Hi,
I am having a lot of problems with my pc.
- internet explorer constantly freezing not responding
- on web pages words are underlined appears to be ads
- fly in ads on web pages
- I run Norton on the computer but this doesn't seam to help..
I ran the scan through OTL see below - Please help!
OTL logfile created on: 31/08/2014 8:06:22 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Megan\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17054)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd/MM/yyyy
7.19 Gb Total Physical Memory | 5.58 Gb Available Physical Memory | 77.64% Memory free
8.32 Gb Paging File | 6.68 Gb Available in Paging File | 80.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 907.12 Gb Total Space | 550.75 Gb Free Space | 60.71% Space Free | Partition Type: NTFS
Drive D: | 23.62 Gb Total Space | 0.36 Gb Free Space | 1.53% Space Free | Partition Type: NTFS
Drive E: | 2.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: PENNINGHPC | User Name: Megan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Megan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\n360.exe (Symantec Corporation)
PRC - C:\Users\Megan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Media_Play_AIR+_1.1\Media_Play_AIR+_1.1-bg.exe (enter)
PRC - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe (PriceMeter)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\SysWOW64\BsProfileFunc.dll ()
MOD - C:\Windows\SysWOW64\BsTrace.dll ()
MOD - C:\Windows\SysWOW64\BsExtendFunc.dll ()
MOD - C:\Windows\SysWOW64\SCChangeMonitor.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (OutfoxTvService) -- C:\Program Files\OutfoxTV\OutfoxTvService.exe File not found
SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (N360) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\N360.exe (Symantec Corporation)
SRV - (globalUpdatem) -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe (globalUpdate)
SRV - (globalUpdate) -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe (globalUpdate)
SRV - (pricemeterliveUpdatem) -- C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe (PriceMeter)
SRV - (pricemeterliveUpdate) -- C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe (PriceMeter)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPWMISVC) -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (BlueSoleilCS) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT Corporation)
SRV - (BsHelpCS) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (IVT Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - ({a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64) -- C:\Windows\SysNative\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys (StdLib)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\Drivers\SWDUMon.sys ()
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\N360x64\1505000.013\symefa64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\Drivers\N360x64\1505000.013\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\Drivers\N360x64\1505000.013\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\1505000.013\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\Drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (rtbth) -- C:\Windows\SysNative\Drivers\rtbth.sys (Ralink Technology, Corp.)
DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\Drivers\N360x64\1505000.013\symelam.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\N360x64\1505000.013\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\N360x64\1505000.013\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\N360x64\1505000.013\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (BthA2DP) -- C:\Windows\SysNative\Drivers\BthA2DP.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\Drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\Drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (btUrbFilterDrv) -- C:\Windows\SysNative\Drivers\IvtUrbBtFlt.sys (Ralink Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\Drivers\AtihdW86.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\Drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys (Synaptics Incorporated)
DRV:64bit: - (RTSPER) -- C:\Windows\SysNative\Drivers\RtsPer.sys (RTS Corporation)
DRV:64bit: - (RSP2STOR) -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek )
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\Drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\Drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (WirelessButtonDriver) -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\Drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (BthL2caScoIfSrv) -- C:\Windows\SysNative\Drivers\BtL2caScoIf.sys (Ralink Corporation)
DRV:64bit: - (BtAudioBusSrv) -- C:\Windows\SysNative\Drivers\BtAudioBus.sys (IVT Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.3.0.12\Definitions\IPSDefs\20140829.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.3.0.12\Definitions\VirusDefs\20140829.018\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.3.0.12\Definitions\VirusDefs\20140829.018\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.3.0.12\Definitions\BASHDefs\20140821.007\BHDrvx64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certif...D0C&st=chrome=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certif...D0C&st=chrome=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certif...D0C&st=chrome=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.5.0.28
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bing.com/...?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certif...D0C&st=chrome=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certif...D0C&st=chrome=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certif...D0C&st=chrome=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/...?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certif...D0C&st=chrome=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certif...D0C&st=chrome=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certif...D0C&st=chrome=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certif...D0C&st=chrome=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certif...D0C&st=chrome=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certif...D0C&st=chrome=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovigo.c...archTerms}=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn\ [2014/08/31 07:55:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF [2014/06/29 16:25:26 | 000,000,000 | ---D | M]
[2013/10/22 19:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Megan\AppData\Roaming\mozilla\Firefox\extensions
[2013/10/22 19:50:17 | 000,000,000 | ---D | M] (WhiteSmoke New V.12) -- C:\Users\Megan\AppData\Roaming\mozilla\Firefox\extensions\{4db0f392-c7b5-4669-8bbc-4ed98606c6b1}
[2014/06/06 21:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Megan\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2014/06/06 20:53:03 | 000,000,000 | ---D | M] (CouponDownloader) -- C:\Users\Megan\AppData\Roaming\mozilla\Firefox\Profiles\extensions\CouponDownloader@jetpack
O1 HOSTS File: ([2012/07/26 15:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Media_Play_AIR+_1.1) - {11111111-1111-1111-1111-110511841188} - C:\Program Files (x86)\Media_Play_AIR+_1.1\Media_Play_AIR+_1.1-bho64.dll (enter)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (no name) - {10AD2C61-0898-4348-8600-14A342F22AC3} - No CLSID value found.
O2 - BHO: (Media_Play_AIR+_1.1) - {11111111-1111-1111-1111-110511841188} - C:\Program Files (x86)\Media_Play_AIR+_1.1\Media_Play_AIR+_1.1-bho.dll (enter)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [fst_au_68] File not found
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe File not found
O4 - HKCU..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found
O4 - HKCU..\Run: [Spotify] C:\Users\Megan\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Megan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [uTorrent] C:\Users\Megan\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E980B3E3-ED55-4DF8-8212-50BB31420BD0}: DhcpNameServer = 10.1.1.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/08/31 00:14:18 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/09/19 06:37:09 | 000,000,184 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{04d8610d-2fdd-11e3-be77-70188be301f8}\Shell - "" = AutoRun
O33 - MountPoints2\{04d8610d-2fdd-11e3-be77-70188be301f8}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
O33 - MountPoints2\{2168b7e6-0893-11e3-be72-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2168b7e6-0893-11e3-be72-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.EXE -- [2012/11/24 07:54:35 | 000,216,640 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{2168b7e6-0893-11e3-be72-806e6f6e6963}\Shell\configure\command - "" = E:\setup.exe -- [2012/11/24 07:54:35 | 000,216,640 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{2168b7e6-0893-11e3-be72-806e6f6e6963}\Shell\install\command - "" = E:\setup.exe -- [2012/11/24 07:54:35 | 000,216,640 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014/08/31 08:04:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe
[2014/08/31 07:48:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/08/31 00:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/08/31 00:12:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/08/31 00:08:04 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\Tuneup Pro
[2014/08/30 10:06:57 | 001,300,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/23 15:13:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2014/08/23 15:13:52 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/08/23 15:13:52 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2014/08/23 15:13:51 | 000,253,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2014/08/23 15:13:51 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/08/23 15:13:47 | 001,623,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/08/23 15:13:47 | 000,773,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/08/23 15:13:47 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2014/08/23 15:13:39 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/08/23 15:13:39 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2014/08/23 15:13:39 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/08/23 15:13:39 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2014/08/22 19:38:52 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/22 19:38:52 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/08/22 19:31:53 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2014/08/22 19:31:22 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/08/22 19:31:18 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/08/22 19:31:18 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/08/22 19:31:18 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/08/22 19:31:18 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/08/22 19:31:17 | 001,508,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/08/22 19:31:17 | 001,440,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/08/22 19:31:17 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2014/08/22 19:31:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/08/22 19:31:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/08/22 19:31:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/08/22 19:31:17 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/08/22 19:31:17 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/08/22 19:31:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/08/22 19:31:16 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/08/22 19:31:15 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/08/22 19:31:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/08/22 19:31:14 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2014/08/22 19:31:14 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2014/08/22 19:31:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/08/22 19:31:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/08/22 19:31:13 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/08/22 19:30:56 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2014/08/22 19:30:55 | 008,857,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2014/08/22 19:30:54 | 002,885,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/08/22 19:30:54 | 002,306,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/08/22 19:30:54 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2014/08/22 19:30:52 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/08/22 19:30:51 | 000,393,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/08/22 19:30:51 | 000,112,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/08/22 19:30:50 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/08/22 19:30:43 | 001,312,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/08/22 19:30:41 | 000,328,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2014/06/06 08:40:35 | 000,815,502 | ---- | C] (Click Me In Limited) -- C:\Users\Megan\AppData\Local\AnyProtectScannerSetup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Megan\AppData\Local\*.tmp files -> C:\Users\Megan\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/08/31 08:04:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe
[2014/08/31 08:02:29 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMegan.job
[2014/08/31 07:57:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/31 07:56:46 | 000,001,524 | ---- | M] () -- C:\Windows\tasks\cb7f5cd8-7b5e-477e-b472-a69047b1f0b1-5.job
[2014/08/31 07:56:41 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2014/08/31 07:56:37 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
[2014/08/31 07:55:32 | 000,000,983 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2014/08/31 07:55:22 | 000,327,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/31 07:54:46 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/08/31 07:54:21 | 1884,291,071 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/31 07:47:00 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\UpdaterEX.job
[2014/08/31 02:34:03 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2014/08/31 00:14:18 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/08/30 10:03:11 | 002,921,529 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\Cat.DB
[2014/08/27 19:47:21 | 000,043,689 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\VT20140827.005
[2014/08/24 17:40:52 | 000,788,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/24 17:40:52 | 000,162,458 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/24 17:40:51 | 000,941,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/12 19:25:19 | 000,002,462 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/08/02 10:15:04 | 000,704,480 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/08/02 10:15:04 | 000,105,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Megan\AppData\Local\*.tmp files -> C:\Users\Megan\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/08/31 00:14:18 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/06/06 08:40:54 | 000,000,320 | ---- | C] () -- C:\Users\Megan\AppData\Roaming\aps.uninstall.scan.results
[2014/06/06 08:28:07 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/17 04:47:12 | 000,686,631 | ---- | C] () -- C:\Users\Megan\AppData\Local\nwhb-v9.4.15.crx
[2014/03/14 16:33:37 | 000,000,536 | ---- | C] () -- C:\Windows\SysWow64\schtasks.bin
[2014/01/12 19:47:02 | 000,000,269 | ---- | C] () -- C:\Users\Megan\AppData\Roaming\WB.CFG
[2013/12/03 19:09:53 | 000,001,706 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2013/12/03 19:09:09 | 000,000,297 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2013/10/12 18:16:41 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/08/19 13:59:56 | 000,003,620 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013/08/19 13:59:56 | 000,000,043 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013/08/19 13:51:25 | 000,369,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\FW7650.bin
[2013/08/19 13:51:25 | 000,000,313 | ---- | C] () -- C:\Windows\SysWow64\RaCheckBTDev.ini
[2013/08/19 13:46:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/04/17 17:44:26 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/04/17 17:44:26 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/04/17 17:00:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/04/17 17:00:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/03/05 09:30:20 | 000,000,983 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2013/02/01 10:04:00 | 000,070,904 | ---- | C] () -- C:\Windows\SysWow64\BsProfileFunc.dll
[2013/01/11 05:59:24 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\BsTrace.dll
[2013/01/11 04:25:58 | 000,353,280 | ---- | C] () -- C:\Windows\SysWow64\BsExtendFunc.dll
[2013/01/11 04:25:58 | 000,049,248 | ---- | C] () -- C:\Windows\SysWow64\BSSkypeAgent.dll
[2013/01/11 04:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2013/01/11 04:25:56 | 000,073,820 | ---- | C] () -- C:\Windows\SysWow64\BSVoIPComm.dll
[2013/01/11 04:25:56 | 000,049,664 | ---- | C] () -- C:\Windows\SysWow64\BSWMPPlugin.dll
[2013/01/11 04:25:56 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\SCChangeMonitor.dll
[2012/11/27 18:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
========== ZeroAccess Check ==========
[2013/07/03 03:47:09 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/28 18:23:06 | 019,759,104 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/28 16:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 13:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 13:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 13:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/06/09 14:00:56 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\Activeris
[2014/03/13 21:09:24 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\DownLite
[2014/06/06 08:07:29 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\newnext.me
[2014/03/13 21:32:44 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\PriceMeterUpdater
[2014/08/31 07:57:40 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\Spotify
[2014/06/09 14:00:18 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\sweet-page
[2013/10/08 15:16:01 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\Synaptics
[2014/06/06 21:00:04 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\systweak
[2014/08/31 00:08:10 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\Tuneup Pro
[2014/01/11 19:41:37 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\UpdaterEX
[2014/08/31 07:37:03 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\uTorrent
[2013/11/03 20:25:22 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\WildTangent
[2013/10/22 19:49:44 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\WinZip
========== Purity Check ==========
========== Custom Scans ==========
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.0.LOCALSETTINGUNIT >
[2014/04/23 21:06:44 | 000,000,362 | -HS- | M] () MD5=38E0E74D0C20BF0B7A571AC047AE298F -- C:\Users\Megan\AppData\Local\Microsoft\Windows\Live\Roaming\LocalCache\windows-explorer\Explorer.0.localsettingunit
< MD5 for: EXPLORER.ADML >
[2012/07/26 17:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16384_en-us_7bca26f6f419a854\Explorer.adml
[2012/07/26 17:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16433_en-us_7bff382ef3f2006f\Explorer.adml
[2012/07/26 17:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16726_en-us_7c0d0eaaf3e727f8\Explorer.adml
[2012/07/26 17:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20534_en-us_7c89d5440d0eb990\Explorer.adml
[2012/07/26 17:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20837_en-us_7c8cdbd40d0bfd0a\Explorer.adml
< MD5 for: EXPLORER.ADMX >
[2012/06/03 00:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16384_none_6e8451187a9a1607\Explorer.admx
[2012/06/03 00:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16420_none_6ec1315e7a6d062c\Explorer.admx
[2012/06/03 00:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16433_none_6eb962507a726e22\Explorer.admx
[2012/06/03 00:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.20521_none_6f4bce739389bf4d\Explorer.admx
[2012/06/03 00:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.20534_none_6f43ff65938f2743\Explorer.admx
< MD5 for: EXPLORER.EXE >
[2013/11/11 22:00:43 | 000,220,310 | ---- | M] () MD5=005CEA18D150397BEC7E46AE554EF4B8 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2013/11/11 22:00:48 | 000,220,321 | ---- | M] () MD5=06C47A52AEA4AD4457612864B3A7DD7A -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2013/11/11 22:00:53 | 000,217,360 | ---- | M] () MD5=095CD9C4EDF2637760058D166F504F71 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d00461c7696e9\explorer.exe
[2013/06/01 21:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe
[2013/06/01 21:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac334d9034c59e1\explorer.exe
[2014/01/11 19:16:28 | 000,191,929 | ---- | M] () MD5=1F8E5C6161EFC21ACD62FE807E43306F -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2014/01/11 19:16:07 | 000,193,351 | ---- | M] () MD5=953962388F2CBC4CF73875D98A1662F5 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2013/11/11 22:00:38 | 000,221,955 | ---- | M] () MD5=ABF6D1D37A2C431C416CD0977EDFC561 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2014/01/11 19:16:18 | 000,191,911 | ---- | M] () MD5=B4A4A39F682D501BCD3514D26049A1FF -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2014/01/11 19:16:37 | 000,190,101 | ---- | M] () MD5=EAD55D5967EF92218CDB63D6BA312F4C -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591aa9850d758e4\explorer.exe
[2013/06/01 20:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe
[2013/06/01 20:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517df2b37ad1bdc\explorer.exe
< MD5 for: EXPLORER.EXE.MUI >
[2012/07/26 17:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\en-US\explorer.exe.mui
[2012/07/26 17:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2012/07/26 17:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_5ebc2e81fd6600eb\explorer.exe.mui
[2012/07/26 17:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_6910d8d431c6c2e6\explorer.exe.mui
< MD5 for: EXPLORER.EXE-03C49D11.PF >
[2014/08/31 07:56:49 | 000,213,494 | ---- | M] () MD5=BB890DC5A88D262F9284BE9638E7722F -- C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf
< MD5 for: IEXPLORE.EXE >
[2014/07/20 18:43:51 | 000,003,577 | ---- | M] () MD5=00738FE81E4B473A7E27ACA78C74C250 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16921_none_37c1d874ec4e220d\iexplore.exe
[2014/07/20 18:43:43 | 000,006,931 | ---- | M] () MD5=05014D61B6E9E45D50716A3558996314 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16384_none_38087560ec185f54\iexplore.exe
[2014/07/20 19:12:46 | 000,003,601 | ---- | M] () MD5=055A91043DA619FB12CE665CE978027D -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16921_none_421682c720aee408\iexplore.exe
[2014/07/20 19:12:40 | 000,006,437 | ---- | M] () MD5=06924088D664F13B7021755FEF3BA407 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16433_none_424d651d2085a4ec\iexplore.exe
[2014/07/20 18:43:46 | 000,006,957 | ---- | M] () MD5=076943860EB0475D903236FF5E9FCE61 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16442_none_37f9d1dcec23e2a7\iexplore.exe
[2014/07/20 19:12:38 | 000,006,831 | ---- | M] () MD5=195D9E39A471E26C5F5A517DD9C94467 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16384_none_425d1fb32079214f\iexplore.exe
[2014/07/20 19:12:41 | 000,006,445 | ---- | M] () MD5=213DEC0F1A29882B9B085BF9F5E21719 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16442_none_424e7c2f2084a4a2\iexplore.exe
[2014/07/24 23:48:04 | 000,775,312 | ---- | M] (Microsoft Corporation) MD5=2A2F3E1CE8550B215117081CAFA3C2CE -- C:\Program Files\Internet Explorer\iexplore.exe
[2014/07/24 23:48:04 | 000,775,312 | ---- | M] (Microsoft Corporation) MD5=2A2F3E1CE8550B215117081CAFA3C2CE -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.17054_none_3825e62cec02bca3\iexplore.exe
[2014/07/20 18:43:50 | 000,006,966 | ---- | M] () MD5=34FCCDA348FFB6532D9EF09BB59F0048 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20544_none_21212dc505d3918f\iexplore.exe
[2014/07/24 23:30:50 | 000,775,312 | ---- | M] (Microsoft Corporation) MD5=53FBCDD9440A4C3822DADDECB29F5B29 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.21173_none_214f870105b05156\iexplore.exe
[2014/07/20 18:43:45 | 000,006,981 | ---- | M] () MD5=5A8166DBA0C638EA20AE1B60C910BBB7 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16433_none_37f8bacaec24e2f1\iexplore.exe
[2012/10/31 17:41:12 | 000,034,744 | ---- | M] () MD5=786CE12596C641AB3AEF0F3EDDB13C80 -- C:\Program Files (x86)\Advanced System Protector\Troubleshooter\iexplore.exe
[2014/07/20 18:43:53 | 000,004,062 | ---- | M] () MD5=7A8D3FAF56B8B25369DBE6F3636417D7 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.21145_none_214c589305b33893\iexplore.exe
[2014/07/24 21:06:04 | 000,770,704 | ---- | M] (Microsoft Corporation) MD5=AB2A8186FBD0B6931AF36CB5699DC583 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.21173_none_2ba431533a111351\iexplore.exe
[2014/06/19 14:18:02 | 000,775,320 | ---- | M] (Microsoft Corporation) MD5=B606732D1F1948DF9CE9E30517E17268 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.17028_none_38228a2eec05d722\iexplore.exe
[2014/07/24 21:06:12 | 000,770,704 | ---- | M] (Microsoft Corporation) MD5=D50CB4EBA5FC732AB919AFC1F61F889B -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2014/07/24 21:06:12 | 000,770,704 | ---- | M] (Microsoft Corporation) MD5=D50CB4EBA5FC732AB919AFC1F61F889B -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.17054_none_427a907f20637e9e\iexplore.exe
[2014/07/20 19:12:48 | 000,005,047 | ---- | M] () MD5=D6C74574CC4991D446FC7C23E5ECF99E -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.21145_none_2ba102e53a13fa8e\iexplore.exe
[2014/07/20 19:12:43 | 000,006,428 | ---- | M] () MD5=DB41A7CE1BBC34C2A6BF8298C23EE424 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20534_none_2b74d7cd3a353a33\iexplore.exe
[2014/07/20 18:43:49 | 000,006,974 | ---- | M] () MD5=E20DCD4BF20F5C431938A4C01624A020 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20534_none_21202d7b05d47838\iexplore.exe
[2014/06/19 11:13:09 | 000,770,704 | ---- | M] (Microsoft Corporation) MD5=F37633EA6056B7F7DE685FB7F6DFB1FC -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.17028_none_427734812066991d\iexplore.exe
[2014/06/18 17:51:14 | 000,005,049 | ---- | M] () MD5=F563710F10D43581B2DCF82A1D906465 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.21044_none_2babe9993a0bc4fc\iexplore.exe
[2014/06/18 17:34:37 | 000,003,494 | ---- | M] () MD5=F70E86C7C3ABE5950114557AC731DE77 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.21044_none_21573f4705ab0301\iexplore.exe
[2014/07/20 19:12:45 | 000,006,411 | ---- | M] () MD5=F7661DE18CD946CED7DB7C3F02B265AA -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20544_none_2b75d8173a34538a\iexplore.exe
< MD5 for: IEXPLORE.EXE.10040.DMP >
[2014/08/23 15:43:12 | 004,861,005 | ---- | M] () MD5=8D4C04D698712C92E86A288FA475D031 -- C:\ProgramData\Norton\LocalDumps\iexplore.exe.10040.dmp
[2014/08/23 15:43:12 | 004,861,005 | ---- | M] () MD5=8D4C04D698712C92E86A288FA475D031 -- C:\Users\All Users\Norton\LocalDumps\iexplore.exe.10040.dmp
< MD5 for: IEXPLORE.EXE.10244.DMP >
[2014/06/08 10:36:12 | 004,839,295 | ---- | M] () MD5=9C4B08510F216C16407ED6F82D64D8BC -- C:\Users\Megan\AppData\Local\CrashDumps\iexplore.exe.10244.dmp
< MD5 for: IEXPLORE.EXE.11036.DMP >
[2014/06/08 10:27:07 | 003,910,588 | ---- | M] () MD5=E18E71201CB11343333E4E75FE309EB9 -- C:\Users\Megan\AppData\Local\CrashDumps\iexplore.exe.11036.dmp
< MD5 for: IEXPLORE.EXE.11168.DMP >
[2014/06/08 10:19:23 | 004,011,264 | ---- | M] () MD5=709A380757685120E51E25AB0172565C -- C:\Users\Megan\AppData\Local\CrashDumps\iexplore.exe.11168.dmp
< MD5 for: IEXPLORE.EXE.1456.DMP >
[2014/06/08 10:36:16 | 004,866,894 | ---- | M] () MD5=FF8B78F7174DD71A18ED064D08FE068B -- C:\Users\Megan\AppData\Local\CrashDumps\iexplore.exe.1456.dmp
< MD5 for: IEXPLORE.EXE.14676.DMP >
[2014/08/31 07:39:58 | 005,247,093 | ---- | M] () MD5=A9214E42FE8EEFBA370422BED94A97FE -- C:\ProgramData\Norton\LocalDumps\iexplore.exe.14676.dmp
[2014/08/31 07:39:58 | 005,247,093 | ---- | M] () MD5=A9214E42FE8EEFBA370422BED94A97FE -- C:\Users\All Users\Norton\LocalDumps\iexplore.exe.14676.dmp
[2014/08/31 07:39:58 | 005,247,093 | ---- | M] () Unable to obtain MD5 -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\ErrMgmt\Queue\Incoming\SQ_{5B00C36D-C22B-46BA-843E-B776E0283738}\iexplore.exe.14676.dmp
[2014/08/31 07:39:58 | 005,247,093 | ---- | M] () Unable to obtain MD5 -- C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\ErrMgmt\Queue\Incoming\SQ_{5B00C36D-C22B-46BA-843E-B776E0283738}\iexplore.exe.14676.dmp
< MD5 for: IEXPLORE.EXE.2284.DMP >
[2014/06/08 10:36:15 | 004,928,539 | ---- | M] () MD5=0A9EC6BFA3D880DE12CE5F0977765B9A -- C:\Users\Megan\AppData\Local\CrashDumps\iexplore.exe.2284.dmp
< MD5 for: IEXPLORE.EXE.5116.DMP >
[2014/06/08 10:32:09 | 004,692,249 | ---- | M] () MD5=E430ED55870F60A037D1B40B2C5D48EE -- C:\Users\Megan\AppData\Local\CrashDumps\iexplore.exe.5116.dmp
< MD5 for: IEXPLORE.EXE.6668.DMP >
[2014/06/08 10:28:27 | 005,222,281 | ---- | M] () MD5=F07956F4B3703159A8853CDEE7C8E0C7 -- C:\Users\Megan\AppData\Local\CrashDumps\iexplore.exe.6668.dmp
< MD5 for: IEXPLORE.EXE.6764.DMP >
[2014/06/08 10:14:34 | 006,307,539 | ---- | M] () MD5=CC47CB3C8F0854C6DF756FB0A621FA4D -- C:\Users\Megan\AppData\Local\CrashDumps\iexplore.exe.6764.dmp
< MD5 for: IEXPLORE.EXE.7128.DMP >
[2014/08/24 11:04:28 | 007,541,302 | ---- | M] () MD5=12FD9107712D6845586321DEB93481B3 -- C:\ProgramData\Norton\LocalDumps\iexplore.exe.7128.dmp
[2014/08/24 11:04:28 | 007,541,302 | ---- | M] () MD5=12FD9107712D6845586321DEB93481B3 -- C:\Users\All Users\Norton\LocalDumps\iexplore.exe.7128.dmp
< MD5 for: IEXPLORE.EXE.9432.DMP >
[2014/08/23 15:46:48 | 009,397,720 | ---- | M] () MD5=64A787EEDB217C9D967F6C08AF66F0D1 -- C:\ProgramData\Norton\LocalDumps\iexplore.exe.9432.dmp
[2014/08/23 15:46:48 | 009,397,720 | ---- | M] () MD5=64A787EEDB217C9D967F6C08AF66F0D1 -- C:\Users\All Users\Norton\LocalDumps\iexplore.exe.9432.dmp
< MD5 for: IEXPLORE.EXE.MUI >
[2012/07/26 17:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2012/07/26 17:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/07/26 17:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_en-us_31b50ad823c5a03b\iexplore.exe.mui
[2012/07/26 17:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_en-us_3c09b52a58266236\iexplore.exe.mui
< MD5 for: IEXPLORE.EXE-6C28DB75.PF >
[2014/08/08 08:05:56 | 000,170,042 | ---- | M] () MD5=27BD83059425E5BF9BE80DC8E2CDA2B9 -- C:\Windows\Prefetch\IEXPLORE.EXE-6C28DB75.pf
< MD5 for: IEXPLORE.EXE-6C28DB76.PF >
[2014/08/08 08:05:57 | 000,358,084 | ---- | M] () MD5=3DD6F6242096A3AFED691EC1EEFDFCFD -- C:\Windows\Prefetch\IEXPLORE.EXE-6C28DB76.pf
< MD5 for: IEXPLORE.EXE-7A9337F2.PF >
[2014/08/31 07:58:24 | 000,113,188 | ---- | M] () MD5=79525DEFF43A0F1A9A62AD8B31A0DA84 -- C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F2.pf
< MD5 for: IEXPLORE.EXE-F4FB5D2F.PF >
[2014/08/31 08:04:10 | 000,410,018 | ---- | M] () MD5=0C344606FF306265E7A9965A4FAD4966 -- C:\Windows\Prefetch\IEXPLORE.EXE-F4FB5D2F.pf
< MD5 for: IEXPLORE.LNK >
[2014/03/13 21:33:55 | 000,001,139 | ---- | M] () MD5=33C916FA133FC9B31E27653DE40281FB -- C:\Program Files (x86)\Advanced System Protector\Troubleshooter\iexplore.lnk
< MD5 for: SERVICES >
[2012/07/26 15:26:47 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_8e0944daeed62829\services
< MD5 for: SERVICES.EXE >
[2013/12/05 20:36:03 | 000,001,252 | ---- | M] () MD5=0674510A86CAC7B196034AE93ADEAD5C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
[2013/12/05 20:36:02 | 000,038,189 | ---- | M] () MD5=3E109452C6B396A268E8243819DF4D7C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
[2013/07/03 03:26:06 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\SysNative\services.exe
[2013/07/03 03:26:06 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2012/07/26 17:50:12 | 000,018,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\en-US\services.exe.mui
[2012/07/26 17:50:12 | 000,018,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_en-us_c2c6ee7bafb963b8\services.exe.mui
< MD5 for: SERVICES.HEARSTMAGS[1].XML >
[2014/04/19 23:54:10 | 000,000,213 | ---- | M] () MD5=BC2E997D36295C3B1221043009B71CA5 -- C:\Users\Megan\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Z8DUQDSA\services.hearstmags[1].xml
< MD5 for: SERVICES.JS >
[2013/10/09 18:44:18 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_2.0.0.308_x64__8wekyb3d8bbwe\common\js\services.js
[2013/10/09 18:42:10 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingNews_2.0.0.308_x64__8wekyb3d8bbwe\common\js\services.js
[2013/10/09 18:45:03 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingSports_2.0.0.310_x64__8wekyb3d8bbwe\common\js\services.js
[2013/10/09 18:41:21 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_2.0.0.319_x64__8wekyb3d8bbwe\common\js\services.js
[2013/10/09 18:45:17 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe\common\js\services.js
[2012/07/26 17:53:58 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 17:53:49 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 17:53:45 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 17:54:27 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 17:53:53 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
< MD5 for: SERVICES.LNK >
[2012/07/26 06:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/26 06:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/26 06:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.lnk
< MD5 for: SERVICES.MOF >
[2012/06/03 00:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2012/06/03 00:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\services.mof
< MD5 for: SERVICES.MSC >
[2012/07/26 17:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\en-US\services.msc
[2012/06/03 00:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\services.msc
[2012/07/26 17:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2012/06/03 00:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2012/07/26 17:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_fd08be678622fdab\services.msc
[2012/06/03 00:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.msc
[2012/06/03 00:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_3282345b03dfdcd5\services.msc
[2012/07/26 17:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_a0ea22e3cdc58c75\services.msc
< MD5 for: SERVICES.PTXML >
[2012/07/26 06:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2012/07/26 06:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\Services.ptxml
< MD5 for: WINLOGON.ADML >
[2012/07/26 17:50:44 | 000,008,017 | ---- | M] () MD5=C270056255498A723E7331EFF1AA162F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.2.9200.16384_en-us_edcdb8ec66a62fc0\WinLogon.adml
< MD5 for: WINLOGON.ADMX >
[2012/06/03 00:34:22 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.2.9200.16384_none_d3d704270306719d\WinLogon.admx
< MD5 for: WINLOGON.EXE >
[2013/12/30 10:42:59 | 000,053,889 | ---- | M] () MD5=234E847D7CEFB6F249F6D7514A4143A7 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2014/04/12 19:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\SysNative\winlogon.exe
[2014/04/12 19:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16891_none_c87ee12f5ec0739b\winlogon.exe
[2014/04/12 19:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17014_none_c8d83b755e7d1081\winlogon.exe
[2014/05/25 09:18:24 | 000,082,423 | ---- | M] () MD5=8B0B613B33B8314E353B8503EE2CA68D -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2013/12/30 10:43:00 | 000,053,876 | ---- | M] () MD5=9155E44DC7ECBC9E7A9DF6C2349B5116 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2013/12/30 10:43:01 | 000,001,620 | ---- | M] () MD5=B27D37AB215A383498FFC169411E291F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
[2014/05/25 09:18:25 | 000,072,808 | ---- | M] () MD5=B74C7D0F8C2D6BAC4B3B9829C196E584 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21012_none_c95fd5c6779c8076\winlogon.exe
[2013/12/30 10:43:00 | 000,053,884 | ---- | M] () MD5=E358F667DE619B2B077EEEF667F842E6 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2014/07/20 19:08:20 | 000,072,808 | ---- | M] () MD5=E86DCE3CC81BC9B070ECCB2AC8E67176 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21133_none_c94b381e77abced6\winlogon.exe
< MD5 for: WINLOGON.EXE.MUI >
[2012/07/26 17:50:31 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2012/07/26 17:50:31 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_en-us_23c238ef8ddaa831\winlogon.exe.mui
< MD5 for: WINLOGON.MFL >
[2012/07/26 17:50:31 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2012/07/26 17:50:31 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.2.9200.16384_en-us_81848abaa91301c6\winlogon.mfl
< MD5 for: WINLOGON.MOF >
[2012/07/26 06:30:16 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2012/07/26 06:30:16 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.2.9200.16384_none_d9027134ffac135f\winlogon.mof
< %SYSTEMDRIVE%\*.* >
[2014/08/31 00:14:18 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012/07/26 13:44:30 | 000,398,156 | RHS- | M] () -- C:\bootmgr
[2012/06/03 00:30:55 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2012/08/04 09:21:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2014/06/06 08:27:02 | 000,000,000 | ---- | M] () -- C:\END
[2014/08/31 07:54:21 | 1884,291,071 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/25 12:02:39 | 000,001,944 | ---- | M] () -- C:\logFileUI.txt
[2014/08/31 07:54:45 | 1207,959,552 | -HS- | M] () -- C:\pagefile.sys
[2014/08/31 07:54:46 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
< %systemroot%\Fonts\*.com >
[2012/08/04 08:37:24 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2012/08/04 08:37:24 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2012/08/04 08:37:24 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2012/08/04 08:37:24 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2012/07/26 18:11:41 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2012/09/13 08:57:44 | 000,322,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2012/07/26 18:11:35 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Windows
Volume Serial Number is B084-B251
Directory of C:\
26/07/2012 05:22 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
26/07/2012 05:22 PM <JUNCTION> Application Data [C:\ProgramData]
26/07/2012 05:22 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
26/07/2012 05:22 PM <JUNCTION> Documents [C:\Users\Public\Documents]
26/07/2012 05:22 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
26/07/2012 05:22 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
26/07/2012 05:22 PM <SYMLINKD> All Users [C:\ProgramData]
26/07/2012 05:22 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
26/07/2012 05:22 PM <JUNCTION> Application Data [C:\ProgramData]
26/07/2012 05:22 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
26/07/2012 05:22 PM <JUNCTION> Documents [C:\Users\Public\Documents]
26/07/2012 05:22 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
26/07/2012 05:22 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
26/07/2012 05:22 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
26/07/2012 05:22 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
26/07/2012 05:22 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
26/07/2012 05:22 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
26/07/2012 05:22 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
26/07/2012 05:22 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
26/07/2012 05:22 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
26/07/2012 05:22 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
26/07/2012 05:22 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
26/07/2012 05:22 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
26/07/2012 05:22 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
26/07/2012 05:22 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
26/07/2012 05:22 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
26/07/2012 05:22 PM <JUNCTION> My Music [C:\Users\Default\Music]
26/07/2012 05:22 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
26/07/2012 05:22 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Megan
08/10/2013 03:13 PM <JUNCTION> Application Data [C:\Users\Megan\AppData\Roaming]
08/10/2013 03:13 PM <JUNCTION> Cookies [C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Cookies]
08/10/2013 03:13 PM <JUNCTION> Local Settings [C:\Users\Megan\AppData\Local]
08/10/2013 03:13 PM <JUNCTION> My Documents [C:\Users\Megan\Documents]
08/10/2013 03:13 PM <JUNCTION> NetHood [C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/10/2013 03:13 PM <JUNCTION> PrintHood [C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/10/2013 03:13 PM <JUNCTION> Recent [C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Recent]
08/10/2013 03:13 PM <JUNCTION> SendTo [C:\Users\Megan\AppData\Roaming\Microsoft\Windows\SendTo]
08/10/2013 03:13 PM <JUNCTION> Start Menu [C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu]
08/10/2013 03:13 PM <JUNCTION> Templates [C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Megan\AppData\Local
08/10/2013 03:13 PM <JUNCTION> Application Data [C:\Users\Megan\AppData\Local]
08/10/2013 03:13 PM <JUNCTION> History [C:\Users\Megan\AppData\Local\Microsoft\Windows\History]
08/10/2013 03:13 PM <JUNCTION> Temporary Internet Files [C:\Users\Megan\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Megan\Documents
08/10/2013 03:13 PM <JUNCTION> My Music [C:\Users\Megan\Music]
08/10/2013 03:13 PM <JUNCTION> My Pictures [C:\Users\Megan\Pictures]
08/10/2013 03:13 PM <JUNCTION> My Videos [C:\Users\Megan\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
26/07/2012 05:22 PM <JUNCTION> My Music [C:\Users\Public\Music]
26/07/2012 05:22 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
26/07/2012 05:22 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
48 Dir(s) 591,129,739,264 bytes free
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/10/08 15:21:35 | 000,000,223 | -HS- | M] () -- C:\Users\Megan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2014/08/31 08:04:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720
< End of report >