 002,744,797 | ---- | M] () MD5=2D1DBA906D31D608223B125A10AA0AE3 -- C:\Users\Mom\AppData\Local\CrashDumps\iexplore.exe.4524.dmp
 
< MD5 for: IEXPLORE.EXE.768.DMP  >
[2011/05/31 22:17:24 | 002,474,565 | ---- | M] () MD5=7662FCC4936EF24372533E21574D5FDF -- C:\Users\Development\AppData\Local\CrashDumps\iexplore.exe.768.dmp
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2014/01/31 13:12:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2014/01/31 13:12:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2014/01/31 13:12:18 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2014/01/31 13:12:18 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
 
< MD5 for: IEXPLORE.LOG  >
[2013/04/03 11:00:57 | 000,000,620 | ---- | M] () MD5=5EC66FD42B829C5DC1C09692AB6DAEFB -- C:\Users\Cole\AppData\Local\Temp\Low\iexplore.log
[2013/05/25 18:42:44 | 000,000,775 | ---- | M] () MD5=7BF7948F413F4EAC503F21B4456E227E -- C:\Users\Kids\AppData\Local\Temp\Low\iexplore.log
 
< MD5 for: SERVICES  >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.AIP  >
[2012/03/29 20:35:50 | 000,297,104 | ---- | M] (Adobe Systems Incorporated) MD5=8311BFD3FD21EB8089259C491406A7B0 -- C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Plug-ins\Extensions\Services.aip
 
< MD5 for: SERVICES.AS  >
[2011/11/21 14:15:44 | 000,003,458 | ---- | M] () MD5=1C4E2DB4EFACD90A5F9B92DDE9D51233 -- C:\Users\Development\Documents\Business\```Work\Luxurious Animals\Lunchables\trunk\src\lux\communications\Services.as
[2012/09/26 23:48:14 | 000,003,476 | ---- | M] () MD5=564C39A19C61B50FE77E5C62B335687F -- C:\Users\Development\Documents\development svn\terzi interactive\games\Run Zombie\branches\genesis\src\com\runzombie\communications\Services.as
 
< MD5 for: SERVICES.AS.SVN-BASE  >
[2011/11/21 14:15:44 | 000,003,458 | R--- | M] () MD5=1C4E2DB4EFACD90A5F9B92DDE9D51233 -- C:\$Recycle.Bin\S-1-5-21-3357349812-2239403225-1323811888-1004\$R17C064.svn\text-base\Services.as.svn-base
 
< MD5 for: SERVICES.ASFX  >
[2011/09/05 12:05:06 | 000,001,888 | ---- | M] () MD5=14A44E8C50067E903D81B951B0F20EC6 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\Services\Services.asfx
[2011/09/05 12:05:06 | 000,001,831 | ---- | M] () MD5=FE3CE5C3CCD3DF6B436B0DA535E36744 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\Services\Services.asfx
 
< MD5 for: SERVICES.CFG  >
[2011/09/05 12:05:06 | 000,584,808 | ---- | M] () MD5=B3B25937514C772FD2490108B91CE17F -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Services\Services.cfg
[2010/10/25 15:13:46 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\services.cfg
 
< MD5 for: SERVICES.CNF  >
[2008/06/30 14:17:00 | 000,000,002 | ---- | M] () MD5=A55822426A5330C04625A41D264C190B -- C:\Users\Development\Documents\Business\```Work\Kichiwawa\Kichiwawa Backup 2008-10-29\Website Kichiwawa Backup 01\_vti_pvt\services.cnf
[2008/06/30 14:17:00 | 000,000,002 | ---- | M] () MD5=A55822426A5330C04625A41D264C190B -- C:\Users\Development\Documents\Business\```Work\Kichiwawa\Kichiwawa Backup 2008-10-29\Website Kichiwawa Backup 02\_vti_pvt\services.cnf
[2008/06/30 14:17:00 | 000,000,002 | ---- | M] () MD5=A55822426A5330C04625A41D264C190B -- C:\Users\Development\Documents\Business\```Work\Kichiwawa\Kichiwawa Backup 2008-10-29\Website Kichiwawa Backup 03\_vti_pvt\services.cnf
[2008/06/30 14:17:00 | 000,000,002 | ---- | M] () MD5=A55822426A5330C04625A41D264C190B -- C:\Users\Development\Documents\Business\```Work\Kichiwawa\Kichiwawa Backup 2008-10-29\Website Kichiwawa Backup 04\_vti_pvt\services.cnf
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.HTML  >
[2014/01/04 09:02:34 | 000,003,702 | ---- | M] () MD5=6A70764DF110A7C538E1C328CBF92CEE -- C:\Users\Development\Documents\development svn\terzi interactive\clients\Epicure of Design\Regal Blu\website\trunk\deploy\services.html
 
< MD5 for: SERVICES.ISML  >
[2013/10/21 09:39:28 | 000,000,366 | ---- | M] () MD5=82008CF95961CDDF10B547E78D6A2F31 -- C:\$Recycle.Bin\S-1-5-21-3357349812-2239403225-1323811888-1004\$R2BGH5S\LaPrairie\Website\trunk\demandware 02\int_cybersource\cartridge\templates\default\services\services.isml
[2013/10/21 09:39:28 | 000,000,366 | ---- | M] () MD5=82008CF95961CDDF10B547E78D6A2F31 -- C:\$Recycle.Bin\S-1-5-21-3357349812-2239403225-1323811888-1004\$R2BGH5S\LaPrairie\Website\trunk\demandware\int_cybersource\cartridge\templates\default\services\services.isml
[2013/09/11 16:51:32 | 000,000,366 | ---- | M] () MD5=82008CF95961CDDF10B547E78D6A2F31 -- C:\Users\Development\Documents\Business\```Work\International Technology Solutions\La Prairie\Website\Eclipse\LPWebsite - Copy v02\int_cybersource\cartridge\templates\default\services\services.isml
[2013/09/11 16:51:32 | 000,000,366 | ---- | M] () MD5=82008CF95961CDDF10B547E78D6A2F31 -- C:\Users\Development\Documents\Business\```Work\International Technology Solutions\La Prairie\Website\Eclipse\LPWebsite - Copy v03 2013-10-16 my version\int_cybersource\cartridge\templates\default\services\services.isml
[2013/10/21 09:22:56 | 000,000,366 | ---- | M] () MD5=82008CF95961CDDF10B547E78D6A2F31 -- C:\Users\Development\Documents\Business\```Work\International Technology Solutions\La Prairie\Website\Eclipse\LPWebsite - Copy v06\int_cybersource\cartridge\templates\default\services\services.isml
[2013/10/21 09:39:28 | 000,000,366 | ---- | M] () MD5=82008CF95961CDDF10B547E78D6A2F31 -- C:\Users\Development\Documents\development svn\terzi interactive\clients\International Technology Solutions\LaPrairie\Website\trunk\demandware 02\int_cybersource\cartridge\templates\default\services\services.isml
[2013/10/21 09:39:28 | 000,000,366 | ---- | M] () MD5=82008CF95961CDDF10B547E78D6A2F31 -- C:\Users\Development\Documents\development svn\terzi interactive\clients\International Technology Solutions\LaPrairie\Website\trunk\demandware\int_cybersource\cartridge\templates\default\services\services.isml
 
< MD5 for: SERVICES.JPG  >
[2013/12/19 08:26:49 | 000,191,700 | ---- | M] () MD5=E527FB8488F2B27D6BCD3EFEDA886A3B -- C:\Users\Development\Documents\development svn\terzi interactive\clients\Epicure of Design\Regal Blu\website\trunk\deploy\images\services.jpg
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOCHIADS.COM.SOL  >
[2011/06/09 23:28:19 | 000,000,487 | ---- | M] () MD5=209FFC891CC922AE7F9FC7CA3E75A29F -- C:\Users\Development\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5435WMNH\mochiads.com\services.mochiads.com.sol
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PNG  >
[2013/12/19 08:27:19 | 000,186,369 | ---- | M] () MD5=E4D5891CEE0EB5135D51F7C3A3590D2B -- C:\Users\Development\Documents\development svn\terzi interactive\clients\Epicure of Design\Regal Blu\website\trunk\deploy\images\services.png
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.SBS  >
[2013/07/16 12:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs
 
< MD5 for: SERVICES.WSDL  >
[2013/12/23 02:22:40 | 000,055,856 | ---- | M] () MD5=D26F7BEAD65817702D53F18C4BE111F0 -- C:\Program Files (x86)\Klok2\Services.wsdl
 
< MD5 for: WINLOGON.ADML  >
[2009/07/13 21:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/10 16:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2009/07/13 21:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\windows\SysNative\en-US\winlogon.exe.mui
[2009/07/13 21:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
 
< MD5 for: WINLOGON.EXE-B020DC41.PF  >
[2014/02/24 06:58:16 | 000,040,304 | ---- | M] () MD5=0C64404CA2093F7A0655F7B46C2927C8 -- C:\Windows\Prefetch\WINLOGON.EXE-B020DC41.pf
 
< MD5 for: WINLOGON.MFL  >
[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\windows\SysNative\wbem\winlogon.mof
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2014/02/24 13:58:15 | 000,180,764 | ---- | M] () -- C:\aaw7boot.log
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/11/30 23:07:20 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2014/02/24 13:58:16 | 2309,660,672 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/24 13:58:17 | 3079,548,928 | -HS- | M] () -- C:\pagefile.sys
[2011/04/21 09:06:52 | 000,061,960 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_21.04.2011_10.06.15_log.txt
[2011/04/21 09:08:53 | 000,061,960 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_21.04.2011_10.08.03_log.txt
[2011/04/21 09:09:51 | 000,002,246 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_21.04.2011_10.09.26_log.txt
[2011/04/22 18:12:43 | 000,062,694 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_22.04.2011_19.11.56_log.txt
[2011/05/22 14:06:26 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_22.05.2011_15.06.20_log.txt
[2011/04/23 17:28:00 | 000,062,694 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_23.04.2011_18.27.12_log.txt
[2011/04/24 01:18:54 | 000,062,694 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_24.04.2011_02.17.31_log.txt
[2011/04/24 02:09:55 | 000,063,472 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_24.04.2011_03.08.51_log.txt
[2011/04/24 10:01:54 | 000,026,774 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_24.04.2011_11.01.35_log.txt
[2011/04/24 18:20:47 | 000,063,472 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_24.04.2011_19.17.16_log.txt
[2011/04/24 21:18:49 | 000,063,472 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_24.04.2011_22.18.14_log.txt
[2011/05/22 14:08:08 | 000,063,716 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_22.05.2011_15.07.22_log.txt
 
< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2009/07/10 15:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2012/10/27 13:54:02 | 000,000,000 | ---- | M] () -- C:\Program Files (x86)\error.dat
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is CeeDrive
 Volume Serial Number is 3AD6-C62D
 Directory of C:\
07/14/2009  12:08 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/14/2009  12:08 AM    <SYMLINKD>     All Users [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Cole
01/16/2013  12:57 PM    <JUNCTION>     Application Data [C:\Users\Cole\AppData\Roaming]
01/16/2013  12:57 PM    <JUNCTION>     Cookies [C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Cookies]
01/16/2013  12:57 PM    <JUNCTION>     Local Settings [C:\Users\Cole\AppData\Local]
01/16/2013  12:57 PM    <JUNCTION>     My Documents [C:\Users\Cole\Documents]
01/16/2013  12:57 PM    <JUNCTION>     NetHood [C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/16/2013  12:57 PM    <JUNCTION>     PrintHood [C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/16/2013  12:57 PM    <JUNCTION>     Recent [C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Recent]
01/16/2013  12:57 PM    <JUNCTION>     SendTo [C:\Users\Cole\AppData\Roaming\Microsoft\Windows\SendTo]
01/16/2013  12:57 PM    <JUNCTION>     Start Menu [C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu]
01/16/2013  12:57 PM    <JUNCTION>     Templates [C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Cole\AppData\Local
01/16/2013  12:57 PM    <JUNCTION>     Application Data [C:\Users\Cole\AppData\Local]
01/16/2013  12:57 PM    <JUNCTION>     History [C:\Users\Cole\AppData\Local\Microsoft\Windows\History]
01/16/2013  12:57 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Cole\Documents
01/16/2013  12:57 PM    <JUNCTION>     My Music [C:\Users\Cole\Music]
01/16/2013  12:57 PM    <JUNCTION>     My Pictures [C:\Users\Cole\Pictures]
01/16/2013  12:57 PM    <JUNCTION>     My Videos [C:\Users\Cole\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009  12:08 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009  12:08 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/14/2009  12:08 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/14/2009  12:08 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009  12:08 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009  12:08 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009  12:08 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/14/2009  12:08 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009  12:08 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/14/2009  12:08 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/14/2009  12:08 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/14/2009  12:08 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Development
04/20/2011  08:15 PM    <JUNCTION>     Application Data [C:\Users\Development\AppData\Roaming]
04/20/2011  08:15 PM    <JUNCTION>     Cookies [C:\Users\Development\AppData\Roaming\Microsoft\Windows\Cookies]
04/20/2011  08:15 PM    <JUNCTION>     Local Settings [C:\Users\Development\AppData\Local]
04/20/2011  08:15 PM    <JUNCTION>     My Documents [C:\Users\Development\Documents]
04/20/2011  08:15 PM    <JUNCTION>     NetHood [C:\Users\Development\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/20/2011  08:15 PM    <JUNCTION>     PrintHood [C:\Users\Development\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/20/2011  08:15 PM    <JUNCTION>     Recent [C:\Users\Development\AppData\Roaming\Microsoft\Windows\Recent]
04/20/2011  08:15 PM    <JUNCTION>     SendTo [C:\Users\Development\AppData\Roaming\Microsoft\Windows\SendTo]
04/20/2011  08:15 PM    <JUNCTION>     Start Menu [C:\Users\Development\AppData\Roaming\Microsoft\Windows\Start Menu]
04/20/2011  08:15 PM    <JUNCTION>     Templates [C:\Users\Development\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Development\AppData\Local
04/20/2011  08:15 PM    <JUNCTION>     Application Data [C:\Users\Development\AppData\Local]
04/20/2011  08:15 PM    <JUNCTION>     History [C:\Users\Development\AppData\Local\Microsoft\Windows\History]
04/20/2011  08:15 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Development\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Development\AppData\LocalLow
05/20/2011  11:59 PM    <JUNCTION>     PlayReady [C:\ProgramData\Microsoft\PlayReady]
               0 File(s)              0 bytes
 Directory of C:\Users\Development\Documents
04/20/2011  08:15 PM    <JUNCTION>     My Music [C:\Users\Development\Music]
04/20/2011  08:15 PM    <JUNCTION>     My Pictures [C:\Users\Development\Pictures]
04/20/2011  08:15 PM    <JUNCTION>     My Videos [C:\Users\Development\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Kids
12/09/2010  10:01 AM    <JUNCTION>     Application Data [C:\Users\Kids\AppData\Roaming]
12/09/2010  10:01 AM    <JUNCTION>     Cookies [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Cookies]
12/09/2010  10:01 AM    <JUNCTION>     Local Settings [C:\Users\Kids\AppData\Local]
12/09/2010  10:01 AM    <JUNCTION>     My Documents [C:\Users\Kids\Documents]
12/09/2010  10:01 AM    <JUNCTION>     NetHood [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/09/2010  10:01 AM    <JUNCTION>     PrintHood [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/09/2010  10:01 AM    <JUNCTION>     Recent [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Recent]
12/09/2010  10:01 AM    <JUNCTION>     SendTo [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\SendTo]
12/09/2010  10:01 AM    <JUNCTION>     Start Menu [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu]
12/09/2010  10:01 AM    <JUNCTION>     Templates [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Kids\AppData\Local
12/09/2010  10:01 AM    <JUNCTION>     Application Data [C:\Users\Kids\AppData\Local]
12/09/2010  10:01 AM    <JUNCTION>     History [C:\Users\Kids\AppData\Local\Microsoft\Windows\History]
12/09/2010  10:01 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Kids\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Kids\AppData\LocalLow
08/31/2012  02:04 PM    <JUNCTION>     PlayReady [C:\ProgramData\Microsoft\PlayReady]
               0 File(s)              0 bytes
 Directory of C:\Users\Kids\Documents
12/09/2010  10:01 AM    <JUNCTION>     My Music [C:\Users\Kids\Music]
12/09/2010  10:01 AM    <JUNCTION>     My Pictures [C:\Users\Kids\Pictures]
12/09/2010  10:01 AM    <JUNCTION>     My Videos [C:\Users\Kids\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Marc
03/25/2010  10:23 AM    <JUNCTION>     Application Data [C:\Users\Marc\AppData\Roaming]
03/25/2010  10:23 AM    <JUNCTION>     Cookies [C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Cookies]
03/25/2010  10:23 AM    <JUNCTION>     Local Settings [C:\Users\Marc\AppData\Local]
03/25/2010  10:23 AM    <JUNCTION>     My Documents [C:\Users\Marc\Documents]
03/25/2010  10:23 AM    <JUNCTION>     NetHood [C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/25/2010  10:23 AM    <JUNCTION>     PrintHood [C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/25/2010  10:23 AM    <JUNCTION>     Recent [C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Recent]
03/25/2010  10:23 AM    <JUNCTION>     SendTo [C:\Users\Marc\AppData\Roaming\Microsoft\Windows\SendTo]
03/25/2010  10:23 AM    <JUNCTION>     Start Menu [C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu]
03/25/2010  10:23 AM    <JUNCTION>     Templates [C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Marc\AppData\Local
03/25/2010  10:23 AM    <JUNCTION>     Application Data [C:\Users\Marc\AppData\Local]
03/25/2010  10:23 AM    <JUNCTION>     History [C:\Users\Marc\AppData\Local\Microsoft\Windows\History]
03/25/2010  10:23 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Marc\Documents
03/25/2010  10:23 AM    <JUNCTION>     My Music [C:\Users\Marc\Music]
03/25/2010  10:23 AM    <JUNCTION>     My Pictures [C:\Users\Marc\Pictures]
03/25/2010  10:23 AM    <JUNCTION>     My Videos [C:\Users\Marc\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Mom
10/27/2011  01:00 PM    <JUNCTION>     Application Data [C:\Users\Mom\AppData\Roaming]
10/27/2011  01:00 PM    <JUNCTION>     Cookies [C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Cookies]
10/27/2011  01:00 PM    <JUNCTION>     Local Settings [C:\Users\Mom\AppData\Local]
10/27/2011  01:00 PM    <JUNCTION>     My Documents [C:\Users\Mom\Documents]
10/27/2011  01:00 PM    <JUNCTION>     NetHood [C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/27/2011  01:00 PM    <JUNCTION>     PrintHood [C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/27/2011  01:00 PM    <JUNCTION>     Recent [C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Recent]
10/27/2011  01:00 PM    <JUNCTION>     SendTo [C:\Users\Mom\AppData\Roaming\Microsoft\Windows\SendTo]
10/27/2011  01:00 PM    <JUNCTION>     Start Menu [C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu]
10/27/2011  01:00 PM    <JUNCTION>     Templates [C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Mom\AppData\Local
10/27/2011  01:00 PM    <JUNCTION>     Application Data [C:\Users\Mom\AppData\Local]
10/27/2011  01:00 PM    <JUNCTION>     History [C:\Users\Mom\AppData\Local\Microsoft\Windows\History]
10/27/2011  01:00 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Mom\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Mom\Documents
10/27/2011  01:00 PM    <JUNCTION>     My Music [C:\Users\Mom\Music]
10/27/2011  01:00 PM    <JUNCTION>     My Pictures [C:\Users\Mom\Pictures]
10/27/2011  01:00 PM    <JUNCTION>     My Videos [C:\Users\Mom\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/14/2009  12:08 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/14/2009  12:08 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/14/2009  12:08 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Safety
08/24/2013  10:42 PM    <JUNCTION>     Application Data [C:\Users\Safety\AppData\Roaming]
08/24/2013  10:42 PM    <JUNCTION>     Cookies [C:\Users\Safety\AppData\Roaming\Microsoft\Windows\Cookies]
08/24/2013  10:42 PM    <JUNCTION>     Local Settings [C:\Users\Safety\AppData\Local]
08/24/2013  10:42 PM    <JUNCTION>     My Documents [C:\Users\Safety\Documents]
08/24/2013  10:42 PM    <JUNCTION>     NetHood [C:\Users\Safety\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/24/2013  10:42 PM    <JUNCTION>     PrintHood [C:\Users\Safety\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/24/2013  10:42 PM    <JUNCTION>     Recent [C:\Users\Safety\AppData\Roaming\Microsoft\Windows\Recent]
08/24/2013  10:42 PM    <JUNCTION>     SendTo [C:\Users\Safety\AppData\Roaming\Microsoft\Windows\SendTo]
08/24/2013  10:42 PM    <JUNCTION>     Start Menu [C:\Users\Safety\AppData\Roaming\Microsoft\Windows\Start Menu]
08/24/2013  10:42 PM    <JUNCTION>     Templates [C:\Users\Safety\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Safety\AppData\Local
08/24/2013  10:42 PM    <JUNCTION>     Application Data [C:\Users\Safety\AppData\Local]
08/24/2013  10:42 PM    <JUNCTION>     History [C:\Users\Safety\AppData\Local\Microsoft\Windows\History]
08/24/2013  10:42 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Safety\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Safety\Documents
08/24/2013  10:42 PM    <JUNCTION>     My Music [C:\Users\Safety\Music]
08/24/2013  10:42 PM    <JUNCTION>     My Pictures [C:\Users\Safety\Pictures]
08/24/2013  10:42 PM    <JUNCTION>     My Videos [C:\Users\Safety\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Test IE10
01/31/2014  01:02 PM    <JUNCTION>     Application Data [C:\Users\Test IE10\AppData\Roaming]
01/31/2014  01:02 PM    <JUNCTION>     Cookies [C:\Users\Test IE10\AppData\Roaming\Microsoft\Windows\Cookies]
01/31/2014  01:02 PM    <JUNCTION>     Local Settings [C:\Users\Test IE10\AppData\Local]
01/31/2014  01:02 PM    <JUNCTION>     My Documents [C:\Users\Test IE10\Documents]
01/31/2014  01:02 PM    <JUNCTION>     NetHood [C:\Users\Test IE10\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/31/2014  01:02 PM    <JUNCTION>     PrintHood [C:\Users\Test IE10\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/31/2014  01:02 PM    <JUNCTION>     Recent [C:\Users\Test IE10\AppData\Roaming\Microsoft\Windows\Recent]
01/31/2014  01:02 PM    <JUNCTION>     SendTo [C:\Users\Test IE10\AppData\Roaming\Microsoft\Windows\SendTo]
01/31/2014  01:02 PM    <JUNCTION>     Start Menu [C:\Users\Test IE10\AppData\Roaming\Microsoft\Windows\Start Menu]
01/31/2014  01:02 PM    <JUNCTION>     Templates [C:\Users\Test IE10\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Test IE10\AppData\Local
01/31/2014  01:02 PM    <JUNCTION>     Application Data [C:\Users\Test IE10\AppData\Local]
01/31/2014  01:02 PM    <JUNCTION>     History [C:\Users\Test IE10\AppData\Local\Microsoft\Windows\History]
01/31/2014  01:02 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Test IE10\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Test IE10\Documents
01/31/2014  01:02 PM    <JUNCTION>     My Music [C:\Users\Test IE10\Music]
01/31/2014  01:02 PM    <JUNCTION>     My Pictures [C:\Users\Test IE10\Pictures]
01/31/2014  01:02 PM    <JUNCTION>     My Videos [C:\Users\Test IE10\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Test IE9
01/31/2014  01:00 PM    <JUNCTION>     Application Data [C:\Users\Test IE9\AppData\Roaming]
01/31/2014  01:00 PM    <JUNCTION>     Cookies [C:\Users\Test IE9\AppData\Roaming\Microsoft\Windows\Cookies]
01/31/2014  01:00 PM    <JUNCTION>     Local Settings [C:\Users\Test IE9\AppData\Local]
01/31/2014  01:00 PM    <JUNCTION>     My Documents [C:\Users\Test IE9\Documents]
01/31/2014  01:00 PM    <JUNCTION>     NetHood [C:\Users\Test IE9\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/31/2014  01:00 PM    <JUNCTION>     PrintHood [C:\Users\Test IE9\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/31/2014  01:00 PM    <JUNCTION>     Recent [C:\Users\Test IE9\AppData\Roaming\Microsoft\Windows\Recent]
01/31/2014  01:00 PM    <JUNCTION>     SendTo [C:\Users\Test IE9\AppData\Roaming\Microsoft\Windows\SendTo]
01/31/2014  01:00 PM    <JUNCTION>     Start Menu [C:\Users\Test IE9\AppData\Roaming\Microsoft\Windows\Start Menu]
01/31/2014  01:00 PM    <JUNCTION>     Templates [C:\Users\Test IE9\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Test IE9\AppData\Local
01/31/2014  01:00 PM    <JUNCTION>     Application Data [C:\Users\Test IE9\AppData\Local]
01/31/2014  01:00 PM    <JUNCTION>     History [C:\Users\Test IE9\AppData\Local\Microsoft\Windows\History]
01/31/2014  01:00 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Test IE9\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Test IE9\Documents
01/31/2014  01:00 PM    <JUNCTION>     My Music [C:\Users\Test IE9\Music]
01/31/2014  01:00 PM    <JUNCTION>     My Pictures [C:\Users\Test IE9\Pictures]
01/31/2014  01:00 PM    <JUNCTION>     My Videos [C:\Users\Test IE9\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Tommy
05/26/2013  09:03 AM    <JUNCTION>     Application Data [C:\Users\Tommy\AppData\Roaming]
05/26/2013  09:03 AM    <JUNCTION>     Cookies [C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies]
05/26/2013  09:03 AM    <JUNCTION>     Local Settings [C:\Users\Tommy\AppData\Local]
05/26/2013  09:03 AM    <JUNCTION>     My Documents [C:\Users\Tommy\Documents]
05/26/2013  09:03 AM    <JUNCTION>     NetHood [C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/26/2013  09:03 AM    <JUNCTION>     PrintHood [C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/26/2013  09:03 AM    <JUNCTION>     Recent [C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Recent]
05/26/2013  09:03 AM    <JUNCTION>     SendTo [C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\SendTo]
05/26/2013  09:03 AM    <JUNCTION>     Start Menu [C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu]
05/26/2013  09:03 AM    <JUNCTION>     Templates [C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Tommy\AppData\Local
05/26/2013  09:03 AM    <JUNCTION>     Application Data [C:\Users\Tommy\AppData\Local]
05/26/2013  09:03 AM    <JUNCTION>     History [C:\Users\Tommy\AppData\Local\Microsoft\Windows\History]
05/26/2013  09:03 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Tommy\Documents
05/26/2013  09:03 AM    <JUNCTION>     My Music [C:\Users\Tommy\Music]
05/26/2013  09:03 AM    <JUNCTION>     My Pictures [C:\Users\Tommy\Pictures]
05/26/2013  09:03 AM    <JUNCTION>     My Videos [C:\Users\Tommy\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
12/22/2009  06:33 PM    <JUNCTION>     Application Data [C:\windows\system32\config\systemprofile\AppData\Roaming]
12/22/2009  06:33 PM    <JUNCTION>     Cookies [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
12/22/2009  06:33 PM    <JUNCTION>     Local Settings [C:\windows\system32\config\systemprofile\AppData\Local]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
12/22/2009  06:33 PM    <JUNCTION>     Application Data [C:\windows\system32\config\systemprofile\AppData\Local]
12/22/2009  06:33 PM    <JUNCTION>     History [C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
12/22/2009  06:33 PM    <JUNCTION>     Temporary Internet Files [C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
12/22/2009  06:33 PM    <JUNCTION>     Application Data [C:\windows\system32\config\systemprofile\AppData\Roaming]
12/22/2009  06:33 PM    <JUNCTION>     Cookies [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
12/22/2009  06:33 PM    <JUNCTION>     Local Settings [C:\windows\system32\config\systemprofile\AppData\Local]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
12/22/2009  06:33 PM    <JUNCTION>     Application Data [C:\windows\system32\config\systemprofile\AppData\Local]
12/22/2009  06:33 PM    <JUNCTION>     History [C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
12/22/2009  06:33 PM    <JUNCTION>     Temporary Internet Files [C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
             192 Dir(s)  79,031,418,880 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2014/02/10 20:22:54 | 000,000,221 | -HS- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2014/02/21 14:04:08 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Marc\Desktop\mbar-1.07.0.1009.exe
[2014/02/21 14:06:22 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Users\Marc\Desktop\startuplite-setup-1.07.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >
 

----------
 

OTL Extras logfile created on: 2/24/2014 2:36:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marc\Desktop\virus
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.87 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 62.40% Memory free
5.73 Gb Paging File | 4.43 Gb Available in Paging File | 77.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.43 Gb Total Space | 73.70 Gb Free Space | 33.13% Space Free | Partition Type: NTFS
 
Computer Name: KIDSCOMPUTER | User Name: Marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09675C81-D1F2-418D-A3CD-22FE2218BAB6}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{22B6A706-7EB5-4FBC-8A20-69D17EE0DEF4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2565F476-F714-400C-9CC4-8FA5DD5310C5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{29B8A72A-C7B4-47D6-A51F-8A17BDE42325}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{31DA5B50-EDF5-4C86-9F39-B257A180E86D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3DBDDB70-4FEC-4004-8863-8B419AFE0F46}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3FA4F5F6-46E6-4BBB-A9AE-CFF85BE47827}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4338D922-6FE0-4189-89D2-141C668EAB1A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4BCF7D8F-3058-498E-A1A5-40291D76FAB9}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{534D64F2-725A-4A4F-A618-06C7042A3024}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6E5174EB-4837-49BB-911A-86E32DBF3AF8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6F2C4B0F-D6CF-416D-B2C5-18FDF8E11568}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{99B43633-F6F4-4E61-9CA9-BA349FFF283B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AEAAAE28-BFBF-450A-BF48-89E1944FEBE5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B2242B39-77DD-46D5-AE50-FA2BF5771A37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B2FBDE0F-2987-44EF-B8F6-5A91B5B60BA5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B37D3EB4-B0DE-4703-9352-EF3A62BF6178}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B39094CE-4A43-444E-A427-3878EC350C0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C5B63431-D731-40DE-B68C-998985407EEC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C96B1B26-BDF6-493B-8F1E-86DCFE947B3F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CF5F15B1-A654-4650-A63C-EF63C72D8EE7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D6E45380-3DEC-4C92-862F-11B4E4E21B07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DB0BBB07-1D15-406C-AABF-E35DCAE2C36A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E3174953-2CD0-4972-B05D-6129BB2BF027}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EEF91952-BE70-4FB5-807C-383D464980D4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F62C8DF8-A912-4D54-96E6-6ED4DA706E9C}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08027DE0-A342-46DE-A15A-0B23E445BEB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B49DBFF-1F62-4339-84F6-DB2C35879F57}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{16C0B640-5305-43A6-96A0-C8346802273F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1737D870-F006-4547-9FFE-7DC9A2D6115F}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{1A55E69E-F39A-47C9-982E-D749A1358765}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1C236013-8212-4868-BAC1-918D2768BDB7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1D877845-C8C5-41F0-80E2-DE34F8161763}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1E914F80-BB0A-4AF4-AC1A-9BEAD3E6F9C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{285F8BE3-72A0-40DB-9259-B2EA51DD1BC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5C383AA2-BD70-4C53-923A-59ECD930396C}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08y\faxrx.exe | 
"{5D0EDFDC-2EA3-49AB-B1F1-DC0A2C3E012E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{711880FA-EB6B-45AC-A408-81084DBD3180}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{725FB2D1-0D80-4285-A19D-30F2D7B05240}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{7579A1C7-BBB5-4559-BBC8-EC44DB735D6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{76F21310-CD2D-4E1C-9BB8-24BEC705ABD4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | 
"{85A85C0B-BB2A-41CA-BB43-B944899BAA69}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{85AA256E-92B5-4E2E-AE5C-AA145BE8FE39}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{884207DB-1129-4532-80CE-B1B7680D18C2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{88C06A22-07B9-4FE9-B382-69D5248818E9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8E5EFF33-7FBF-41D5-9515-28EC55847D90}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{91634AEB-62E7-426E-897D-AE6A9E40D49F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A0D1044D-F1EA-4C6C-97D8-BD2DF80908F2}" = protocol=6 | dir=in | app=c:\program files (x86)\fiddler2\fiddler.exe | 
"{A37CB147-E650-481D-8AF0-69784CEB6D35}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | 
"{A6A8CFDD-9066-469B-91B2-C62A29A67523}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AD9843B4-7BA2-46F5-8CC5-1D9652A484B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B4A8D936-5477-4AEE-B528-649956E7EA7F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B78623D2-A70A-4B10-B631-89079CDF1041}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{C190EEE8-EA63-4E58-91EB-B1FA5A5DA0F3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{C22E6C0D-EE07-4DCE-AE31-680A56E0C77F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{C3A9FF35-2731-4AA0-9D4B-940625778DB8}" = protocol=17 | dir=in | app=c:\program files (x86)\rhapsody\rhapsody.exe | 
"{C4C43C66-DF31-4B45-A04E-A9E35D396295}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C61865B7-89C2-4977-9953-BC100611BE6F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{D0BBACA3-8242-4D75-9799-0012FC7F10E0}" = protocol=6 | dir=in | app=c:\program files (x86)\rhapsody\rhapsody.exe | 
"{D506691A-4712-46F5-9FC6-56F61B9EAD53}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{D9BA986E-CF88-47FF-8C92-9A7BA35DDDD3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DB8437A9-2A6D-44F8-8D2A-F4E5F2A01876}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DD701A04-0A75-4309-BF50-53D5AB942061}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08y\faxrx.exe | 
"{E3B2BC09-3F9E-47F5-BA97-182ECD58609D}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{F03E664D-A59E-4430-8D75-86308283BE8A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F05FDB12-69F9-4695-8B45-39C6EA264152}" = protocol=6 | dir=out | app=system | 
"{F10B194B-9381-4B93-A103-27CE244601D8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{F67BB3D1-24BE-4492-A9CB-41A7F06A3200}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FA025EBD-B081-4C3E-8F42-B12829173C4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{FC7C85D8-883F-45BA-89E5-ACB2FAF6FE6E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FDAF5CBB-511A-4E43-8281-6F6B92B07D19}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"TCP Query User{0BEA4F52-85EB-4F51-A545-AFEA76F89D1D}C:\program files (x86)\adobe\adobe flash cs5.5\flash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash cs5.5\flash.exe | 
"TCP Query User{1E3E2EA2-CBE6-42FA-A0E3-67D3FFDCB0BC}C:\program files (x86)\adobe\adobe flash cs6\flash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash cs6\flash.exe | 
"TCP Query User{2EE0A24B-04E7-4960-A887-8FFFD7F262B9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{2FCE3778-C3EE-4DC8-8AEB-31217C502A6D}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=6 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe | 
"TCP Query User{36986F6B-A604-453C-AF3F-BB8CE43F077B}C:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | 
"TCP Query User{39291CE6-0253-4E39-84E9-4F31DA971511}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"TCP Query User{5ACDA56B-F5CB-43BC-972D-26238452A44A}C:\program files (x86)\adobe\adobe flash cs5.5\flash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash cs5.5\flash.exe | 
"TCP Query User{7016FFA8-0CE6-4465-8D35-FA841FB7F29A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{C7907A45-3D27-4DC0-96A0-0A678E12EC24}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{7DA8CF1C-E391-4D1B-8EE2-70C27DB89F7E}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"UDP Query User{7EA2A237-5B69-4E17-A6EF-1D518A7EB255}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=17 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe | 
"UDP Query User{A60854A7-8A38-4BCF-959E-E9B41190E41F}C:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | 
"UDP Query User{B4E6D36B-9FB4-4373-98B4-D3260C97270E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{B76363F9-12B4-4DD6-8831-28A37DB5F53D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{C4F63D4D-A9A0-49EE-A2D0-4AD62C618C86}C:\program files (x86)\adobe\adobe flash cs5.5\flash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash cs5.5\flash.exe | 
"UDP Query User{D236F55B-97DF-481A-8F2A-ABED16BB5713}C:\program files (x86)\adobe\adobe flash cs6\flash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash cs6\flash.exe | 
"UDP Query User{D66DFDD4-6F3B-425C-8AAC-61CE418D09A8}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{FB51B6C9-6EF0-47D3-955E-64262F56915B}C:\program files (x86)\adobe\adobe flash cs5.5\flash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash cs5.5\flash.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{71EFF430-1A34-423E-8EAF-A80173960A8E}" = TortoiseSVN 1.7.10.23359 (64 bit)
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support
"422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0)
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Sublime Text 3_is1" = Sublime Text Build 3059
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20E970DF-A7B2-4345-9DEB-72213A29645E}" = Brother MFL-Pro Suite MFC-6490CW
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5B049B61-0684-460E-A5F2-5EC314590344}" = Mavis Beacon Teaches Typing 18
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{662140BE-138C-4DC1-B4CD-B62C6C855A25}" = Pirate101
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9966A5DB-8BB0-4D89-A701-386ED84E79B8}" = Adobe Creative Suite 4 Master Collection
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Roxio Burn
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC7E7905-8C59-4806-A96D-30936A2B1FC5}" = Citrix Online Launcher
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCEEDC10-441F-4E4E-8590-0955C4C6B3F6}" = Adobe Setup
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C2B5B74F-37BB-4D67-9A2B-C53DE961775E}" = Brother MFC-6490CW
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C86DAD7E-9C55-E8DE-28FD-EE317B1ECC36}" = Klok 2
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F06365EC-061E-48C3-B761-E1816658D618}" = 3DVIA player 5.0.0.20
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe_7e74552a59eaf9fafd13f90894ac9bd" = Adobe Creative Suite 4 Master Collection
"BASICR" = Microsoft Office Basic 2007
"BeyondCompare3_is1" = Beyond Compare 3.3.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Fiddler2" = Fiddler
"FlashDevelop" = FlashDevelop 4.5.2
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"Klok2.DD7F2188B985C2439837C76B42A187050457E61B.1" = Klok 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Rhapsody" = Rhapsody
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 8930" = Sid Meier's Civilization V
"VLC media player" = VLC media player 2.1.2
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/2/2013 5:58:34 PM | Computer Name = KidsComputer | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program 
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of 
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 6/2/2013 5:59:37 PM | Computer Name = KidsComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 6/2/2013 5:59:44 PM | Computer Name = KidsComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 6/2/2013 5:59:44 PM | Computer Name = KidsComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 6/2/2013 5:59:44 PM | Computer Name = KidsComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 6/2/2013 5:59:45 PM | Computer Name = KidsComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 6/2/2013 5:59:52 PM | Computer Name = KidsComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 6/2/2013 5:59:52 PM | Computer Name = KidsComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 6/3/2013 9:13:25 AM | Computer Name = KidsComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 6/3/2013 9:13:33 AM | Computer Name = KidsComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
[ System Events ]
Error - 2/21/2014 6:37:27 AM | Computer Name = KidsComputer | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Google
 Update Service (gupdate) service to connect.
 
Error - 2/21/2014 6:37:27 AM | Computer Name = KidsComputer | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%1053
 
Error - 2/21/2014 6:38:19 AM | Computer Name = KidsComputer | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 2/21/2014 8:19:21 AM | Computer Name = KidsComputer | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 2/21/2014 2:22:34 PM | Computer Name = KidsComputer | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the NlaSvc service.
 
Error - 2/21/2014 2:23:05 PM | Computer Name = KidsComputer | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the wscsvc service.
 
Error - 2/21/2014 5:50:59 PM | Computer Name = KidsComputer | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature:
 %%835     Error Code: 0x80004005     Error description: Unspecified error      Reason: %%842
 
Error - 2/22/2014 8:16:08 AM | Computer Name = KidsComputer | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Dnscache service.
 
Error - 2/22/2014 8:16:48 AM | Computer Name = KidsComputer | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature:
 %%835     Error Code: 0x80004005     Error description: Unspecified error      Reason: %%842
 
Error - 2/24/2014 3:00:20 PM | Computer Name = KidsComputer | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature:
 %%835     Error Code: 0x80004005     Error description: Unspecified error      Reason: %%842
 
 
< End of report >
 

----------
 

 


Edited by Mercury Boy, 25 February 2014 - 06:16 AM.

    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 26 February 2014 - 06:51 PM

Hi Nick*,

  :welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
Very few email accounts require you to send them from your computer. If you use Outlook, if they were sent from your computer... they would show in your sent box. Mail could be sent from your account through a webmail client... but then they would have to have your password and you say you've changed them.

I'm not seeing any sign of a keylogger.. but let's dig around a little.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#3 Nick*

Nick*

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 27 February 2014 - 07:12 PM

Hi Tomk, thanks for the help.

 

I don't see any unknown sent mail in Outlook so that's out.

 

Here are the outputs from Farbar.

 

Thanks again,

Nick

 

----------

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014
Ran by Marc (administrator) on KIDSCOMPUTER on 26-02-2014 21:38:47
Running from C:\Users\Marc\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [X]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Monitor] - C:\windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-14] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-07-13] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [36272 2010-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] - C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3357349812-2239403225-1323811888-1000\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-3357349812-2239403225-1323811888-1000\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3357349812-2239403225-1323811888-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1641896 2013-06-06] (Valve Corporation)
HKU\S-1-5-21-3357349812-2239403225-1323811888-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-3357349812-2239403225-1323811888-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3357349812-2239403225-1323811888-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3357349812-2239403225-1323811888-1000\...\MountPoints2: E - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3357349812-2239403225-1323811888-1000\...\MountPoints2: {bc5a4196-ef4f-11de-bd94-806e6f6e6963} - D:\SETUP.EXE
Startup: C:\Users\Development\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Klok2.lnk
ShortcutTarget: Klok2.lnk -> C:\Program Files (x86)\Klok2\Klok2.exe ()
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-3357349812-2239403225-1323811888-1006\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3357349812-2239403225-1323811888-1003\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {000B8AEA-AB2A-4863-92EB-3FEEEAA2D56A} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM - {000B8AEA-AB2A-4863-92EB-3FEEEAA2D56A} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {9A30A3F8-4AD7-4964-8087-ADA2EC0FF187} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {9A30A3F8-4AD7-4964-8087-ADA2EC0FF187} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKCU - DefaultScope {9A30A3F8-4AD7-4964-8087-ADA2EC0FF187} URL = http://www.google.co...1I7TSNA_enUS372
SearchScopes: HKCU - {5CD5D501-ADE6-4E72-8F62-29CF7FB95B51} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKCU - {9A30A3F8-4AD7-4964-8087-ADA2EC0FF187} URL = http://www.google.co...1I7TSNA_enUS372
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\floebvbu.default
FF Homepage: user_pref("browser.startup.homepage", "");
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @virtools.com/3DviaPlayer - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Firebug - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\floebvbu.default\Extensions\firebug@software.joehewitt.com [2011-01-06]
FF Extension: Flashbug - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\floebvbu.default\Extensions\flashbug@coursevector.com [2011-01-06]
FF Extension: FlashFirebug - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\floebvbu.default\Extensions\flashfirebug@o-minds.com [2011-01-06]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2014-01-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-12-23]
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-23]
CHR Extension: (Google Drive) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-23]
CHR Extension: (YouTube) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-23]
CHR Extension: (Google Search) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-23]
CHR Extension: (Google Wallet) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-23]
CHR Extension: (Gmail) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-23]
 
==================== Services (Whitelisted) =================
 
R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2146496 2011-04-21] (Lavasoft Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-04-18] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-04-18] (Lavasoft AB)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [446976 2009-08-20] (Realtek Semiconductor Corporation                           )
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-26 21:38 - 2014-02-26 21:39 - 00021609 _____ () C:\Users\Marc\Desktop\FRST.txt
2014-02-26 21:38 - 2014-02-26 21:38 - 00000000 ____D () C:\FRST
2014-02-26 21:37 - 2014-02-26 21:37 - 00001271 _____ () C:\Users\Marc\Desktop\Development Desktop.lnk
2014-02-26 21:10 - 2014-02-26 21:10 - 02155520 _____ (Farbar) C:\Users\Marc\Desktop\FRST64.exe
2014-02-26 15:23 - 2014-02-26 15:42 - 00000000 ____D () C:\Users\Development\Desktop\Star Energy
2014-02-26 07:56 - 2014-02-26 07:56 - 00001836 _____ () C:\Users\Development\Desktop\Book Cover.lnk
2014-02-25 06:29 - 2014-02-25 06:30 - 00000000 ____D () C:\Users\Test IE10\Desktop\virus
2014-02-24 22:49 - 2014-02-24 22:49 - 00178966 _____ () C:\Users\Marc\AppData\Local\census.cache
2014-02-24 22:49 - 2014-02-24 22:49 - 00136944 _____ () C:\Users\Marc\AppData\Local\ars.cache
2014-02-24 22:29 - 2012-06-05 02:37 - 00256904 _____ (Trend Micro Inc.) C:\windows\SysWOW64\Drivers\tmcomm.sys
2014-02-24 22:28 - 2014-02-24 22:28 - 00000036 _____ () C:\Users\Marc\AppData\Local\housecall.guid.cache
2014-02-24 22:19 - 2014-02-24 22:19 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-02-24 22:17 - 2014-02-24 22:17 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-02-24 20:02 - 2014-02-24 20:02 - 00001692 _____ () C:\Users\Test IE10\Desktop\Computer Comparison - Shortcut.lnk
2014-02-24 18:23 - 2014-02-24 18:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-02-24 18:10 - 2014-02-24 18:10 - 00001299 _____ () C:\Users\Test IE10\Desktop\My Documents.lnk
2014-02-24 18:07 - 2014-02-24 18:07 - 00000000 ____D () C:\Users\Test IE10\AppData\Roaming\Mozilla
2014-02-24 18:07 - 2014-02-24 18:07 - 00000000 ____D () C:\Users\Test IE10\AppData\Local\Mozilla
2014-02-24 17:34 - 2014-02-24 17:54 - 00000000 ____D () C:\Users\Test IE10\AppData\Roaming\Klok2.DD7F2188B985C2439837C76B42A187050457E61B.1
2014-02-24 17:34 - 2014-02-24 17:34 - 00000000 ____D () C:\Users\Test IE10\AppData\Roaming\Klok2
2014-02-24 17:18 - 2014-02-24 17:18 - 00000000 ____D () C:\Users\Test IE10\AppData\Local\Google
2014-02-24 17:17 - 2014-02-24 17:17 - 00000000 ____D () C:\Users\Test IE10\AppData\Local\Toshiba
2014-02-24 17:16 - 2014-02-24 17:16 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\Klok2.DD7F2188B985C2439837C76B42A187050457E61B.1
2014-02-24 17:16 - 2014-02-24 17:16 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\Klok2
2014-02-24 13:35 - 2014-02-24 22:52 - 00000000 ____D () C:\Users\Marc\Desktop\virus
2014-02-23 20:34 - 2014-02-23 20:34 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-23 20:34 - 2014-02-23 20:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-21 16:59 - 2014-02-21 17:37 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-21 16:58 - 2014-02-21 16:58 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-02-10 20:22 - 2014-02-10 20:22 - 00001421 _____ () C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-02-10 14:17 - 2014-02-24 11:48 - 00000000 ____D () C:\Users\Development\Documents\Home & Transportation
2014-02-04 22:21 - 2014-02-04 22:21 - 00000000 ____D () C:\Users\Development\AppData\Roaming\SimController
2014-02-04 20:39 - 2014-02-04 20:39 - 00001491 _____ () C:\Users\Development\Desktop\Three Serpents documents.lnk
2014-02-04 19:56 - 2014-02-04 19:56 - 00002151 _____ () C:\Users\Development\Desktop\Three Serpents deploy.lnk
2014-02-04 14:41 - 2014-02-26 20:52 - 00000598 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3357349812-2239403225-1323811888-1004.job
2014-02-04 14:41 - 2014-02-15 17:27 - 00003644 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3357349812-2239403225-1323811888-1004
2014-02-03 15:59 - 2014-02-12 11:50 - 00000000 ____D () C:\Users\Development\AppData\Local\join.me
2014-02-03 15:59 - 2014-02-03 15:59 - 00001108 _____ () C:\Users\Development\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-02-01 18:38 - 2014-02-01 19:14 - 00000000 ____D () C:\Users\Development\AppData\Roaming\.minecraft
2014-01-31 13:56 - 2014-01-31 13:56 - 00000000 ____D () C:\Users\Test IE9\AppData\Local\Toshiba
2014-01-31 13:30 - 2014-01-31 13:30 - 40821959 _____ (Core Services) C:\Users\Test IE9\Downloads\install-ietester-v0.5.2.exe
2014-01-31 13:18 - 2014-01-31 13:18 - 00000000 ____D () C:\Users\Test IE10\AppData\Roaming\Toshiba
2014-01-31 13:16 - 2014-01-31 13:16 - 00000000 ____D () C:\Users\Test IE9\AppData\Roaming\Toshiba
2014-01-31 13:12 - 2014-01-31 13:12 - 17847296 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 12344320 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 10926080 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 09739264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 03695416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-01-31 13:12 - 2014-01-31 13:12 - 03695416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-01-31 13:12 - 2014-01-31 13:12 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-01-31 13:12 - 2014-01-31 13:12 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-01-31 13:12 - 2014-01-31 13:12 - 02334720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 02147840 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 01494528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-01-31 13:12 - 2014-01-31 13:12 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-01-31 13:12 - 2014-01-31 13:12 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 01347072 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 01105408 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00534528 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-01-31 13:12 - 2014-01-31 13:12 - 00434176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00420864 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00403248 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-01-31 13:12 - 2014-01-31 13:12 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00353584 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00267776 _____ (Microsoft Corporation) C:\windows\system32\ieaksie.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00227840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieaksie.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00203776 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakui.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\ieakui.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00161792 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\ieakeng.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00152064 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00130560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakeng.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00123392 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00118784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00114176 _____ (Microsoft Corporation) C:\windows\system32\admparse.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00101888 _____ (Microsoft Corporation) C:\windows\SysWOW64\admparse.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00078848 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-01-31 13:12 - 2014-01-31 13:12 - 00074752 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00074752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ie4uinit.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00066048 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00065024 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00063488 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-01-31 13:12 - 2014-01-31 13:12 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00054272 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00035840 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00031744 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00023552 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-01-31 13:10 - 2014-01-31 13:10 - 04068864 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 03181568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-01-31 13:10 - 2014-01-31 13:10 - 01863680 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 01837568 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 01619456 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-01-31 13:10 - 2014-01-31 13:10 - 01540608 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 01495040 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 01170944 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 01133568 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 01074176 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00982912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-01-31 13:10 - 2014-01-31 13:10 - 00902656 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00739840 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00662528 _____ (Microsoft Corporation) C:\windows\system32\XpsPrint.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00470016 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsPrint.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00320512 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1core.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00283648 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00265088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2014-01-31 13:10 - 2014-01-31 13:10 - 00257024 _____ (Microsoft Corporation) C:\windows\system32\mfreadwrite.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\XpsRasterService.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00218624 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10_1core.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00196608 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfreadwrite.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00161792 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10_1.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00135168 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsRasterService.dll
2014-01-31 13:09 - 2014-01-31 13:09 - 00000000 ____D () C:\Users\Test IE9\AppData\Local\Google
2014-01-31 13:07 - 2014-01-31 13:49 - 00008203 _____ () C:\windows\IE9_main.log
2014-01-31 13:03 - 2014-02-25 07:21 - 00000000 ____D () C:\Users\Test IE10\AppData\Local\TSVNCache
2014-01-31 13:03 - 2014-02-24 18:47 - 00081088 _____ () C:\Users\Test IE10\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-31 13:03 - 2014-02-24 17:34 - 00000000 ____D () C:\Users\Test IE10\AppData\Roaming\Adobe
2014-01-31 13:03 - 2014-02-24 17:34 - 00000000 ____D () C:\Users\Test IE10\AppData\Local\Adobe
2014-01-31 13:03 - 2014-01-31 13:03 - 00000000 ____D () C:\Users\Test IE10\AppData\Roaming\Roxio
2014-01-31 13:03 - 2014-01-31 13:03 - 00000000 ____D () C:\Users\Test IE10\AppData\Roaming\Apple Computer
2014-01-31 13:02 - 2014-02-24 17:17 - 00001455 _____ () C:\Users\Test IE10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-31 13:02 - 2014-02-24 17:17 - 00001421 _____ () C:\Users\Test IE10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-01-31 13:02 - 2014-01-31 13:02 - 00000632 __RSH () C:\Users\Test IE10\ntuser.pol
2014-01-31 13:02 - 2014-01-31 13:02 - 00000020 ___SH () C:\Users\Test IE10\ntuser.ini
2014-01-31 13:02 - 2014-01-31 13:02 - 00000000 ___RD () C:\Users\Test IE10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-31 13:02 - 2014-01-31 13:02 - 00000000 ___RD () C:\Users\Test IE10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-31 13:02 - 2014-01-31 13:02 - 00000000 ____D () C:\Users\Test IE10\AppData\Roaming\Subversion
2014-01-31 13:02 - 2014-01-31 13:02 - 00000000 ____D () C:\Users\Test IE10\AppData\Local\VirtualStore
2014-01-31 13:02 - 2014-01-31 13:02 - 00000000 ____D () C:\Users\Test IE10
2014-01-31 13:02 - 2010-12-06 10:47 - 00000000 ____D () C:\Users\Test IE10\AppData\Local\Microsoft Help
2014-01-31 13:02 - 2010-04-24 11:49 - 00000000 ____D () C:\Users\Test IE10\AppData\Roaming\Macromedia
2014-01-31 13:02 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Test IE10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-31 13:02 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Test IE10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-31 13:01 - 2014-02-04 20:31 - 00000000 ____D () C:\Users\Test IE9\AppData\Roaming\Adobe
2014-01-31 13:01 - 2014-02-04 20:29 - 00000000 ____D () C:\Users\Test IE9\AppData\Local\Adobe
2014-01-31 13:01 - 2014-01-31 14:00 - 00000000 ____D () C:\Users\Test IE9\AppData\Local\TSVNCache
2014-01-31 13:01 - 2014-01-31 13:56 - 00001268 _____ () C:\Users\Test IE9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-31 13:01 - 2014-01-31 13:09 - 00002267 _____ () C:\Users\Test IE9\Desktop\Google Chrome.lnk
2014-01-31 13:01 - 2014-01-31 13:01 - 00081088 _____ () C:\Users\Test IE9\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-31 13:01 - 2014-01-31 13:01 - 00001421 _____ () C:\Users\Test IE9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-01-31 13:01 - 2014-01-31 13:01 - 00000000 ___RD () C:\Users\Test IE9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-31 13:01 - 2014-01-31 13:01 - 00000000 ____D () C:\Users\Test IE9\AppData\Roaming\Subversion
2014-01-31 13:01 - 2014-01-31 13:01 - 00000000 ____D () C:\Users\Test IE9\AppData\Roaming\Roxio
2014-01-31 13:01 - 2014-01-31 13:01 - 00000000 ____D () C:\Users\Test IE9\AppData\Roaming\Apple Computer
2014-01-31 13:00 - 2014-01-31 13:01 - 00000000 ___RD () C:\Users\Test IE9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-31 13:00 - 2014-01-31 13:01 - 00000000 ____D () C:\Users\Test IE9
2014-01-31 13:00 - 2014-01-31 13:00 - 00000632 __RSH () C:\Users\Test IE9\ntuser.pol
2014-01-31 13:00 - 2014-01-31 13:00 - 00000020 ___SH () C:\Users\Test IE9\ntuser.ini
2014-01-31 13:00 - 2014-01-31 13:00 - 00000000 ____D () C:\Users\Test IE9\AppData\Local\VirtualStore
2014-01-31 13:00 - 2010-12-06 10:47 - 00000000 ____D () C:\Users\Test IE9\AppData\Local\Microsoft Help
2014-01-31 13:00 - 2010-04-24 11:49 - 00000000 ____D () C:\Users\Test IE9\AppData\Roaming\Macromedia
2014-01-31 13:00 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Test IE9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-31 13:00 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Test IE9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-31 09:32 - 2014-01-31 09:33 - 36380976 _____ (Microsoft Corporation) C:\Users\Test IE9\Desktop\IE9-Windows7-x64-enu.exe
2014-01-29 08:12 - 2014-01-29 08:12 - 00000000 _____ () C:\Users\Marc\Desktop\httphelpx.adobe.comcreative-suitekbacrobat-failed-launch-30-days.txt.txt
2014-01-27 12:34 - 2014-01-27 12:34 - 01071000 _____ (Solid State Networks) C:\Users\Development\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe
2014-01-27 05:41 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
2014-01-27 05:40 - 2014-01-27 05:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-27 05:40 - 2014-01-27 05:41 - 00000000 ____D () C:\Program Files\iTunes
2014-01-27 05:40 - 2014-01-27 05:41 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-27 05:40 - 2014-01-27 05:40 - 00000000 ____D () C:\Program Files\iPod
2014-01-27 05:33 - 2014-01-27 05:33 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-01-27 05:30 - 2014-01-27 05:30 - 00000000 ____D () C:\Users\Development\AppData\Local\Apple
 
==================== One Month Modified Files and Folders =======
 
2014-02-26 21:39 - 2014-02-26 21:38 - 00021609 _____ () C:\Users\Marc\Desktop\FRST.txt
2014-02-26 21:38 - 2014-02-26 21:38 - 00000000 ____D () C:\FRST
2014-02-26 21:38 - 2010-04-10 05:03 - 00000000 ____D () C:\Users\Marc\AppData\Local\Adobe
2014-02-26 21:37 - 2014-02-26 21:37 - 00001271 _____ () C:\Users\Marc\Desktop\Development Desktop.lnk
2014-02-26 21:37 - 2011-12-23 12:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-26 21:36 - 2011-04-21 06:22 - 00000000 ____D () C:\Users\Marc\AppData\Local\TSVNCache
2014-02-26 21:36 - 2010-04-02 12:43 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-26 21:36 - 2010-03-25 10:28 - 00082712 _____ () C:\Users\Marc\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-26 21:35 - 2011-04-20 21:06 - 00000000 ____D () C:\Users\Development\AppData\Local\TSVNCache
2014-02-26 21:33 - 2011-04-21 04:21 - 00000466 _____ () C:\Users\Development\mm.cfg
2014-02-26 21:10 - 2014-02-26 21:10 - 02155520 _____ (Farbar) C:\Users\Marc\Desktop\FRST64.exe
2014-02-26 21:04 - 2010-04-02 12:43 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-26 20:52 - 2014-02-04 14:41 - 00000598 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3357349812-2239403225-1323811888-1004.job
2014-02-26 20:40 - 2009-07-14 00:13 - 00781586 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-26 15:42 - 2014-02-26 15:23 - 00000000 ____D () C:\Users\Development\Desktop\Star Energy
2014-02-26 13:55 - 2009-12-22 17:55 - 01626215 _____ () C:\windows\WindowsUpdate.log
2014-02-26 11:05 - 2011-04-20 20:16 - 00000000 ____D () C:\Users\Development\AppData\Roaming\Adobe
2014-02-26 11:04 - 2011-04-20 20:20 - 00082712 _____ () C:\Users\Development\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-26 09:03 - 2014-01-06 10:10 - 00000000 ____D () C:\Users\Development\Documents\Story & Writing
2014-02-26 07:56 - 2014-02-26 07:56 - 00001836 _____ () C:\Users\Development\Desktop\Book Cover.lnk
2014-02-26 06:42 - 2013-12-26 21:42 - 00000000 ____D () C:\Users\Development\Documents\Health & Wellbeing
2014-02-26 06:42 - 2013-12-23 12:40 - 00000000 ____D () C:\Users\Development\Documents\`To Sort
2014-02-26 06:36 - 2009-07-13 23:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-26 06:36 - 2009-07-13 23:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-26 06:27 - 2012-10-27 14:12 - 00033062 _____ () C:\windows\setupact.log
2014-02-26 06:27 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-26 06:26 - 2011-04-25 06:29 - 00181660 _____ () C:\aaw7boot.log
2014-02-25 13:58 - 2011-05-31 22:17 - 00000000 ____D () C:\Users\Development\AppData\Local\CrashDumps
2014-02-25 07:21 - 2014-01-31 13:03 - 00000000 ____D () C:\Users\Test IE10\AppData\Local\TSVNCache
2014-02-25 07:21 - 2013-12-23 02:26 - 00000000 ____D () C:\Users\Development\AppData\Roaming\Klok2.DD7F2188B985C2439837C76B42A187050457E61B.1
2014-02-25 06:30 - 2014-02-25 06:29 - 00000000 ____D () C:\Users\Test IE10\Desktop\virus
2014-02-24 22:52 - 2014-02-24 13:35 - 00000000 ____D () C:\Users\Marc\Desktop\virus
2014-02-24 22:49 - 2014-02-24 22:49 - 00178966 _____ () C:\Users\Marc\AppData\Local\census.cache
2014-02-24 22:49 - 2014-02-24 22:49 - 00136944 _____ () C:\Users\Marc\AppData\Local\ars.cache
2014-02-24 22:28 - 2014-02-24 22:28 - 00000036 _____ () C:\Users\Marc\AppData\Local\housecall.guid.cache
2014-02-24 22:19 - 2014-02-24 22:19 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-02-24 22:17 - 2014-02-24 22:17 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-02-24 20:02 - 2014-02-24 20:02 - 00001692 _____ () C:\Users\Test IE10\Desktop\Computer Comparison - Shortcut.lnk
2014-02-24 18:47 - 2014-01-31 13:03 - 00081088 _____ () C:\Users\Test IE10\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-24 18:32 - 2009-07-13 23:45 - 05057312 _____ () C:\windows\system32\FNTCACHE.DAT
2014-02-24 18:30 - 2009-12-22 18:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-24 18:29 - 2009-12-22 17:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-02-24 18:27 - 2009-07-14 02:45 - 00000000 ____D () C:\windows\ShellNew
2014-02-24 18:23 - 2014-02-24 18:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-02-24 18:21 - 2009-07-13 21:34 - 00000521 _____ () C:\windows\win.ini
2014-02-24 18:10 - 2014-02-24 18:10 - 00001299 _____ () C:\Users\Test IE10\Desktop\My Documents.lnk
2014-02-24 18:07 - 2014-02-24 18:07 - 00000000 ____D () C:\Users\Test IE10\AppData\Roaming\Mozilla
2014-02-24 18:07 - 2014-02-24 18:07 - 00000000 ____D () C:\Users\Test IE10\AppData\Local\Mozilla
2014-02-24 17:54 - 2014-02-24 17:34 - 00000000 ____D () C:\Users\Test IE10\AppData\Roaming\Klok2.DD7F2188B985C2439837C76B42A187050457E61B.1
2014-02-24 17:34 - 2014-02-24 17:34 - 00000000 ____D () C:\Users\Test IE10\AppData\Roaming\Klok2
2014-02-24 17:34 - 2014-01-31 13:03 - 00000000 ____D () C:\Users\Test IE10\AppData\Roaming\Adobe
2014-02-24 17:34 - 2014-01-31 13:03 - 00000000 ____D () C:\Users\Test IE10\AppData\Local\Adobe
2014-02-24 17:18 - 2014-02-24 17:18 - 00000000 ____D () C:\Users\Test IE10\AppData\Local\Google
2014-02-24 17:17 - 2014-02-24 17:17 - 00000000 ____D () C:\Users\Test IE10\AppData\Local\Toshiba
2014-02-24 17:17 - 2014-01-31 13:02 - 00001455 _____ () C:\Users\Test IE10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-24 17:17 - 2014-01-31 13:02 - 00001421 _____ () C:\Users\Test IE10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-02-24 17:16 - 2014-02-24 17:16 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\Klok2.DD7F2188B985C2439837C76B42A187050457E61B.1
2014-02-24 17:16 - 2014-02-24 17:16 - 00000000 ____D () C:\Users\Marc\AppData\Roaming\Klok2
2014-02-24 11:55 - 2013-12-23 03:09 - 00000000 ____D () C:\Users\Development\Documents\Business
2014-02-24 11:48 - 2014-02-10 14:17 - 00000000 ____D () C:\Users\Development\Documents\Home & Transportation
2014-02-24 11:37 - 2014-01-16 11:57 - 00001085 _____ () C:\Users\Development\Desktop\`To Sort.lnk
2014-02-24 11:19 - 2013-12-30 08:13 - 00000000 ____D () C:\Users\Development\Documents\Family & Friends
2014-02-24 09:51 - 2012-03-05 11:42 - 00000000 ____D () C:\Users\Development\AppData\Roaming\Apple Computer
2014-02-23 20:34 - 2014-02-23 20:34 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-23 20:34 - 2014-02-23 20:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-23 20:34 - 2011-01-06 13:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-21 17:37 - 2014-02-21 16:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-21 16:58 - 2014-02-21 16:58 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-02-21 16:50 - 2009-11-30 23:44 - 00367674 _____ () C:\windows\PFRO.log
2014-02-20 13:32 - 2013-12-24 08:15 - 00001456 _____ () C:\Users\Development\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-02-19 08:35 - 2014-01-13 23:14 - 00000000 ____D () C:\Users\Development\Documents\Money
2014-02-18 16:10 - 2011-04-21 14:55 - 00000000 ____D () C:\Users\Kids\AppData\Local\TSVNCache
2014-02-18 15:14 - 2010-12-09 10:01 - 00001455 _____ () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-18 15:14 - 2010-12-09 10:01 - 00001421 _____ () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-02-18 06:58 - 2009-07-14 00:08 - 00032576 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-02-15 17:27 - 2014-02-04 14:41 - 00003644 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3357349812-2239403225-1323811888-1004
2014-02-13 18:04 - 2013-01-16 13:06 - 00000000 ____D () C:\Users\Cole\AppData\Local\TSVNCache
2014-02-13 16:04 - 2013-01-16 12:58 - 00001455 _____ () C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-13 16:04 - 2013-01-16 12:58 - 00001421 _____ () C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-02-12 11:50 - 2014-02-03 15:59 - 00000000 ____D () C:\Users\Development\AppData\Local\join.me
2014-02-11 12:59 - 2010-04-02 12:43 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 12:59 - 2010-04-02 12:43 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-11 05:37 - 2011-04-20 20:16 - 00001455 _____ () C:\Users\Development\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-11 05:37 - 2011-04-20 20:16 - 00001421 _____ () C:\Users\Development\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-02-10 20:22 - 2014-02-10 20:22 - 00001421 _____ () C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-02-10 20:22 - 2010-03-25 10:25 - 00001455 _____ () C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-09 09:23 - 2013-05-26 09:04 - 00000000 ____D () C:\Users\Tommy\AppData\Local\TSVNCache
2014-02-09 09:02 - 2013-05-26 09:04 - 00081088 _____ () C:\Users\Tommy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-09 09:02 - 2013-05-26 09:04 - 00001268 _____ () C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-09 09:02 - 2013-05-26 09:04 - 00000000 ____D () C:\Users\Tommy\AppData\Roaming\Adobe
2014-02-08 10:45 - 2010-12-09 10:02 - 00081088 _____ () C:\Users\Kids\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-06 17:26 - 2013-01-16 12:58 - 00000000 ____D () C:\Users\Cole\AppData\Roaming\Adobe
2014-02-06 17:25 - 2013-01-16 12:58 - 00081088 _____ () C:\Users\Cole\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-04 22:21 - 2014-02-04 22:21 - 00000000 ____D () C:\Users\Development\AppData\Roaming\SimController
2014-02-04 21:30 - 2012-08-10 14:12 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-04 21:30 - 2012-08-10 14:12 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 20:40 - 2011-11-21 14:48 - 00000000 ____D () C:\Program Files (x86)\FlashDevelop
2014-02-04 20:39 - 2014-02-04 20:39 - 00001491 _____ () C:\Users\Development\Desktop\Three Serpents documents.lnk
2014-02-04 20:34 - 2011-04-20 20:21 - 00000000 ____D () C:\Users\Development\AppData\Local\Adobe
2014-02-04 20:31 - 2014-01-31 13:01 - 00000000 ____D () C:\Users\Test IE9\AppData\Roaming\Adobe
2014-02-04 20:31 - 2013-08-24 22:43 - 00000000 ____D () C:\Users\Safety\AppData\Roaming\Adobe
2014-02-04 20:31 - 2011-10-27 13:02 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Adobe
2014-02-04 20:31 - 2010-12-09 10:17 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Adobe
2014-02-04 20:29 - 2014-01-31 13:01 - 00000000 ____D () C:\Users\Test IE9\AppData\Local\Adobe
2014-02-04 20:29 - 2013-08-24 22:43 - 00000000 ____D () C:\Users\Safety\AppData\Local\Adobe
2014-02-04 20:29 - 2013-05-26 09:04 - 00000000 ____D () C:\Users\Tommy\AppData\Local\Adobe
2014-02-04 20:29 - 2013-01-16 12:58 - 00000000 ____D () C:\Users\Cole\AppData\Local\Adobe
2014-02-04 20:29 - 2011-12-05 09:40 - 00000000 ____D () C:\Users\Mom\AppData\Local\Adobe
2014-02-04 20:29 - 2011-04-20 19:24 - 00000000 ____D () C:\Users\Kids\AppData\Local\Adobe
2014-02-04 20:28 - 2009-12-22 18:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-04 19:56 - 2014-02-04 19:56 - 00002151 _____ () C:\Users\Development\Desktop\Three Serpents deploy.lnk
2014-02-03 15:59 - 2014-02-03 15:59 - 00001108 _____ () C:\Users\Development\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-02-02 19:00 - 2014-01-06 10:10 - 00000000 ____D () C:\Users\Development\Documents\Fun
2014-02-01 19:14 - 2014-02-01 18:38 - 00000000 ____D () C:\Users\Development\AppData\Roaming\.minecraft
2014-01-31 21:03 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-01-31 14:00 - 2014-01-31 13:01 - 00000000 ____D () C:\Users\Test IE9\AppData\Local\TSVNCache
2014-01-31 13:56 - 2014-01-31 13:56 - 00000000 ____D () C:\Users\Test IE9\AppData\Local\Toshiba
2014-01-31 13:56 - 2014-01-31 13:01 - 00001268 _____ () C:\Users\Test IE9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-31 13:51 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-01-31 13:49 - 2014-01-31 13:07 - 00008203 _____ () C:\windows\IE9_main.log
2014-01-31 13:30 - 2014-01-31 13:30 - 40821959 _____ (Core Services) C:\Users\Test IE9\Downloads\install-ietester-v0.5.2.exe
2014-01-31 13:18 - 2014-01-31 13:18 - 00000000 ____D () C:\Users\Test IE10\AppData\Roaming\Toshiba
2014-01-31 13:16 - 2014-01-31 13:16 - 00000000 ____D () C:\Users\Test IE9\AppData\Roaming\Toshiba
2014-01-31 13:12 - 2014-01-31 13:12 - 17847296 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 12344320 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 10926080 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 09739264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 03695416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-01-31 13:12 - 2014-01-31 13:12 - 03695416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-01-31 13:12 - 2014-01-31 13:12 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-01-31 13:12 - 2014-01-31 13:12 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-01-31 13:12 - 2014-01-31 13:12 - 02334720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 02147840 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 01494528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-01-31 13:12 - 2014-01-31 13:12 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-01-31 13:12 - 2014-01-31 13:12 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 01347072 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 01105408 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00534528 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-01-31 13:12 - 2014-01-31 13:12 - 00434176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00420864 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00403248 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-01-31 13:12 - 2014-01-31 13:12 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00353584 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00267776 _____ (Microsoft Corporation) C:\windows\system32\ieaksie.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00227840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieaksie.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00203776 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakui.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\ieakui.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00161792 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\ieakeng.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00152064 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00130560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakeng.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00123392 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00118784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00114176 _____ (Microsoft Corporation) C:\windows\system32\admparse.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00101888 _____ (Microsoft Corporation) C:\windows\SysWOW64\admparse.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00078848 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-01-31 13:12 - 2014-01-31 13:12 - 00074752 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00074752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ie4uinit.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00066048 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00065024 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00063488 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-01-31 13:12 - 2014-01-31 13:12 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00054272 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00035840 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00031744 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00023552 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-01-31 13:12 - 2014-01-31 13:12 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-01-31 13:10 - 2014-01-31 13:10 - 04068864 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 03181568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-01-31 13:10 - 2014-01-31 13:10 - 01863680 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 01837568 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 01619456 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-01-31 13:10 - 2014-01-31 13:10 - 01540608 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 01495040 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 01170944 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 01133568 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 01074176 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00982912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-01-31 13:10 - 2014-01-31 13:10 - 00902656 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00739840 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00662528 _____ (Microsoft Corporation) C:\windows\system32\XpsPrint.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00470016 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsPrint.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00320512 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1core.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00283648 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00265088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2014-01-31 13:10 - 2014-01-31 13:10 - 00257024 _____ (Microsoft Corporation) C:\windows\system32\mfreadwrite.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\XpsRasterService.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00218624 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10_1core.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00196608 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfreadwrite.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00161792 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10_1.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2014-01-31 13:10 - 2014-01-31 13:10 - 00135168 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsRasterService.dll
2014-01-31 13:09 - 2014-01-31 13:09 - 00000000 ____D () C:\Users\Test IE9\AppData\Local\Google
2014-01-31 13:09 - 2014-01-31 13:01 - 00002267 _____ () C:\Users\Test IE9\Desktop\Google Chrome.lnk
2014-01-31 13:03 - 2014-01-31 13:03 - 00000000 ____D () C:\Users\Test IE10\AppData\Roaming\Roxio
2014-01-31 13:03 - 2014-01-31 13:03 - 00000000 ____D () C:\Users\Test IE10\AppData\Roaming\Apple Computer
2014-01-31 13:02 - 2014-01-31 13:02 - 00000632 __RSH () C:\Users\Test IE10\ntuser.pol
2014-01-31 13:02 - 2014-01-31 13:02 - 00000020 ___SH () C:\Users\Test IE10\ntuser.ini
2014-01-31 13:02 - 2014-01-31 13:02 - 00000000 ___RD () C:\Users\Test IE10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-31 13:02 - 2014-01-31 13:02 - 00000000 ___RD () C:\Users\Test IE10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-31 13:02 - 2014-01-31 13:02 - 00000000 ____D () C:\Users\Test IE10\AppData\Roaming\Subversion
2014-01-31 13:02 - 2014-01-31 13:02 - 00000000 ____D () C:\Users\Test IE10\AppData\Local\VirtualStore
2014-01-31 13:02 - 2014-01-31 13:02 - 00000000 ____D () C:\Users\Test IE10
2014-01-31 13:01 - 2014-01-31 13:01 - 00081088 _____ () C:\Users\Test IE9\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-31 13:01 - 2014-01-31 13:01 - 00001421 _____ () C:\Users\Test IE9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-01-31 13:01 - 2014-01-31 13:01 - 00000000 ___RD () C:\Users\Test IE9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-31 13:01 - 2014-01-31 13:01 - 00000000 ____D () C:\Users\Test IE9\AppData\Roaming\Subversion
2014-01-31 13:01 - 2014-01-31 13:01 - 00000000 ____D () C:\Users\Test IE9\AppData\Roaming\Roxio
2014-01-31 13:01 - 2014-01-31 13:01 - 00000000 ____D () C:\Users\Test IE9\AppData\Roaming\Apple Computer
2014-01-31 13:01 - 2014-01-31 13:00 - 00000000 ___RD () C:\Users\Test IE9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-31 13:01 - 2014-01-31 13:00 - 00000000 ____D () C:\Users\Test IE9
2014-01-31 13:00 - 2014-01-31 13:00 - 00000632 __RSH () C:\Users\Test IE9\ntuser.pol
2014-01-31 13:00 - 2014-01-31 13:00 - 00000020 ___SH () C:\Users\Test IE9\ntuser.ini
2014-01-31 13:00 - 2014-01-31 13:00 - 00000000 ____D () C:\Users\Test IE9\AppData\Local\VirtualStore
2014-01-31 09:34 - 2011-05-22 16:31 - 00000000 ____D () C:\Users\Marc\Desktop\Software
2014-01-31 09:33 - 2014-01-31 09:32 - 36380976 _____ (Microsoft Corporation) C:\Users\Test IE9\Desktop\IE9-Windows7-x64-enu.exe
2014-01-29 08:12 - 2014-01-29 08:12 - 00000000 _____ () C:\Users\Marc\Desktop\httphelpx.adobe.comcreative-suitekbacrobat-failed-launch-30-days.txt.txt
2014-01-27 12:34 - 2014-01-27 12:34 - 01071000 _____ (Solid State Networks) C:\Users\Development\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe
2014-01-27 05:41 - 2014-01-27 05:40 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-27 05:41 - 2014-01-27 05:40 - 00000000 ____D () C:\Program Files\iTunes
2014-01-27 05:41 - 2014-01-27 05:40 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-27 05:40 - 2014-01-27 05:40 - 00000000 ____D () C:\Program Files\iPod
2014-01-27 05:36 - 2011-12-26 09:28 - 00000000 ____D () C:\ProgramData\Apple
2014-01-27 05:33 - 2014-01-27 05:33 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-01-27 05:30 - 2014-01-27 05:30 - 00000000 ____D () C:\Users\Development\AppData\Local\Apple
 
Some content of TEMP:
====================
C:\Users\Kids\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Mom\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-18 07:41
 
==================== End Of Log ============================
 
----------
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014
Ran by Marc at 2014-02-26 21:40:08
Running from C:\Users\Marc\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Lavasoft Ad-Watch Live! Anti-Virus (Enabled - Up to date) {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Watch Live! (Enabled - Up to date) {24938260-56EE-C1E5-047B-DC2BDD234BAB}
 
==================== Installed Programs ======================
 
3DVIA player 5.0.0.20 (HKLM-x32\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Ad-Aware (HKLM-x32\...\Ad-Aware) (Version:  - Lavasoft)
Ad-Aware (x32 Version: 9.0.1 - Lavasoft) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe After Effects CS4 Third Party Content (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_7e74552a59eaf9fafd13f90894ac9bd) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.0.6 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Professional CS5.5 (HKLM-x32\...\{23E445D5-FD83-4C50-A211-EB26A2975317}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.3.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.2 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 Codecs (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Beyond Compare 3.3.8 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.8.16340 - Scooter Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFC-6490CW (HKLM-x32\...\{C2B5B74F-37BB-4D67-9A2B-C53DE961775E}) (Version: 1.00 - Brother)
Brother MFL-Pro Suite MFC-6490CW (HKLM-x32\...\{20E970DF-A7B2-4345-9DEB-72213A29645E}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.4.5.9 - Telerik)
FlashDevelop 4.5.2 (HKLM-x32\...\FlashDevelop) (Version: 4.5.2 - FlashDevelop.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java™ 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Klok 2 (HKLM-x32\...\Klok2.DD7F2188B985C2439837C76B42A187050457E61B.1) (Version: 2.5.9 - Mcgraphix, Inc.)
Klok 2 (x32 Version: 2.5.9 - Mcgraphix, Inc.) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mavis Beacon Teaches Typing 18 (HKLM-x32\...\{5B049B61-0684-460E-A5F2-5EC314590344}) (Version: 18.00.0000 - Broderbund)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware (Version: 3.0.8107.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office Basic 2007 (HKLM-x32\...\BASICR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Basic 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 2.0.0657.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pirate101 (HKLM-x32\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Quicken 2007 (HKLM-x32\...\{0D2E80C8-0875-43EB-9623-47118E2DFBCA}) (Version: 16.1.1.27 - Intuit)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Rhapsody (HKLM-x32\...\Rhapsody) (Version:  - )
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio Roxio Burn (x32 Version: 1.0.0 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Sid Meier's Civilization IV (HKLM-x32\...\Steam App 3900) (Version:  - Firaxis)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 5.3 (HKLM-x32\...\{5335DADB-34BA-4AE8-A519-648D78498846}) (Version: 5.3.111 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
TortoiseSVN 1.7.10.23359 (64 bit) (HKLM\...\{71EFF430-1A34-423E-8EAF-A80173960A8E}) (Version: 1.7.23359 - TortoiseSVN)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.5.05.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.4C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.11C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.2 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.2 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.2 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.5.07.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.7C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.26.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.26.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.2.26.64 - TOSHIBA Corporation) Hidden
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Trend Micro RUBotted 2.0 Beta (HKLM-x32\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)
Update for 2007 Microsoft Office System (KB2284654) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 (KB980729) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Utility Common Driver (x32 Version: 1.0.50.27C - TOSHIBA) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0) (HKLM\...\422991454CB076E9B856C21BBF99AF2B82317EDA) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
 
==================== Restore Points  =========================
 
23-02-2014 12:49:29 Windows Update
24-02-2014 01:42:47 Windows Update
24-02-2014 12:44:08 Windows Update
24-02-2014 19:38:25 OTL Restore Point - 2/24/2014 2:38:19 PM
26-02-2014 11:38:33 Windows Update
 
==================== Hosts content: ==========================
 
2014-01-11 21:47 - 2014-01-13 15:52 - 00434935 ____A C:\windows\system32\Drivers\etc\hosts
74.217.239.152 staging-laprairieswitzerland.com
74.217.239.151 staging-laprairieswitzerland.ch
74.217.239.151 staging-laprairie.de
74.217.239.151 staging-laprairie.es
74.217.239.151 staging-la-prairie.fr
74.217.239.151 staging-la-prairie.it
74.217.239.151 staging-laprairie.at
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {08AB1399-4C03-4047-BE09-0A3B95BA59E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02] (Google Inc.)
Task: {2FECA484-A19D-4F6A-AFEC-5657FF2298DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02] (Google Inc.)
Task: {5C73342A-CEB4-4642-B123-F54830737944} - System32\Tasks\{80A7BA4A-FC44-46F2-B5AA-93ACA1C306FD} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2011-04-18] (Skype Technologies S.A.)
Task: {64FC9748-CF7C-49FF-B1D0-AE1E782ABE07} - System32\Tasks\AdobeAAMUpdater-1.0-KIDSCOMPUTER-Marc => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {9D7EDCC4-A2A6-427F-A74F-77F730B54A12} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {DDF5AB17-1F90-4AC4-9665-26FB33A4CD4B} - System32\Tasks\G2MUpdateTask-S-1-5-21-3357349812-2239403225-1323811888-1004 => C:\Users\Development\AppData\Local\Citrix\GoToMeeting\1312\g2mupdate.exe [2014-02-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3357349812-2239403225-1323811888-1004.job => C:\Users\Development\AppData\Local\Citrix\GoToMeeting\1312\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-10-27 14:03 - 2005-04-22 12:36 - 00143360 ____N () C:\windows\system32\BrSNMP64.dll
2012-10-08 21:10 - 2012-10-08 21:10 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2009-07-16 18:27 - 2009-07-16 18:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 18:27 - 2009-07-16 18:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-11-30 23:29 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 20:38 - 2009-07-25 20:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-09-17 14:41 - 2009-09-17 14:41 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2009-07-13 01:35 - 2009-07-13 01:35 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2011-04-18 19:00 - 2011-04-19 11:03 - 00589184 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\RPAPI.dll
2011-04-18 19:00 - 2011-04-19 11:03 - 00430568 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\viprebridge.dll
2011-04-18 19:00 - 2011-04-18 19:00 - 00300368 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\Vipre.dll
2011-03-20 11:40 - 2011-03-20 11:40 - 00316752 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll
2011-03-20 11:40 - 2011-03-20 11:40 - 04269392 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll
2011-03-20 11:40 - 2011-03-20 11:40 - 00963920 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\lgpl.dll
2011-03-20 11:40 - 2011-03-20 11:40 - 00202064 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\lib7zip.dll
2011-03-20 11:40 - 2011-03-20 11:40 - 00210256 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
2011-03-20 11:40 - 2011-03-20 11:40 - 00292176 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll
2011-03-20 11:40 - 2011-03-20 11:40 - 00193872 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
2011-03-20 11:40 - 2011-03-20 11:40 - 00443728 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libMsCab.dll
2011-03-20 11:40 - 2011-03-20 11:40 - 00185680 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll
2011-03-20 11:40 - 2011-03-20 11:40 - 00210256 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll
2011-03-20 11:40 - 2011-03-20 11:40 - 00349520 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll
2011-03-20 11:40 - 2011-03-20 11:40 - 00300368 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll
2011-03-20 11:40 - 2011-03-20 11:40 - 00185680 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libRTF.dll
2011-03-20 11:40 - 2011-03-20 11:40 - 00185680 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll
2011-03-20 11:40 - 2011-03-20 11:40 - 00394576 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll
2011-03-20 11:40 - 2011-03-20 11:40 - 00263504 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-24 22:17 - 2010-08-24 19:06 - 00085840 _____ () C:\Program Files (x86)\Trend Micro\RUBotted\hc_help.dll
2012-10-08 19:42 - 2012-10-08 19:42 - 00070536 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2012-10-27 14:03 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/26/2014 07:53:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/25/2014 01:57:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: splwow64.exe, version: 6.1.7600.16385, time stamp: 0x4a5bd3ca
Faulting module name: GDI32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf01
Exception code: 0xc0000005
Fault offset: 0x00000000000157a0
Faulting process id: 0xe24
Faulting application start time: 0xsplwow64.exe0
Faulting application path: splwow64.exe1
Faulting module path: splwow64.exe2
Report Id: splwow64.exe3
 
Error: (02/25/2014 01:57:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 12.0.6545.5000, time stamp: 0x4c653e57
Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp: 0x4ba9b29c
Exception code: 0xc0000005
Fault offset: 0x00022262
Faulting process id: 0x64c
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3
 
Error: (02/25/2014 01:06:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/25/2014 06:30:52 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{5E653719-F83A-4CA6-BA53-F62699EB53F4}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}Explorer
 
Error: (02/24/2014 10:40:48 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   26 Development’s\032Library._home-sharing._tcp.local. SRV 0 0 3689 KidsComputer.local.
 
Error: (02/24/2014 10:40:48 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353  315 Development’s\032Library._home-sharing._tcp.local. TXT txtvers=1¦hQ=249¦dmv=131082¦iTSh Version=196618¦MID=0x4AA27D3BD1045FC2¦PrVs=65538¦Database
 
Error: (02/24/2014 10:38:19 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   26 Development’s\032Library._home-sharing._tcp.local. SRV 0 0 3689 KidsComputer.local.
 
Error: (02/24/2014 10:38:19 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353  315 Development’s\032Library._home-sharing._tcp.local. TXT txtvers=1¦hQ=236¦dmv=131082¦iTSh Version=196618¦MID=0x4AA27D3BD1045FC2¦PrVs=65538¦Database
 
Error: (02/24/2014 10:31:48 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   26 Development’s\032Library._home-sharing._tcp.local. SRV 0 0 3689 KidsComputer.local.
 
 
System errors:
=============
Error: (02/26/2014 06:31:16 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
 
Error: (02/26/2014 06:28:46 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%835
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%842
 
Error: (02/25/2014 06:14:48 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%835
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%842
 
Error: (02/24/2014 10:22:58 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%835
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%842
 
Error: (02/24/2014 10:12:25 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
 
Error: (02/24/2014 02:00:20 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%835
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%842
 
Error: (02/22/2014 07:16:48 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%835
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%842
 
Error: (02/22/2014 07:16:08 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
 
Error: (02/21/2014 04:50:59 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%835
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%842
 
Error: (02/21/2014 01:23:05 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wscsvc service.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 47%
Total physical RAM: 2936.89 MB
Available physical RAM: 1556.25 MB
Total Pagefile: 5871.92 MB
Available Pagefile: 4295.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (CeeDrive) (Fixed) (Total:222.43 GB) (Free:74.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: CE865B76)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 


#4 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 27 February 2014 - 08:21 PM

I'm not seeing a key logger - but there are a couple modified group policies.  If you set them (you'd know if you did) then ignore the next instructions.  If you didn't set them - then this will reset them to "normal".
 
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it as fixlist.txt
 

GroupPolicyUsers\S-1-5-21-3357349812-2239403225-1323811888-1006\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3357349812-2239403225-1323811888-1003\User: Group Policy restriction detected <======= ATTENTION

.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
Once you've done that (or if you didn't... then instead of), let's get an online scan that takes forever:
 
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: EOLS1.gif

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option   YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#5 Nick*

Nick*

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 03 March 2014 - 04:00 AM

Hi Tomk,

 

Here are the results:

 

Thanks,

Nick

 

 

Fixlog.txt:

 

----------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2014 03
Ran by Marc at 2014-03-02 20:18:54 Run:1
Running from C:\Users\Marc\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-3357349812-2239403225-1323811888-1006\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3357349812-2239403225-1323811888-1003\User: Group Policy restriction detected <======= ATTENTION
*****************
 
C:\windows\system32\GroupPolicyUsers\S-1-5-21-3357349812-2239403225-1323811888-1006\User => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\windows\system32\GroupPolicyUsers\S-1-5-21-3357349812-2239403225-1323811888-1003\User => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
----------
 
 
ESET log.txt:
 
----------
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 
----------


#6 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 03 March 2014 - 09:00 AM

Well... I'm not finding any keylogger.

 

Let's run one more tool... just because.

 

Download ComboFix from here:  http://download.blee...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html 
     
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix.  If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#7 Nick*

Nick*

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 04 March 2014 - 08:01 PM

Thanks again Tomk for your work on my issue. Here's the ComboFix log.

 

 

ComboFix 14-03-04.03 - Marc 03/04/2014  20:22:46.1.1 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.2937.1607 [GMT -5:00]
Running from: c:\users\Marc\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-05 to 2014-03-05  )))))))))))))))))))))))))))))))
.
.
2014-03-05 01:35 . 2014-03-05 01:35 -------- d-----w- c:\users\Kids\AppData\Local\temp
2014-03-05 01:35 . 2014-03-05 01:35 -------- d-----w- c:\users\Development\AppData\Local\temp
2014-03-05 01:35 . 2014-03-05 01:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-05 01:35 . 2014-03-05 01:35 -------- d-----w- c:\users\Cole\AppData\Local\temp
2014-03-05 01:35 . 2014-03-05 01:35 -------- d-----w- c:\users\Test IE10\AppData\Local\temp
2014-03-05 01:35 . 2014-03-05 01:35 -------- d-----w- c:\users\Safety\AppData\Local\temp
2014-03-05 01:35 . 2014-03-05 01:35 -------- d-----w- c:\users\Mom\AppData\Local\temp
2014-03-05 01:35 . 2014-03-05 01:35 -------- d-----w- c:\users\Tommy\AppData\Local\temp
2014-03-05 01:35 . 2014-03-05 01:35 -------- d-----w- c:\users\Test IE9\AppData\Local\temp
2014-03-04 17:47 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4EFAD145-9A6C-4310-9E8C-95A5383DC905}\mpengine.dll
2014-03-03 01:15 . 2014-03-03 01:15 -------- d-----w- c:\programdata\Trend Micro
2014-02-27 02:38 . 2014-03-03 01:18 -------- d-----w- C:\FRST
2014-02-25 03:29 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2014-02-25 03:19 . 2014-02-25 03:19 -------- d-----w- c:\program files (x86)\WinPcap
2014-02-25 03:17 . 2014-02-25 03:17 -------- d-----w- c:\program files (x86)\Trend Micro
2014-02-24 23:07 . 2014-02-24 23:07 -------- d-----w- c:\users\Test IE10\AppData\Local\Mozilla
2014-02-24 22:34 . 2014-02-24 22:34 -------- d-----w- c:\users\Test IE10\AppData\Roaming\Klok2
2014-02-24 22:18 . 2014-02-24 22:18 -------- d-----w- c:\users\Test IE10\AppData\Local\Google
2014-02-24 22:17 . 2014-02-24 22:17 -------- d-----w- c:\users\Test IE10\AppData\Local\Toshiba
2014-02-24 22:16 . 2014-02-24 22:16 -------- d-----w- c:\users\Marc\AppData\Roaming\Klok2
2014-02-24 01:34 . 2014-02-24 01:34 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-02-21 21:59 . 2014-02-21 22:37 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-21 21:58 . 2014-02-21 21:58 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-05 03:21 . 2014-02-05 03:21 -------- d-----w- c:\users\Development\AppData\Roaming\SimController
2014-02-03 20:59 . 2014-02-12 16:50 -------- d-----w- c:\users\Development\AppData\Local\join.me
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-06 09:01 . 2012-02-05 12:53 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-05 02:30 . 2012-08-10 19:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 02:30 . 2012-08-10 19:12 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-31 18:12 . 2014-01-31 18:12 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-01-31 18:12 . 2014-01-31 18:12 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2014-01-31 18:12 . 2014-01-31 18:12 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2014-01-31 18:12 . 2014-01-31 18:12 1806848 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-01-31 18:12 . 2014-01-31 18:12 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-01-31 18:12 . 2014-01-31 18:12 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-01-31 18:12 . 2014-01-31 18:12 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-01-31 18:12 . 2014-01-31 18:12 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-01-31 18:12 . 2014-01-31 18:12 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-01-31 18:12 . 2014-01-31 18:12 367104 ----a-w- c:\windows\SysWow64\html.iec
2014-01-31 18:12 . 2014-01-31 18:12 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-01-31 18:12 . 2014-01-31 18:12 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-01-31 18:12 . 2014-01-31 18:12 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-01-31 18:12 . 2014-01-31 18:12 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-01-31 18:12 . 2014-01-31 18:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-01-31 18:12 . 2014-01-31 18:12 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2014-01-31 18:12 . 2014-01-31 18:12 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-01-31 18:12 . 2014-01-31 18:12 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-01-31 18:12 . 2014-01-31 18:12 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-01-31 18:12 . 2014-01-31 18:12 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2014-01-31 18:12 . 2014-01-31 18:12 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2014-01-31 18:12 . 2014-01-31 18:12 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-01-31 18:12 . 2014-01-31 18:12 1347072 ----a-w- c:\windows\system32\urlmon.dll
2014-01-31 18:12 . 2014-01-31 18:12 85504 ----a-w- c:\windows\system32\jsproxy.dll
2014-01-31 18:12 . 2014-01-31 18:12 222208 ----a-w- c:\windows\system32\msls31.dll
2014-01-31 18:12 . 2014-01-31 18:12 2147840 ----a-w- c:\windows\system32\iertutil.dll
2014-01-31 18:12 . 2014-01-31 18:12 197120 ----a-w- c:\windows\system32\msrating.dll
2014-01-31 18:12 . 2014-01-31 18:12 1392128 ----a-w- c:\windows\system32\wininet.dll
2014-01-31 18:12 . 2014-01-31 18:12 17847296 ----a-w- c:\windows\system32\mshtml.dll
2014-01-31 18:12 . 2014-01-31 18:12 816640 ----a-w- c:\windows\system32\jscript.dll
2014-01-31 18:12 . 2014-01-31 18:12 65024 ----a-w- c:\windows\system32\pngfilt.dll
2014-01-31 18:12 . 2014-01-31 18:12 49664 ----a-w- c:\windows\system32\imgutil.dll
2014-01-31 18:12 . 2014-01-31 18:12 267776 ----a-w- c:\windows\system32\ieaksie.dll
2014-01-31 18:12 . 2014-01-31 18:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-01-31 18:12 . 2014-01-31 18:12 2334720 ----a-w- c:\windows\system32\jscript9.dll
2014-01-31 18:12 . 2014-01-31 18:12 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2014-01-31 18:12 . 2014-01-31 18:12 163840 ----a-w- c:\windows\system32\ieakui.dll
2014-01-31 18:12 . 2014-01-31 18:12 149504 ----a-w- c:\windows\system32\occache.dll
2014-01-31 18:12 . 2014-01-31 18:12 145920 ----a-w- c:\windows\system32\iepeers.dll
2014-01-31 18:12 . 2014-01-31 18:12 12288 ----a-w- c:\windows\system32\mshta.exe
2014-01-31 18:12 . 2014-01-31 18:12 114176 ----a-w- c:\windows\system32\admparse.dll
2014-01-31 18:12 . 2014-01-31 18:12 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-01-31 18:12 . 2014-01-31 18:12 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-01-31 18:12 . 2014-01-31 18:12 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-01-31 18:12 . 2014-01-31 18:12 160256 ----a-w- c:\windows\system32\ieakeng.dll
2014-01-31 18:12 . 2014-01-31 18:12 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-01-31 18:12 . 2014-01-31 18:12 111616 ----a-w- c:\windows\system32\iesysprep.dll
2014-01-31 18:12 . 2014-01-31 18:12 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2014-01-31 18:12 . 2014-01-31 18:12 76800 ----a-w- c:\windows\system32\tdc.ocx
2014-01-31 18:12 . 2014-01-31 18:12 248320 ----a-w- c:\windows\system32\ieui.dll
2014-01-31 18:12 . 2014-01-31 18:12 10926080 ----a-w- c:\windows\system32\ieframe.dll
2014-01-31 18:12 . 2014-01-31 18:12 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2014-01-31 18:12 . 2014-01-31 18:12 82432 ----a-w- c:\windows\system32\icardie.dll
2014-01-31 18:12 . 2014-01-31 18:12 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2014-01-31 18:12 . 2014-01-31 18:12 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2014-01-31 18:12 . 2014-01-31 18:12 448512 ----a-w- c:\windows\system32\html.iec
2014-01-31 18:12 . 2014-01-31 18:12 39936 ----a-w- c:\windows\system32\iernonce.dll
2014-01-31 18:12 . 2014-01-31 18:12 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2014-01-31 18:12 . 2014-01-31 18:12 282112 ----a-w- c:\windows\system32\dxtrans.dll
2014-01-31 18:12 . 2014-01-31 18:12 96768 ----a-w- c:\windows\system32\mshtmled.dll
2014-01-31 18:12 . 2014-01-31 18:12 85504 ----a-w- c:\windows\system32\iesetup.dll
2014-01-31 18:12 . 2014-01-31 18:12 729088 ----a-w- c:\windows\system32\msfeeds.dll
2014-01-31 18:12 . 2014-01-31 18:12 599040 ----a-w- c:\windows\system32\vbscript.dll
2014-01-31 18:12 . 2014-01-31 18:12 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2014-01-31 18:12 . 2014-01-31 18:12 30720 ----a-w- c:\windows\system32\licmgr10.dll
2014-01-31 18:12 . 2014-01-31 18:12 249344 ----a-w- c:\windows\system32\webcheck.dll
2014-01-31 18:12 . 2014-01-31 18:12 237056 ----a-w- c:\windows\system32\url.dll
2014-01-31 18:12 . 2014-01-31 18:12 165888 ----a-w- c:\windows\system32\iexpress.exe
2014-01-31 18:12 . 2014-01-31 18:12 160256 ----a-w- c:\windows\system32\wextract.exe
2014-01-31 18:12 . 2014-01-31 18:12 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2014-01-31 18:12 . 2014-01-31 18:12 103936 ----a-w- c:\windows\system32\inseng.dll
2014-01-31 18:10 . 2014-01-31 18:10 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-01-31 18:10 . 2014-01-31 18:10 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2014-01-31 18:10 . 2014-01-31 18:10 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-01-31 18:10 . 2014-01-31 18:10 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2014-01-31 18:10 . 2014-01-31 18:10 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-01-31 18:10 . 2014-01-31 18:10 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-01-31 18:10 . 2014-01-31 18:10 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-01-31 18:10 . 2014-01-31 18:10 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2014-01-31 18:10 . 2014-01-31 18:10 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2014-01-31 18:10 . 2014-01-31 18:10 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2014-01-31 18:10 . 2014-01-31 18:10 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2014-01-31 18:10 . 2014-01-31 18:10 144384 ----a-w- c:\windows\system32\cdd.dll
2014-01-31 18:10 . 2014-01-31 18:10 1133568 ----a-w- c:\windows\system32\FntCache.dll
2014-01-31 18:10 . 2014-01-31 18:10 902656 ----a-w- c:\windows\system32\d2d1.dll
2014-01-31 18:10 . 2014-01-31 18:10 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-01-31 18:10 . 2014-01-31 18:10 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-01-31 18:10 . 2014-01-31 18:10 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-01-31 18:10 . 2014-01-31 18:10 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2014-01-31 18:10 . 2014-01-31 18:10 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-01-31 18:10 . 2014-01-31 18:10 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-01-31 18:10 . 2014-01-31 18:10 1540608 ----a-w- c:\windows\system32\DWrite.dll
2014-01-31 18:10 . 2014-01-31 18:10 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2014-01-31 18:10 . 2014-01-31 18:10 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-01-31 18:10 . 2014-01-31 18:10 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-01-31 18:10 . 2014-01-31 18:10 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2014-01-31 18:10 . 2014-01-31 18:10 4068864 ----a-w- c:\windows\system32\mf.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-06-06 1641896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-09-05 937920]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2013-07-25 1102872]
.
c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 13:05 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-05 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-3357349812-2239403225-1323811888-1004.job
- c:\users\Development\AppData\Local\Citrix\GoToMeeting\1339\g2mupdate.exe [2014-03-01 14:52]
.
2014-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 17:42]
.
2014-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-02 17:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 709976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\floebvbu.default\
FF - prefs.js: browser.startup.homepage - 
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-swg - c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\Best Buy Software Installer Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-04  20:40:52
ComboFix-quarantined-files.txt  2014-03-05 01:40
.
Pre-Run: 83,252,686,848 bytes free
Post-Run: 84,005,736,448 bytes free
.
- - End Of File - - 1D45B207AF42F9A6161445448BF016B8
5B5E648D12FCADC244C1EC30318E1EB9


#8 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 05 March 2014 - 12:43 AM

Nope.  Nothing.  I don't think you have a keylogger.  As near as I can tell you're clean.
 

Time for some housekeeping
  • Click START then RUN

  • Now type ComboFix /Uninstall in the runbox  and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Combofix_uninstall_image.jpg
The above procedure will:
  • Implement some cleanup procedures.
  • Reset System Restore.
We need to remove the tools we've used during cleaning your machine
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    xdelfix.jpg.pagespeed.ic.Ck7YnvAjwU.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. I don't need to see it so you don't need to post it.
 
If you have any tools or logs left, just go ahead and delete them.


Please re-enable any security that was disabled.


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. :thumbup:

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#9 Nick*

Nick*

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 05 March 2014 - 07:25 PM

Good to know my machine is clean. I've run all of the cleanup procedures you mentioned. Thanks again for all your help Tomk!



#10 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 05 March 2014 - 09:50 PM

You are very welcome.

Good luck and be well.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#11 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 05 March 2014 - 09:51 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics




Also tagged with one or more of these keywords: keylogger, bot, outlook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users