Solved Windows 7 Explorer fails on startup & wow.dll error message

broni · 2013/06/13

That's fine.

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Woodstock1780 · 2013/06/13

combo fix log

ComboFix 13-06-13.01 - David Lee Volz 06/13/2013 21:44:58.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8151.6295 [GMT -4:00]
Running from: c:\users\David Lee Volz\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2pEI
c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll
c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll
c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll
c:\users\David Lee Volz\AppData\Roaming\3871BC
c:\users\David Lee Volz\WINDOWS
c:\windows\SysWow64\~GLH0008.TMP
c:\windows\SysWow64\~GLH0009.TMP
c:\windows\SysWow64\~GLH000a.TMP
.
.
((((((((((((((((((((((((( Files Created from 2013-05-14 to 2013-06-14 )))))))))))))))))))))))))))))))
.
.
2013-06-14 00:46 . 2013-06-14 00:46 -------- d-----w- C:\FRST
2013-06-12 21:52 . 2013-06-12 21:52 -------- d-----w- c:\program files\Speccy
2013-06-12 19:06 . 2013-06-14 00:27 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-12 11:28 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-11 16:14 . 2013-06-11 16:14 -------- d-----w- c:\users\David Lee Volz\AppData\Local\VueSoft
2013-06-11 13:41 . 2013-06-11 13:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-11 13:41 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-09 01:03 . 2013-06-09 01:03 -------- d-----w- c:\users\David Lee Volz\AppData\Roaming\Sunward Games
2013-06-09 01:00 . 2013-06-09 01:02 -------- d-----w- c:\users\David Lee Volz\The Secret Order - Masked Intent Collectors Edition
2013-06-08 00:11 . 2013-06-11 00:57 -------- d-----w- c:\windows\system32\drivers\NISx64\1404000.028
2013-05-30 02:20 . 2013-05-30 02:20 -------- d-----w- c:\programdata\Meridian93
2013-05-30 01:46 . 2013-05-30 01:46 -------- d-----w- c:\users\David Lee Volz\AppData\Roaming\Meridian93
2013-05-27 21:47 . 2013-05-27 21:47 -------- d-----w- c:\users\David Lee Volz\AppData\Roaming\Artifex Mundi
2013-05-19 06:03 . 2013-05-19 06:03 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-05-15 10:19 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 11:29 . 2010-11-17 12:56 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 17:55 . 2012-08-18 22:25 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 17:55 . 2011-06-28 11:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-10 20:56 . 2013-02-27 16:58 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-05-15 09:47 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-15 10:20 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 10:20 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 10:20 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 10:20 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 10:20 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 10:20 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 16:30 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-19 06:04 . 2013-04-10 18:09 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 18:09 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 18:09 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 18:09 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 18:09 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 18:09 112640 ----a-w- c:\windows\system32\smss.exe
2010-09-02 20:17 . 2010-09-02 20:17 15872 ----a-w- c:\program files (x86)\Common Files\JH_Killer.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder "= "c:\program files (x86)\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]
"PMSpeed "= "c:\program files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel "= "c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"StartCCC "= "c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-18 98304]
"QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Microsoft Default Manager "= "c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"LTCM Client "= "c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"IAStorIcon "= "c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HP Software Update "= "c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"EEventManager "= "c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"CTxfiHlp "= "CTXFIHLP.EXE" [2010-07-07 24576]
"Anti-phishing Domain Advisor "= "c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]
"Adobe Reader Speed Launcher "= "c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"FUFAXSTM "= "c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2010-10-19 1795488]
VideoBrowser Camera Monitor.lnk - c:\program files (x86)\PIXELA\VideoBrowser\CameraMonitor.exe [2012-4-17 425336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1 "=wdmaud.drv
.
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys;c:\windows\SYSNATIVE\drivers\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20130613.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20130613.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys;c:\windows\SYSNATIVE\drivers\ha20x22k.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-18 17:55]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-06 19:35]
.
2013-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-06 19:35]
.
2013-06-03 c:\windows\Tasks\HPCeeScheduleForDavid Lee Volz.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WrtMon.exe "= "c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2008-05-24 26448]
"Logitech Download Assistant "= "c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"hpsysdrv "= "c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu "= "c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/index.html
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
Trusted Zone: unum.com\services
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{319E272A-B5DB-4939-99D0-1F1F0C55699E} - c:\program files (x86)\InstallShield Installation Information\{319E272A-B5DB-4939-99D0-1F1F0C55699E}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath "= "\ "c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \ "NIS\" /m \ "c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.11 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-13 22:11:49
ComboFix-quarantined-files.txt 2013-06-14 02:11
.
Pre-Run: 651,028,930,560 bytes free
Post-Run: 650,876,395,520 bytes free
.
- - End Of File - - CB8C931C3C4C7FC476E4EB46F48518E8
D41D8CD98F00B204E9800998ECF8427E

broni · 2013/06/13

Looks good.

How is computer doing?

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Woodstock1780 · 2013/06/13

Pc

Well I think we have made some progress!!! No longer get the pop up when I right click. I am afraind to restart, LOL. I will continue with your instructions...but my old eyes are getting tired! Took 35-40 minutes for Combo Fix to run.

broni · 2013/06/13

Good news

Next scans should be much faster.

Woodstock1780 · 2013/06/13

adw

# AdwCleaner v2.303 - Logfile created 06/13/2013 at 22:26:57
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : David Lee Volz - DAVIDLEEVOLZ-HP
# Boot Mode : Normal
# Running from : C:\Users\David Lee Volz\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\David Lee Volz\AppData\Local\Conduit
Folder Deleted : C:\Users\David Lee Volz\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\David Lee Volz\AppData\Roaming\iWin
Folder Deleted : C:\Users\David Lee Volz\AppData\Roaming\registry mechanic

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\David Lee Volz\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2593 octets] - [13/06/2013 22:26:57]

########## EOF - C:\AdwCleaner[S1].txt - [2653 octets] ##########

Woodstock1780 · 2013/06/13

jrt

Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by David Lee Volz on Thu 06/13/2013 at 22:30:27.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8651C49A-4A5B-405A-B50D-0A5C79B2014D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C7205BA0-9EF3-425C-A3CF-2E893440D40D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F68D5FEE-1B84-46CC-B44B-ED5B54DE0F6F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8651C49A-4A5B-405A-B50D-0A5C79B2014D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C7205BA0-9EF3-425C-A3CF-2E893440D40D}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games "
Successfully deleted: [Folder] "C:\Users\David Lee Volz\AppData\Roaming\big fish games "
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{08805077-2437-4D87-9423-A3F8D238F1F1}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{0ADFD006-42B0-4A60-91B4-F189209DA345}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{1D557F7B-79CF-43C1-B3D2-ABC7531FD464}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{29572C84-8912-47D6-AA07-5E989DEE3417}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{4EB1316C-E5AE-4A00-85C3-CB97504F1C29}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{625A03D5-B47D-4DAC-9760-33EBDE266E58}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{6556455E-0BAF-407D-8E31-63A436896E56}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{77B6C925-4ACC-406D-8A07-7949D30516C4}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{78104EFD-7D9C-449A-B887-D99554CE6E9B}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{821C6512-6283-4CBC-BF8D-49FC01EB6D8B}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{84007139-AC3A-4E41-8AD2-7D9540246C50}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{865BE2AE-1A10-46E6-8A4D-7F47028F325A}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{9D5D1188-30FA-4DC4-AB57-C9CEC9719EB0}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{9E8B77D0-B18C-4C1C-A742-6D817286B481}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{AFAC4F46-F0F6-4756-9D0D-199E2E32FD5E}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{B0488232-3AE3-4E00-B015-5D8839612F8B}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{B1B60988-4B52-4C32-8DE9-29ECBFE32469}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{E83C5FD7-4169-4435-89BC-B0E42EC64BA9}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{F4BC0648-7A35-4145-9A29-DBDAE285B1AC}
Successfully deleted: [Empty Folder] C:\Users\David Lee Volz\appdata\local\{F5A81F18-4BF1-42D7-97E5-8F6D3C921C6F}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/13/2013 at 22:33:43.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Woodstock1780 · 2013/06/13

otl extras...first file is 70,000+

OTL Extras logfile created on: 6/13/2013 10:37:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David Lee Volz\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.27 Gb Available Physical Memory | 78.80% Memory free
15.92 Gb Paging File | 14.13 Gb Available in Paging File | 88.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.13 Gb Total Space | 606.25 Gb Free Space | 88.36% Space Free | Partition Type: NTFS
Drive D: | 12.41 Gb Total Space | 1.52 Gb Free Space | 12.24% Space Free | Partition Type: NTFS

Computer Name: DAVIDLEEVOLZ-HP | User Name: David Lee Volz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D6FE6ED-150E-4D6A-BDCA-61A96EBF7B46}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0DDFF47E-78BE-4947-A703-03A037923F27}" = lport=2869 | protocol=6 | dir=in | app=system |
"{11106BA6-66E7-488D-BB81-2CF45126F4A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{15A628B8-0B01-44B7-B915-415754B28EB8}" = lport=139 | protocol=6 | dir=in | app=system |
"{224505B7-791E-401C-8BE9-7E87B4AE8098}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24BF1AB5-045A-4E35-A9D7-2C3FE1076856}" = lport=445 | protocol=6 | dir=in | app=system |
"{30F6AC06-3968-4623-83EB-41BBDF2622D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4CE65EE8-6533-466B-B8C6-C8EF034E69A9}" = lport=138 | protocol=17 | dir=in | app=system |
"{528C9DDF-89A1-4B90-9942-2B12124A92F4}" = rport=139 | protocol=6 | dir=out | app=system |
"{58781F3F-7A20-4955-8F0F-181761387CD8}" = rport=445 | protocol=6 | dir=out | app=system |
"{617CCCCF-E77D-4CC3-A404-A5D50ECBF6D8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{64597405-E28F-4D5C-AEC3-275BAA244C27}" = rport=138 | protocol=17 | dir=out | app=system |
"{71F04ED5-812B-4E4F-85AA-161DFA7AB52E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D15F74F-EB4C-4CE3-A8B5-FA192EF8BA1D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{849F014E-3D8E-41F8-AE5C-0061226D641F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8BD195C0-6F04-42A4-93F9-6F13637EEEFF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C72498C-60ED-455E-9ED9-0DD7397DCFEE}" = lport=137 | protocol=17 | dir=in | app=system |
"{9125149D-95EF-4C5D-B4B7-90F1114FA5DF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{98209945-0A34-4F71-B003-D15309559E2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AEB575EB-500E-4E31-A22E-89684E8DEAB7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C2B061DB-A55E-4407-9BCB-B7ED5B47C457}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CC7C5208-CBEC-42A0-8500-D9827A7B3614}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD5908ED-9371-45D3-B5BB-13A86FADE00A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE99ACD3-B142-4F55-9700-7620C9E24D7D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F168CB53-1A43-4D2B-9B43-44FCDA373569}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F384697E-7217-4E0B-97C1-DF85EC39D372}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9AAD778-796B-4348-BE41-F016BA25A6D5}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C546DD-6290-4204-85C7-C3892F64C54C}" = protocol=6 | dir=out | app=system |
"{0C7FFE0F-264B-412D-8BA2-2124C104B7E9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{1313EF8C-2E5B-4072-8B1A-5B6BA21E9054}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1FA88E9C-0B8A-42F5-880A-8B2361B7DA71}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2C3F3B82-2C51-4481-931E-05A4D9BD33F5}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{2D76D9BC-583C-4FDD-88F9-66EEF2FB79CA}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
"{3848277B-BD13-4460-B11E-CFF033E73866}" = dir=in | app=c:\program files (x86)\vuesoft\vueminder\vueminder.exe |
"{3EB03439-83C1-42E8-8615-8A2040C4CEAC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4CA33202-A36E-4F13-8CCE-1D69AC5F49CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F43250F-F7FE-4A04-A019-0633CD04D7A9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{60A931D5-A827-4780-8CE1-C5BCE6375B38}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63860410-60F8-4B88-B452-133DB8E7C09B}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{658E8EAE-4435-4F56-958D-A06CAA28D1BC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6F8290FA-38FB-40DB-A98E-6FFD62BB255F}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{72FAAE02-5F2A-4300-BD4E-2301E6A1C0DD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{754A6216-34A0-4E2A-8748-27023566595C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{780BF682-BF6E-40E7-9C4E-F13C9932E37D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{87B2B222-0AD7-4E18-AC99-718ADCD5A64D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9A6E479F-AB5B-4110-BCFF-96A59070054E}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{9FEF2CB6-C0C8-41BC-9468-51C90FC355D5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A778FDF9-2394-41AA-B519-969BC7505502}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
"{A7A8B39A-FAF7-467B-A778-2ACDE5E2CD3E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AD118ACE-93BB-4093-9527-1B83D32B6EC6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{B4E647E9-7012-4A2A-BDF2-FD36527B1EB1}" = protocol=6 | dir=in | app=c:\program files (x86)\rhapsody\rhapsody.exe |
"{B53974D8-9401-4739-B2FD-869B183503EA}" = protocol=17 | dir=in | app=c:\program files (x86)\rhapsody\rhapsody.exe |
"{B885D259-368F-4A33-B6A7-798C3D96CBCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BB72891B-07D5-4BA9-877A-E742AB072740}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC890552-974D-446C-96D3-9C6FD1DD36BE}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{BF57B364-3DDC-4661-B771-93D442DAA5BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1A4AC67-5864-4DC8-BC42-7AC7E61D2C9F}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{CD1720E6-BA17-4886-B6C0-E457DAB331ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD1A80D8-2757-4675-A072-1BCC9A50C2E6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DF599492-0CFD-4D18-AA6E-43FD25C75F8F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E4B9B482-2A38-4760-B632-EA39EBD1D15F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E96FA3B1-D75B-4F7A-8E19-CAAB3A10C9C3}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{EA4ED710-C6FF-4396-A0A9-39205FEC42F9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F08D7410-DDFB-4B37-BB39-EB865B5A7623}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F08F6EC4-A5D5-4C1C-BB06-5CAA069DD986}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F42294E2-5D68-4EBB-A0CD-7C1371CC97E8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{31C2CED0-C80C-4485-AA59-46A374E746D3}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"TCP Query User{62703CD7-4D16-494C-8786-0D845EBDBD35}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{F4F68177-9ACB-4D6C-88AA-4A1F2013BD56}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"UDP Query User{FDDC5E3C-32CF-4EC8-A7EE-A07ED15C45AC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2D2820A1-F214-4B7A-912E-A87E5608CF10}" = Motorola Mobile Drivers Installation 5.0.0
"{422DAAC6-8E99-ED2E-CD46-0DEEE1A09EF8}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC3CFAD-B8C0-668C-8761-920A63B1B574}" = ccc-utility64
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"CCleaner" = CCleaner
"EPSON Artisan 810 Series" = EPSON Artisan 810 Series Printer Uninstall
"Speccy" = Speccy

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0935B1FB-71D5-D1F7-9045-F44394E3FBDA}" = CCC Help Czech
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{13F0CFEB-1131-4DC1-5DEF-7E0F91858D99}" = CCC Help Finnish
"{18166604-72E6-F535-B9E9-4D8EF2C599C8}" = CCC Help Polish
"{19A4B59F-A887-9A3B-C4CD-871A333AE838}" = CCC Help Thai
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C8E0A7E-2707-8E5F-BFCD-AE3CD1EB528E}" = Catalyst Control Center Graphics Previews Vista
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{222A544B-E6B7-496F-B4D7-6FE74FF0E616}" = Bing Bar Platform
"{23D18B1A-8B73-73AB-DE37-929A14A524F8}" = CCC Help Russian
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{289FF83C-14F2-F82F-C478-9342170C5029}" = CCC Help Chinese Traditional
"{2CE4119A-FF7F-3EE6-42A4-EB53C6057FFE}" = Zinio Reader 4
"{2E238AA5-5B07-DEBF-4B9B-50FD33D108A2}" = CCC Help Japanese
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{319E272A-B5DB-4939-99D0-1F1F0C55699E}" = HP Support Assistant
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B341D0B-E84E-EFF7-9665-553E0315DC8E}" = CCC Help Turkish
"{3C2542FC-B4CD-426E-BB03-75655601CD14}" = Transamerica Life Products Illustration System - TransWare
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B326775-476E-4856-8418-C74565BA174F}" = JH Illustrator Crystal Report net
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59E5D73C-E574-1C9A-CB26-0AA0D7298C31}" = Catalyst Control Center Graphics Previews Common
"{5D729989-59A9-591A-6419-08444EEAEDB3}" = CCC Help Portuguese
"{5FA07D77-A6CC-485C-97AF-201A8A1E3A07}" = Transamerica Life Products Illustration System - TransWare
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68E1BAC6-F79F-43C4-AF03-A89F53F748D3}" = Microsoft XML Parser
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BFCB352-402D-4AB4-A4F2-18096306128C}" = VueMinder Lite
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{73CD9967-000C-49C6-A900-C87D5B2D253F}" = Presto! PageManager 8.15.01 SE
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D29228E-ECCC-055E-F0DF-3D52831D90D8}" = CCC Help Spanish
"{7F421DF0-AFD5-CA29-0F36-7E1F006150FA}" = CCC Help Hungarian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{822C792C-371F-0990-14EE-C1583E4CE2E0}" = ccc-core-static
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8614FEE9-1E19-9A56-E445-E9F14178B7F2}" = CCC Help Greek
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B026F59-3DB2-97C6-538D-0326B8855080}" = CCC Help Korean
"{8B41F2D9-B924-F249-CDFA-6792B4F58A34}" = CCC Help French
"{8BFB1992-45FC-BAAB-6AE3-69306202B584}" = CCC Help Swedish
"{8CB19DF9-B209-E0B4-D541-AB171E65135E}" = Catalyst Control Center InstallProxy
"{8DC9EAD2-B869-A5C6-AEDB-35700F1444F4}" = CCC Help Chinese Standard
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{954A99E7-D1BB-936A-FAEA-7E5A999D1506}" = CCC Help Italian
"{97BB225E-BA42-4687-8C07-7F81B16B0AC4}" = Transamerica Life Products Illustration System - TransWare
"{98C6A2C3-0049-4C22-BEED-613A8F343EC6}" = Transamerica Life Products Illustration System - TransWare
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7FF92D8-D7AF-402D-83D5-3FBC7E1EDFF4}" = Transamerica Life Products Illustration System TransWare Prerequisite V3.0
"{A8D6EA97-E688-417B-0A39-3E77AE60AA43}" = Catalyst Control Center Localization All
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9D4E943-1F66-4251-8C02-85C0413B6472}" = Transamerica Life Products Illustration System - TransWare
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BC702A05-A75D-F845-FC9D-ED37A04F78B8}" = CCC Help German
"{BDDA1E1E-204E-4368-B0C2-737F16B76307}" = HP MediaSmart/TouchSmart Netflix
"{BED677E3-F67A-15E5-45F3-76D61D245EDF}" = CCC Help English
"{C07FEFB3-D039-182C-8D27-AF2852C70015}" = HydraVision
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C50ADEEF-AAAC-76BF-D9A0-E7BED8D855A8}" = CCC Help Danish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6EAD092-4544-4984-8620-F32F4BCA5180}" = Transamerica Life Products Illustration System TransWare Prerequisite V 2.0
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79DC615-EC9F-4EFA-9482-5911168D8F32}" = VideoBrowser
"{D9390EF1-CBB2-4B06-A24C-73C03C8D2E2C}" = Catalyst Control Center - Branding
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E64A3228-2FDC-8A9D-F69F-E7AED8938C7D}" = CCC Help Dutch
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEA6954A-0B3E-C230-FBD2-B7A2926C0013}" = CCC Help Norwegian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AudibleDownloadManager" = Audible Download Manager
"AudioCS" = Creative Audio Control Panel
"BFGC" = Big Fish Games: Game Manager
"BFG-The Secret Order - Masked Intent Collectors Edition" = The Secret Order: Masked Intent Collector's Edition
"Cisco Connect" = Cisco Connect
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"Efficient Calendar Free_is1" = Efficient Calendar Free 3.10
"EPSON Scanner" = EPSON Scan
"FBReader for Windows" = FBReader for Windows
"ffdshow" = ffdshow (remove only)
"HaaliMkx" = Haali Media Splitter
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{C6EAD092-4544-4984-8620-F32F4BCA5180}" = Transamerica Life Products Illustration System TransWare Prerequisite V 2.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Jackson Illustrator" = Jackson Illustrator
"Kobo" = Kobo
"Legacy 7.5" = Legacy 7.5
"LTCM Client" = LTCM Client
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Thunderbird 17.0.6 (x86 en-US)" = Mozilla Thunderbird 17.0.6 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mutual of Omaha - Health_is1" = Mutual of Omaha - Health
"Mutual of Omaha Health Company install" = Mutual of Omaha Health Company install
"Mutual of Omaha_is1" = Mutual of Omaha
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OpenAL" = OpenAL
"PhotoScape" = PhotoScape
"Prudential LTC3 Illustration System" = Prudential LTC3 Illustration System
"Quote It!_is1" = Quote It!
"Rhapsody" = Rhapsody
"The Lost Crown_is1" = The Lost Crown version 2
"WinFlex 6_is1" = WinFlex 6
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/13/2013 10:37:15 PM | Computer Name = DavidLeeVolz-HP | Source = .NET Runtime | ID = 1024
Description =

Error - 6/13/2013 10:37:15 PM | Computer Name = DavidLeeVolz-HP | Source = .NET Runtime | ID = 1024
Description =

[ Hewlett-Packard Events ]
Error - 11/27/2010 9:30:24 PM | Computer Name = DavidLeeVolz-HP | Source = Hewlett-Packard | ID = 0
Description = en-US Cannot find column Date. System.Data at System.Data.DataTable.ParseSortString(String
sortString) at System.Data.DataView.CheckSort(String sort) at System.Data.DataView.set_Sort(String
value) at HPAssistant.Pages.MaintainHistory.UpdateRows() at HPAssistant.Pages.MaintainHistory.loadActions()

at HPAssistant.Pages.MaintainHistory.Page_Loaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error - 1/23/2011 2:52:44 PM | Computer Name = DavidLeeVolz-HP | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HP.ActiveSupportLibrary

at HP.ActiveSupportLibrary.Issues.HPSFSession.?()

Error - 2/27/2011 9:34:57 PM | Computer Name = DavidLeeVolz-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021127083455.xml
File not created by asset agent

Error - 3/3/2013 9:07:27 PM | Computer Name = DavidLeeVolz-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031303080725.xml
File not created by asset agent

Error - 3/10/2013 8:46:20 PM | Computer Name = DavidLeeVolz-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031310084617.xml
File not created by asset agent

< End of report >

Woodstock1780 · 2013/06/13

otl first half

OTL logfile created on: 6/13/2013 10:37:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David Lee Volz\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.27 Gb Available Physical Memory | 78.80% Memory free
15.92 Gb Paging File | 14.13 Gb Available in Paging File | 88.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.13 Gb Total Space | 606.25 Gb Free Space | 88.36% Space Free | Partition Type: NTFS
Drive D: | 12.41 Gb Total Space | 1.52 Gb Free Space | 12.24% Space Free | Partition Type: NTFS

Computer Name: DAVIDLEEVOLZ-HP | User Name: David Lee Volz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/06/13 22:24:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David Lee Volz\Desktop\OTL.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/10 17:45:40 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2011/09/28 19:32:12 | 000,425,336 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files (x86)\PIXELA\VideoBrowser\CameraMonitor.exe
PRC - [2010/10/19 13:09:04 | 001,795,488 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2010/07/07 13:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/07/07 13:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/24 02:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 02:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/03 23:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 23:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/27 19:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2010/01/18 13:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/10/01 00:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 00:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/07/07 16:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2009/06/05 01:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/12/09 10:32:06 | 000,055,120 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2005/08/24 19:25:00 | 000,101,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Location Finder\LocationFinder.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/12 01:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/10/05 06:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/10/05 06:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/08/31 06:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
MOD - [2012/02/10 19:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2010/11/04 21:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/04 21:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 21:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/07/07 13:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CtxfiRes.dll
MOD - [2010/07/01 20:27:10 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\PIXELA\VideoBrowser\pxl_m17n_tool.dll
MOD - [2010/01/27 17:34:00 | 000,178,688 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2010/01/18 13:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2009/12/29 19:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2009/07/13 21:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/06/10 17:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/04/26 05:50:18 | 000,237,056 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/11 13:55:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/05/19 02:03:39 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/06 00:39:05 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/11/06 00:35:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/24 02:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 02:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/03 23:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/01/27 19:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/01 00:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 00:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 00:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 00:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/10 16:56:46 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/23 01:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 01:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/16 01:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/24 20:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 22:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/03/04 21:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 21:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/01/05 12:22:08 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/11/01 22:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/26 07:47:20 | 011,172,864 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/26 04:32:46 | 000,339,456 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/03 14:03:26 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2010/11/20 09:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 09:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 07:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010/11/20 07:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/09/29 17:14:00 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/24 13:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 13:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/08/24 13:29:10 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2010/08/24 13:28:58 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2010/07/07 15:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 15:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 15:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 15:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 15:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 15:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 15:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 15:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/04/24 02:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 02:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 02:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 02:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/04/07 19:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/01 13:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/03/04 10:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/03 23:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/25 18:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 16:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2007/11/02 14:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2013/05/31 12:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/05/22 06:14:24 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130613.001\ex64.sys -- (NAVEX15)
DRV - [2013/05/22 06:14:24 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130613.001\eng64.sys -- (NAVENG)
DRV - [2013/02/26 17:46:26 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20130613.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/02/13 02:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/02/13 02:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{8651C49A-4A5B-405A-B50D-0A5C79B2014D}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{945E6A55-773F-4FC2-A00A-B7A83FDFF1F1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{A70D9132-58C9-4497-8215-C31D89A2CB71}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{C7205BA0-9EF3-425C-A3CF-2E893440D40D}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{945E6A55-773F-4FC2-A00A-B7A83FDFF1F1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{A70D9132-58C9-4497-8215-C31D89A2CB71}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/index.html
IE - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..\SearchScopes,DefaultScope = {D075C96B-C186-4B24-BA8E-63296C887D09}
IE - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..\SearchScopes\{A70D9132-58C9-4497-8215-C31D89A2CB71}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..\SearchScopes\{D075C96B-C186-4B24-BA8E-63296C887D09}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\coFFPlgn\ [2013/06/13 22:28:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\IPSFFPlgn\ [2013/02/27 12:58:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/05/19 02:03:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/05/19 02:03:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/11/14 20:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David Lee Volz\AppData\Roaming\Mozilla\Extensions
[2010/11/14 20:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David Lee Volz\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: Docs = C:\Users\David Lee Volz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\David Lee Volz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\David Lee Volz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\David Lee Volz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\David Lee Volz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/13 22:10:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000..\Run: [Microsoft Location Finder] C:\Program Files (x86)\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe (NewSoft Technology Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..Trusted Domains: unum.com ([services] https in Trusted sites)
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} https://mpsnare.iesnare.com/StmOCX.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab (MachineInfoActiveX.MachineInfoActiveX)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6328FF71-503A-4DFF-9A52-A0ED915F6959}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/13 22:30:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/13 22:30:19 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/13 22:28:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/13 22:24:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David Lee Volz\Desktop\OTL.exe
[2013/06/13 22:23:46 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\David Lee Volz\Desktop\JRT.exe
[2013/06/13 22:11:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/13 21:43:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/13 21:43:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/13 21:43:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/13 21:42:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/13 21:41:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/06/13 21:37:26 | 005,080,197 | R--- | C] (Swearware) -- C:\Users\David Lee Volz\Desktop\ComboFix.exe
[2013/06/13 20:46:41 | 000,000,000 | ---D | C] -- C:\FRST
[2013/06/13 20:46:15 | 001,920,398 | ---- | C] (Farbar) -- C:\Users\David Lee Volz\Desktop\FRST64.exe
[2013/06/13 19:18:14 | 000,000,000 | ---D | C] -- C:\Users\David Lee Volz\Desktop\RK_Quarantine
[2013/06/12 17:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/06/12 15:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/12 15:05:17 | 000,000,000 | ---D | C] -- C:\Users\David Lee Volz\Documents\mbar-1.06.0.1003
[2013/06/11 12:14:23 | 000,000,000 | ---D | C] -- C:\Users\David Lee Volz\AppData\Local\VueSoft
[2013/06/11 09:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/11 09:41:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/06/11 09:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/06/08 21:03:05 | 000,000,000 | ---D | C] -- C:\Users\David Lee Volz\AppData\Roaming\Sunward Games
[2013/06/08 21:00:50 | 000,000,000 | ---D | C] -- C:\Users\David Lee Volz\The Secret Order - Masked Intent Collectors Edition
[2013/06/08 21:00:50 | 000,000,000 | ---D | C] -- C:\Users\David Lee Volz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Secret Order - Masked Intent Collectors Edition
[2013/06/08 21:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Secret Order - Masked Intent Collectors Edition
[2013/05/29 22:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Meridian93
[2013/05/29 21:46:58 | 000,000,000 | ---D | C] -- C:\Users\David Lee Volz\AppData\Roaming\Meridian93
[2013/05/27 17:47:55 | 000,000,000 | ---D | C] -- C:\Users\David Lee Volz\AppData\Roaming\Artifex Mundi
[2013/05/19 02:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

Woodstock1780 · 2013/06/13

otl 2nd and last half

========== Files - Modified Within 30 Days ==========

[2013/06/13 22:35:32 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/13 22:35:32 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/13 22:34:02 | 000,855,108 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/13 22:34:02 | 000,717,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/13 22:34:02 | 000,140,128 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/13 22:28:14 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/13 22:28:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/13 22:28:03 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/13 22:27:25 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/06/13 22:27:25 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/06/13 22:27:25 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/06/13 22:24:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David Lee Volz\Desktop\OTL.exe
[2013/06/13 22:23:46 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\David Lee Volz\Desktop\JRT.exe
[2013/06/13 22:23:28 | 000,648,201 | ---- | M] () -- C:\Users\David Lee Volz\Desktop\adwcleaner.exe
[2013/06/13 22:10:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/13 21:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/13 21:50:21 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/13 21:37:26 | 005,080,197 | R--- | M] (Swearware) -- C:\Users\David Lee Volz\Desktop\ComboFix.exe
[2013/06/13 20:46:16 | 001,920,398 | ---- | M] (Farbar) -- C:\Users\David Lee Volz\Desktop\FRST64.exe
[2013/06/13 19:16:27 | 000,791,040 | ---- | M] () -- C:\Users\David Lee Volz\Desktop\winlogon.exe.exe
[2013/06/12 17:52:31 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/06/12 07:45:11 | 002,558,100 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013/06/11 09:41:29 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/10 20:57:30 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\VT20130115.021
[2013/06/10 20:57:29 | 000,002,463 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/06/10 16:56:46 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/06/10 16:56:46 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/06/10 16:56:46 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/06/08 21:02:34 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Play The Secret Order - Masked Intent Collectors Edition.lnk
[2013/06/08 11:52:52 | 000,341,445 | ---- | M] () -- C:\Users\David Lee Volz\Desktop\942694_551024484939253_1499029688_n.jpg
[2013/06/07 13:33:43 | 001,851,392 | ---- | M] () -- C:\Users\David Lee Volz\Documents\MyCalendar.ecfx
[2013/06/04 02:34:29 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\isolate.ini
[2013/06/03 06:31:10 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDavid Lee Volz.job
[2013/05/26 10:46:34 | 006,794,096 | ---- | M] () -- C:\Users\David Lee Volz\Desktop\2013-05-26_08-28-21_82.jpg
[2013/05/23 22:09:47 | 000,008,063 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.cat
[2013/05/23 01:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys
[2013/05/23 01:25:28 | 000,007,587 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.cat
[2013/05/23 01:25:28 | 000,003,434 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa.inf
[2013/05/22 15:25:09 | 000,657,916 | ---- | M] () -- C:\Users\David Lee Volz\Desktop\Filed-Stamped-Copy-USDC-CT-Complaint.pdf
[2013/05/21 01:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys
[2013/05/21 01:02:00 | 000,002,852 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds.inf
[2013/05/21 00:40:20 | 000,008,067 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.cat
[2013/05/19 20:25:16 | 000,001,854 | ---- | M] () -- C:\Users\David Lee Volz\AppData\Roaming\GhostObjGAFix.xml
[2013/05/19 02:03:45 | 000,002,116 | ---- | M] () -- C:\Users\David Lee Volz\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/05/16 01:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys
[2013/05/16 01:02:14 | 000,001,437 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.inf
[2013/05/15 06:49:09 | 000,287,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/15 06:07:17 | 000,041,151 | ---- | M] () -- C:\Users\David Lee Volz\Desktop\E&O 2013 certificate.pdf
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/13 22:23:28 | 000,648,201 | ---- | C] () -- C:\Users\David Lee Volz\Desktop\adwcleaner.exe
[2013/06/13 21:43:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/13 21:43:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/13 21:43:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/13 21:43:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/13 21:43:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/13 19:16:27 | 000,791,040 | ---- | C] () -- C:\Users\David Lee Volz\Desktop\winlogon.exe.exe
[2013/06/13 08:40:26 | 000,000,886 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoBrowser Camera Monitor.lnk
[2013/06/12 17:52:31 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/06/11 12:13:31 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2013/06/11 09:41:29 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/08 21:02:34 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Play The Secret Order - Masked Intent Collectors Edition.lnk
[2013/06/08 11:52:17 | 000,341,445 | ---- | C] () -- C:\Users\David Lee Volz\Desktop\942694_551024484939253_1499029688_n.jpg
[2013/05/26 10:45:52 | 006,794,096 | ---- | C] () -- C:\Users\David Lee Volz\Desktop\2013-05-26_08-28-21_82.jpg
[2013/05/22 15:25:09 | 000,657,916 | ---- | C] () -- C:\Users\David Lee Volz\Desktop\Filed-Stamped-Copy-USDC-CT-Complaint.pdf
[2013/05/15 06:07:17 | 000,041,151 | ---- | C] () -- C:\Users\David Lee Volz\Desktop\E&O 2013 certificate.pdf
[2013/03/03 21:07:29 | 000,001,854 | ---- | C] () -- C:\Users\David Lee Volz\AppData\Roaming\GhostObjGAFix.xml
[2012/10/24 20:36:59 | 000,000,864 | ---- | C] () -- C:\Users\David Lee Volz\.recently-used.xbel
[2012/10/08 08:15:53 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/09/05 10:45:13 | 000,003,802 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/10 14:45:13 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\WBCustomizer.dll
[2012/04/26 04:52:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/26 04:52:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/12 23:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/23 15:46:24 | 000,870,128 | ---- | C] () -- C:\Users\David Lee Volz\AppData\Roaming\mcs.rma
[2010/09/02 16:17:36 | 000,015,872 | ---- | C] () -- C:\Program Files (x86)\Common Files\JH_Killer.exe
[2010/02/03 14:50:15 | 000,176,128 | ---- | C] () -- C:\Users\David Lee Volz\Defaults.HCF
[2010/02/03 14:49:53 | 000,004,256 | ---- | C] () -- C:\Users\David Lee Volz\UserPref.PRF

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
" " = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/08 08:15:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Epson
[2012/10/08 08:15:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leader Technologies
[2013/06/13 22:28:41 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\.oit
[2011/01/16 21:01:25 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\2monkeys
[2011/04/27 18:57:07 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Alawar
[2013/06/08 19:40:43 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\AlawarEntertainment
[2013/05/27 17:47:55 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Artifex Mundi
[2013/05/05 21:52:38 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Artogon
[2012/07/01 11:24:20 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\BlamGames
[2012/05/12 11:09:33 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Blue Tea Games
[2011/02/08 15:40:39 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Boomzap
[2012/07/19 20:57:49 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\BVS Solitaire Collection
[2012/04/17 13:56:08 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\canon
[2012/09/08 20:26:49 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Creobit
[2012/10/14 19:22:05 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\DailyMagic
[2012/10/26 20:29:47 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\DanceOfDeath_survey_10_18_2012
[2012/03/17 17:35:35 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Dark Blue Games
[2012/08/04 18:02:50 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\DAVA
[2012/09/22 19:23:19 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Deep Shadows
[2011/01/23 22:45:51 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Dekovir
[2012/04/06 17:32:01 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\DikobrazGames
[2012/02/16 11:33:35 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Duoserve
[2013/01/22 11:51:24 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Efficient Calendar Free
[2013/06/08 19:36:13 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Eipix
[2011/01/22 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\EleFun Games
[2013/02/04 14:58:38 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Elephant Games
[2012/01/15 14:50:15 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Enki Games
[2012/03/19 21:38:04 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\EntwinedSoD
[2011/05/26 21:55:09 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Epson
[2011/10/28 19:25:14 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\ERS G-Studio
[2013/05/29 21:44:41 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\ERS Game Studios
[2013/01/17 21:26:17 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Fenomen Games
[2011/08/27 14:43:42 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Floodlight Games
[2011/07/18 22:19:04 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Freeze Tag
[2011/02/15 17:18:53 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Frogwares
[2012/05/28 10:08:55 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Fuzzy Bug Interactive
[2012/02/29 20:44:09 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\GameInvest
[2013/06/08 16:32:26 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\GameMill Entertainment
[2012/06/04 20:10:37 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Garmin
[2013/03/16 17:20:49 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Ghost Ship Studios
[2012/06/30 18:35:55 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Gogii
[2012/12/17 12:25:20 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Gogii Games
[2013/04/02 14:50:49 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\GreenSauceGames
[2012/10/24 20:36:59 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\gtk-2.0
[2011/04/27 19:07:40 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Happy Muffin Top
[2011/03/27 15:41:15 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\HdO Adventure
[2011/03/31 12:47:00 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\HitPoint Studios
[2012/09/18 13:10:28 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Inertia Game Studios
[2011/04/09 12:27:05 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Jewel Match 3
[2012/02/14 09:24:15 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Jigsaws Galore
[2012/02/08 19:32:12 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\KatGames
[2010/12/01 17:40:22 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Leader Technologies
[2010/11/28 15:57:57 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Leadertech
[2013/01/24 17:27:42 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\LestaStudio
[2011/01/21 23:46:04 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\LittleGamesCompany
[2011/09/29 14:50:06 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Mariaglorum
[2011/11/08 23:49:46 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\MediaArt
[2013/05/29 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Meridian93
[2012/05/16 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Millennia
[2011/05/11 15:46:55 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Monkey Barrel Games
[2011/06/05 18:34:59 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\MumboJumbo
[2013/03/06 16:58:22 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Mutant Arcade
[2011/01/22 00:49:02 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Namco
[2012/03/15 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Natural Threat.Ominous Shores
[2011/07/18 11:26:53 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\NewSoft
[2011/01/15 20:44:42 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Oberon Media
[2013/03/24 18:38:42 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Orneon
[2011/01/24 16:42:50 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Phantasmat_bf_ce1
[2013/01/22 11:51:24 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\PhotoScape
[2010/11/13 17:03:46 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\PictureMover
[2011/04/27 17:39:39 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\PlayFirst
[2013/01/09 09:58:18 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\PrimoPDF
[2010/11/29 21:12:02 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\ProtectDISC
[2013/04/17 15:26:10 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\PuzzleLab
[2012/03/04 14:21:57 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Skunk Studios
[2011/09/16 20:23:48 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\SMIGames
[2013/06/12 22:28:08 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\SoftGrid Client
[2011/07/13 20:37:25 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Specialbit
[2011/11/16 01:45:15 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\SpinTop Games
[2011/10/25 16:55:57 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\SulusGames
[2010/11/14 20:43:51 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Thunderbird
[2011/04/09 19:46:52 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\TOMI3
[2010/11/14 20:55:01 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\TP
[2012/12/26 17:31:03 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\unikgame
[2013/03/05 17:21:59 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\uTorrent
[2011/08/02 20:32:08 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\VampireSagaHL
[2011/10/05 20:05:11 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Vogat Interactive
[2011/05/11 15:30:00 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Western Software Technologies
[2011/01/26 19:43:37 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\WhiteBirdsProductions
[2010/11/27 21:21:58 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\WinBatch
[2011/02/18 17:52:59 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\Windows Live Writer
[2013/02/19 16:17:42 | 000,000,000 | ---D | M] -- C:\Users\David Lee Volz\AppData\Roaming\WinZip

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:49EB69E2
@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:5539129F
@Alternate Data Stream - 244 bytes -> C:\ProgramData\Temp:6CF828C2
@Alternate Data Stream - 244 bytes -> C:\ProgramData\Temp:4AC7B5C1
@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:9524D821
@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:104A1C3E
@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:0410A323
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:7D938C9B
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:7BFFC6A9
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:6896CCCE
@Alternate Data Stream - 240 bytes -> C:\ProgramData\Temp:5133A494
@Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:BECA50FF
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:E265ED33
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:32EA849C
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:A7964713
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:8866C899
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:1A15E356
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:E2295807
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:96372A73
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp434342F
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:8A620099
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:1B96CF22
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:E8AEB2BF
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:3D4B733E
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:CE3AADB7
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:B0EA26E5
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:1224B4C3
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:95D421DF
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:3487C53E
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:FB71A279
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:B88DC997
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:9D06FB9C
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:6E2D80C8
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:19474103
@Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:3CAE2A70
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:94B25DF5
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:66F7E5A9
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:5A9F1AE5
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:4A5CFD3B
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:12258D63
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:ED2D63E4
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TempAB09BDB
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:CB5AA1E6
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:C78DADEA
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:F142DBA9
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:A73595DE
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:63C29481
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:BB99F46B
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:B3A5945E
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:9F38BF31
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:53B8C5D2
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:ED0B32CA
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:9836B5E4
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:9720EBEF
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:852F2262
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:5A5477A9
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:4D348522
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:3ADE134E
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:AABECEFB
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:F5B51004
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:7C8AA9A6
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:795F6DEC
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:51E66512
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:1604D047
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:E6B95E40
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:689AB7E9
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:282CE153
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:EFBD4447
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:7DC5D762
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:7254CF01
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:6294B369
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:23834E1E
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:FD6DB82C
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:9C3AAD57
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:37C279BE
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:CCD8056E
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:4C71A42B
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:F89F2593
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:EF0F3F33
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:AED4A2B7
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:AA0017FD
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:9BAC4211
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:436BE28C
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:04EAB86F
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:F610C203
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:AECF4772
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:834DD57E
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:2B856118
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:0588E665
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:71612023
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:A4E7D25F
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:A6D6E537
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:52C24010
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:2F8138B7
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TempA5888A7
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:9BB8C675
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:72F57408
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:884C7316
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:75798D9A
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:F5D01D7C
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:4CA05B44
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:4A93D042
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:BDD83DC4
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:8204AA35
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:B0456F0C
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:71004506
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:3086B95F
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TempE875C30
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:ACCFA538
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:E3615992
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:B3C7433B
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:EB68CA55
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:C49A5AD1
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:48F154AF
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:1709732A
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:961B84C5
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:2D2461E7
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:CF61CE5A
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:59846E5E
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:20EB6823
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:CAC06C34
@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:8BE7A048
@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:6017A808
@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:BA51B8FF
@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:1A3E8375
@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:7242ED0C
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:32640CFD
@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:A866F8A3
@Alternate Data Stream - 182 bytes -> C:\ProgramData\Temp:02DC48D0
@Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:A9C47CF5
@Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:A4CDE823
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:9EC0C767
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:B85A9C0F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1095ECE1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:70E897B5
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:4D8FCBEF
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C37283B5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F5E8CAE0
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp9771F40
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:F72306CC
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:3B454A5C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:2AE74FF9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:5CE91C67
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:E690114B
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp1B5B4F1
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:AFC732F7

< End of report >

broni · 2013/06/13

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
IE:64bit: - HKLM\..\SearchScopes\{8651C49A-4A5B-405A-B50D-0A5C79B2014D}:  "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = *.local;192.168.*.*
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll File not found
O15 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..Trusted Domains: unum.com ([services] https in Trusted sites)
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} https://mpsnare.iesnare.com/StmOCX.cab (Reg Error: Key error.)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...Control_32.CAB (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:49EB69E2
@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:5539129F
@Alternate Data Stream - 244 bytes -> C:\ProgramData\Temp:6CF828C2
@Alternate Data Stream - 244 bytes -> C:\ProgramData\Temp:4AC7B5C1
@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:9524D821
@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:104A1C3E
@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:0410A323
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:7D938C9B
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:7BFFC6A9
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:6896CCCE
@Alternate Data Stream - 240 bytes -> C:\ProgramData\Temp:5133A494
@Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:BECA50FF
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:E265ED33
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:32EA849C
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:A7964713
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:8866C899
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:1A15E356
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:E2295807
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:96372A73
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:D434342F
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:8A620099
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:1B96CF22
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:E8AEB2BF
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:3D4B733E
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:CE3AADB7
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:B0EA26E5
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:1224B4C3
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:95D421DF
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:3487C53E
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:FB71A279
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:B88DC997
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:9D06FB9C
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:6E2D80C8
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:19474103
@Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:3CAE2A70
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:94B25DF5
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:66F7E5A9
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:5A9F1AE5
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:4A5CFD3B
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:12258D63
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:ED2D63E4
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:DAB09BDB
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:CB5AA1E6
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:C78DADEA
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:F142DBA9
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:A73595DE
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:63C29481
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:BB99F46B
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:B3A5945E
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:9F38BF31
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:53B8C5D2
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:ED0B32CA
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:9836B5E4
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:9720EBEF
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:852F2262
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:5A5477A9
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:4D348522
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:3ADE134E
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:AABECEFB
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:F5B51004
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:7C8AA9A6
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:795F6DEC
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:51E66512
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:1604D047
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:E6B95E40
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:689AB7E9
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:282CE153
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:EFBD4447
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:7DC5D762
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:7254CF01
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:6294B369
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:23834E1E
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:FD6DB82C
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:9C3AAD57
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:37C279BE
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:CCD8056E
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:4C71A42B
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:F89F2593
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:EF0F3F33
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:AED4A2B7
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:AA0017FD
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:9BAC4211
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:436BE28C
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:04EAB86F
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:F610C203
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:AECF4772
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:834DD57E
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:2B856118
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:0588E665
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:71612023
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:A4E7D25F
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:A6D6E537
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:52C24010
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:2F8138B7
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:DA5888A7
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:9BB8C675
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:72F57408
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:884C7316
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:75798D9A
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:F5D01D7C
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:4CA05B44
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:4A93D042
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:BDD83DC4
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:8204AA35
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:B0456F0C
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:71004506
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:3086B95F
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:DE875C30
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:ACCFA538
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:E3615992
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:B3C7433B
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:EB68CA55
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:C49A5AD1
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:48F154AF
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:1709732A
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:961B84C5
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:2D2461E7
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:CF61CE5A
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:59846E5E
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:20EB6823
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:CAC06C34
@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:8BE7A048
@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:6017A808
@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:BA51B8FF
@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:1A3E8375
@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:7242ED0C
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:32640CFD
@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:A866F8A3
@Alternate Data Stream - 182 bytes -> C:\ProgramData\Temp:02DC48D0
@Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:A9C47CF5
@Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:A4CDE823
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:9EC0C767
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:B85A9C0F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1095ECE1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:70E897B5
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:4D8FCBEF
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C37283B5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F5E8CAE0
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D9771F40
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:F72306CC
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:3B454A5C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:2AE74FF9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:5CE91C67
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:E690114B
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:AFC732F7

:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

[IMG]

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

[IMG]

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan ".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Woodstock1780 · 2013/06/13

otl

All processes killed
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{8651C49A-4A5B-405A-B50D-0A5C79B2014D}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll File not found> in the current context!
Error: Unable to interpret <O15 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\..Trusted Domains: unum.com ([services] https in Trusted sites)> in the current context!
Error: Unable to interpret <O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} https://mpsnare.iesnare.com/StmOCX.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...Control_32.CAB (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\livecall - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msnim - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlpg - No CLSID value found> in the current context!
Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:49EB69E2> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:5539129F> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 244 bytes -> C:\ProgramData\Temp:6CF828C2> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 244 bytes -> C:\ProgramData\Temp:4AC7B5C1> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:9524D821> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:104A1C3E> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:0410A323> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:7D938C9B> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:7BFFC6A9> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:6896CCCE> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 240 bytes -> C:\ProgramData\Temp:5133A494> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:BECA50FF> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:E265ED33> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:32EA849C> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:A7964713> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:8866C899> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:1A15E356> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:E2295807> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:96372A73> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp434342F> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:8A620099> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:1B96CF22> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:E8AEB2BF> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:3D4B733E> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:CE3AADB7> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:B0EA26E5> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:1224B4C3> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:95D421DF> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:3487C53E> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:FB71A279> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:B88DC997> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:9D06FB9C> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:6E2D80C8> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:19474103> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:3CAE2A70> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:94B25DF5> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:66F7E5A9> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:5A9F1AE5> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:4A5CFD3B> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:12258D63> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:ED2D63E4> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 225 bytes -> C:\ProgramData\TempAB09BDB> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:CB5AA1E6> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:C78DADEA> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:F142DBA9> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:A73595DE> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:63C29481> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:BB99F46B> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:B3A5945E> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:9F38BF31> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:53B8C5D2> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:ED0B32CA> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:9836B5E4> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:9720EBEF> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:852F2262> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:5A5477A9> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:4D348522> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:3ADE134E> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:AABECEFB> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:F5B51004> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:7C8AA9A6> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:795F6DEC> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:51E66512> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:1604D047> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:E6B95E40> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:A02025CE> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:689AB7E9> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:282CE153> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:EFBD4447> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:7DC5D762> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:7254CF01> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:6294B369> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:23834E1E> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:FD6DB82C> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:9C3AAD57> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:37C279BE> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:CCD8056E> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:4C71A42B> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:F89F2593> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:EF0F3F33> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:AED4A2B7> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:AA0017FD> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:9BAC4211> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:436BE28C> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:04EAB86F> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:F610C203> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:AECF4772> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:834DD57E> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:2B856118> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:0588E665> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:71612023> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:A4E7D25F> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:A6D6E537> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:52C24010> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:2F8138B7> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 209 bytes -> C:\ProgramData\TempA5888A7> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:9BB8C675> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:72F57408> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:884C7316> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:75798D9A> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:F5D01D7C> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:4CA05B44> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:4A93D042> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:BDD83DC4> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:8204AA35> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:B0456F0C> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:71004506> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:3086B95F> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 204 bytes -> C:\ProgramData\TempE875C30> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:ACCFA538> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:E3615992> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:B3C7433B> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:EB68CA55> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:C49A5AD1> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:48F154AF> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:1709732A> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:961B84C5> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:2D2461E7> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:CF61CE5A> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:59846E5E> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:20EB6823> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:CAC06C34> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:8BE7A048> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:6017A808> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:BA51B8FF> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:1A3E8375> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:7242ED0C> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:32640CFD> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:A866F8A3> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 182 bytes -> C:\ProgramData\Temp:02DC48D0> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:A9C47CF5> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:A4CDE823> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:9EC0C767> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:B85A9C0F> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1095ECE1> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:70E897B5> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:4D8FCBEF> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C37283B5> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F5E8CAE0> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp9771F40> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:F72306CC> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:3B454A5C> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:2AE74FF9> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:5CE91C67> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:E690114B> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:C22674B6> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp1B5B4F1> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:260575F1> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:AFC732F7> in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: All Users

User: David Lee Volz
->Temp folder emptied: 55275 bytes
->Temporary Internet Files folder emptied: 13276911 bytes
->Java cache emptied: 13282764 bytes
->Google Chrome cache emptied: 6658826 bytes
->Flash cache emptied: 43205 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 436434 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67429 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 32.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: David Lee Volz
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: DefaultAppPool

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: David Lee Volz
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06132013_230006

Files\Folders moved on Reboot...
C:\Users\David Lee Volz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\David Lee Volz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\David Lee Volz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NE3L9HXA\105583-active-windows-7-explorer-fails-startup-wow-dll-error-message-3[1].htm not found!
File\Folder C:\Users\David Lee Volz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NE3L9HXA\fastbutton[1].htm not found!
File\Folder C:\Users\David Lee Volz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NE3L9HXA\like[1].htm not found!
C:\Users\David Lee Volz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35N4FSDU\xd_arbiter[1].htm moved successfully.
C:\Users\David Lee Volz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35N4FSDU\xd_arbiter[3].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

broni · 2013/06/13

That's incorrect.
You didn't copy my whole script.
Most likely you missed a "colon" in front of "OTL" (first line).
Please redo.

Woodstock1780 · 2013/06/13

did I get it this time?

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8651C49A-4A5B-405A-B50D-0A5C79B2014D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8651C49A-4A5B-405A-B50D-0A5C79B2014D}\ not found.
HKU\S-1-5-21-1975598971-2761070460-1008015774-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1975598971-2761070460-1008015774-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\real.com\rhap-app-4-0\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1975598971-2761070460-1008015774-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\real.com\rhapreg\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1975598971-2761070460-1008015774-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rhapsody.com\rhap-app-4-0\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1975598971-2761070460-1008015774-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rhapsody.com\rhapreg\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1975598971-2761070460-1008015774-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\unum.com\services\ deleted successfully.
Starting removal of ActiveX control {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}
C:\Windows\Downloaded Program Files\StmOCX.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\ not found.
Starting removal of ActiveX control {D4B68B83-8710-488B-A692-D74B50BA558E}
C:\Windows\Downloaded Program Files\CTPIDPDE.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D4B68B83-8710-488B-A692-D74B50BA558E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4B68B83-8710-488B-A692-D74B50BA558E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D4B68B83-8710-488B-A692-D74B50BA558E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4B68B83-8710-488B-A692-D74B50BA558E}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\Temp:49EB69E2 deleted successfully.
ADS C:\ProgramData\Temp:5539129F deleted successfully.
ADS C:\ProgramData\Temp:6CF828C2 deleted successfully.
ADS C:\ProgramData\Temp:4AC7B5C1 deleted successfully.
ADS C:\ProgramData\Temp:9524D821 deleted successfully.
ADS C:\ProgramData\Temp:104A1C3E deleted successfully.
ADS C:\ProgramData\Temp:0410A323 deleted successfully.
ADS C:\ProgramData\Temp:7D938C9B deleted successfully.
ADS C:\ProgramData\Temp:7BFFC6A9 deleted successfully.
ADS C:\ProgramData\Temp:6896CCCE deleted successfully.
ADS C:\ProgramData\Temp:5133A494 deleted successfully.
ADS C:\ProgramData\Temp:BECA50FF deleted successfully.
ADS C:\ProgramData\Temp:E265ED33 deleted successfully.
ADS C:\ProgramData\Temp:32EA849C deleted successfully.
ADS C:\ProgramData\Temp:A7964713 deleted successfully.
ADS C:\ProgramData\Temp:8866C899 deleted successfully.
ADS C:\ProgramData\Temp:1A15E356 deleted successfully.
ADS C:\ProgramData\Temp:E2295807 deleted successfully.
ADS C:\ProgramData\Temp:96372A73 deleted successfully.
ADS C:\ProgramData\Temp434342F deleted successfully.
ADS C:\ProgramData\Temp:8A620099 deleted successfully.
ADS C:\ProgramData\Temp:1B96CF22 deleted successfully.
ADS C:\ProgramData\Temp:E8AEB2BF deleted successfully.
ADS C:\ProgramData\Temp:3D4B733E deleted successfully.
ADS C:\ProgramData\Temp:CE3AADB7 deleted successfully.
ADS C:\ProgramData\Temp:B0EA26E5 deleted successfully.
ADS C:\ProgramData\Temp:1224B4C3 deleted successfully.
ADS C:\ProgramData\Temp:95D421DF deleted successfully.
ADS C:\ProgramData\Temp:3487C53E deleted successfully.
ADS C:\ProgramData\Temp:FB71A279 deleted successfully.
ADS C:\ProgramData\Temp:B88DC997 deleted successfully.
ADS C:\ProgramData\Temp:9D06FB9C deleted successfully.
ADS C:\ProgramData\Temp:6E2D80C8 deleted successfully.
ADS C:\ProgramData\Temp:19474103 deleted successfully.
ADS C:\ProgramData\Temp:3CAE2A70 deleted successfully.
ADS C:\ProgramData\Temp:94B25DF5 deleted successfully.
ADS C:\ProgramData\Temp:66F7E5A9 deleted successfully.
ADS C:\ProgramData\Temp:5A9F1AE5 deleted successfully.
ADS C:\ProgramData\Temp:4A5CFD3B deleted successfully.
ADS C:\ProgramData\Temp:12258D63 deleted successfully.
ADS C:\ProgramData\Temp:ED2D63E4 deleted successfully.
ADS C:\ProgramData\TempAB09BDB deleted successfully.
ADS C:\ProgramData\Temp:CB5AA1E6 deleted successfully.
ADS C:\ProgramData\Temp:C78DADEA deleted successfully.
ADS C:\ProgramData\Temp:F142DBA9 deleted successfully.
ADS C:\ProgramData\Temp:A73595DE deleted successfully.
ADS C:\ProgramData\Temp:63C29481 deleted successfully.
ADS C:\ProgramData\Temp:BB99F46B deleted successfully.
ADS C:\ProgramData\Temp:B3A5945E deleted successfully.
ADS C:\ProgramData\Temp:9F38BF31 deleted successfully.
ADS C:\ProgramData\Temp:53B8C5D2 deleted successfully.
ADS C:\ProgramData\Temp:ED0B32CA deleted successfully.
ADS C:\ProgramData\Temp:9836B5E4 deleted successfully.
ADS C:\ProgramData\Temp:9720EBEF deleted successfully.
ADS C:\ProgramData\Temp:852F2262 deleted successfully.
ADS C:\ProgramData\Temp:5A5477A9 deleted successfully.
ADS C:\ProgramData\Temp:4D348522 deleted successfully.
ADS C:\ProgramData\Temp:3ADE134E deleted successfully.
ADS C:\ProgramData\Temp:AABECEFB deleted successfully.
ADS C:\ProgramData\Temp:F5B51004 deleted successfully.
ADS C:\ProgramData\Temp:7C8AA9A6 deleted successfully.
ADS C:\ProgramData\Temp:795F6DEC deleted successfully.
ADS C:\ProgramData\Temp:51E66512 deleted successfully.
ADS C:\ProgramData\Temp:1604D047 deleted successfully.
ADS C:\ProgramData\Temp:E6B95E40 deleted successfully.
ADS C:\ProgramData\Temp:A02025CE deleted successfully.
ADS C:\ProgramData\Temp:689AB7E9 deleted successfully.
ADS C:\ProgramData\Temp:282CE153 deleted successfully.
ADS C:\ProgramData\Temp:EFBD4447 deleted successfully.
ADS C:\ProgramData\Temp:7DC5D762 deleted successfully.
ADS C:\ProgramData\Temp:7254CF01 deleted successfully.
ADS C:\ProgramData\Temp:6294B369 deleted successfully.
ADS C:\ProgramData\Temp:23834E1E deleted successfully.
ADS C:\ProgramData\Temp:FD6DB82C deleted successfully.
ADS C:\ProgramData\Temp:9C3AAD57 deleted successfully.
ADS C:\ProgramData\Temp:37C279BE deleted successfully.
ADS C:\ProgramData\Temp:CCD8056E deleted successfully.
ADS C:\ProgramData\Temp:4C71A42B deleted successfully.
ADS C:\ProgramData\Temp:F89F2593 deleted successfully.
ADS C:\ProgramData\Temp:EF0F3F33 deleted successfully.
ADS C:\ProgramData\Temp:AED4A2B7 deleted successfully.
ADS C:\ProgramData\Temp:AA0017FD deleted successfully.
ADS C:\ProgramData\Temp:9BAC4211 deleted successfully.
ADS C:\ProgramData\Temp:436BE28C deleted successfully.
ADS C:\ProgramData\Temp:04EAB86F deleted successfully.
ADS C:\ProgramData\Temp:F610C203 deleted successfully.
ADS C:\ProgramData\Temp:AECF4772 deleted successfully.
ADS C:\ProgramData\Temp:834DD57E deleted successfully.
ADS C:\ProgramData\Temp:2B856118 deleted successfully.
ADS C:\ProgramData\Temp:0588E665 deleted successfully.
ADS C:\ProgramData\Temp:71612023 deleted successfully.
ADS C:\ProgramData\Temp:A4E7D25F deleted successfully.
ADS C:\ProgramData\Temp:A6D6E537 deleted successfully.
ADS C:\ProgramData\Temp:52C24010 deleted successfully.
ADS C:\ProgramData\Temp:2F8138B7 deleted successfully.
ADS C:\ProgramData\TempA5888A7 deleted successfully.
ADS C:\ProgramData\Temp:9BB8C675 deleted successfully.
ADS C:\ProgramData\Temp:72F57408 deleted successfully.
ADS C:\ProgramData\Temp:884C7316 deleted successfully.
ADS C:\ProgramData\Temp:75798D9A deleted successfully.
ADS C:\ProgramData\Temp:F5D01D7C deleted successfully.
ADS C:\ProgramData\Temp:4CA05B44 deleted successfully.
ADS C:\ProgramData\Temp:4A93D042 deleted successfully.
ADS C:\ProgramData\Temp:BDD83DC4 deleted successfully.
ADS C:\ProgramData\Temp:8204AA35 deleted successfully.
ADS C:\ProgramData\Temp:B0456F0C deleted successfully.
ADS C:\ProgramData\Temp:71004506 deleted successfully.
ADS C:\ProgramData\Temp:3086B95F deleted successfully.
ADS C:\ProgramData\TempE875C30 deleted successfully.
ADS C:\ProgramData\Temp:ACCFA538 deleted successfully.
ADS C:\ProgramData\Temp:E3615992 deleted successfully.
ADS C:\ProgramData\Temp:B3C7433B deleted successfully.
ADS C:\ProgramData\Temp:EB68CA55 deleted successfully.
ADS C:\ProgramData\Temp:C49A5AD1 deleted successfully.
ADS C:\ProgramData\Temp:48F154AF deleted successfully.
ADS C:\ProgramData\Temp:1709732A deleted successfully.
ADS C:\ProgramData\Temp:961B84C5 deleted successfully.
ADS C:\ProgramData\Temp:2D2461E7 deleted successfully.
ADS C:\ProgramData\Temp:CF61CE5A deleted successfully.
ADS C:\ProgramData\Temp:59846E5E deleted successfully.
ADS C:\ProgramData\Temp:20EB6823 deleted successfully.
ADS C:\ProgramData\Temp:CAC06C34 deleted successfully.
ADS C:\ProgramData\Temp:8BE7A048 deleted successfully.
ADS C:\ProgramData\Temp:6017A808 deleted successfully.
ADS C:\ProgramData\Temp:BA51B8FF deleted successfully.
ADS C:\ProgramData\Temp:1A3E8375 deleted successfully.
ADS C:\ProgramData\Temp:7242ED0C deleted successfully.
ADS C:\ProgramData\Temp:32640CFD deleted successfully.
ADS C:\ProgramData\Temp:A866F8A3 deleted successfully.
ADS C:\ProgramData\Temp:02DC48D0 deleted successfully.
ADS C:\ProgramData\Temp:A9C47CF5 deleted successfully.
ADS C:\ProgramData\Temp:A4CDE823 deleted successfully.
ADS C:\ProgramData\Temp:9EC0C767 deleted successfully.
ADS C:\ProgramData\Temp:B85A9C0F deleted successfully.
ADS C:\ProgramData\Temp:1095ECE1 deleted successfully.
ADS C:\ProgramData\Temp:70E897B5 deleted successfully.
ADS C:\ProgramData\Temp:4D8FCBEF deleted successfully.
ADS C:\ProgramData\Temp:C37283B5 deleted successfully.
ADS C:\ProgramData\Temp:F5E8CAE0 deleted successfully.
ADS C:\ProgramData\Temp9771F40 deleted successfully.
ADS C:\ProgramData\Temp:F72306CC deleted successfully.
ADS C:\ProgramData\Temp:3B454A5C deleted successfully.
ADS C:\ProgramData\Temp:2AE74FF9 deleted successfully.
ADS C:\ProgramData\Temp:5CE91C67 deleted successfully.
ADS C:\ProgramData\Temp:E690114B deleted successfully.
ADS C:\ProgramData\Temp:C22674B6 deleted successfully.
ADS C:\ProgramData\Temp1B5B4F1 deleted successfully.
ADS C:\ProgramData\Temp:260575F1 deleted successfully.
ADS C:\ProgramData\Temp:AFC732F7 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: David Lee Volz
->Temp folder emptied: 18398 bytes
->Temporary Internet Files folder emptied: 4967279 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: David Lee Volz
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: DefaultAppPool

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: David Lee Volz
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06132013_231122

Files\Folders moved on Reboot...
C:\Users\David Lee Volz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\David Lee Volz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MKIDYC19\audmeasure[1].gif moved successfully.
C:\Users\David Lee Volz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MKIDYC19\fastbutton[1].htm moved successfully.
C:\Users\David Lee Volz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MKIDYC19\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\David Lee Volz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MKIDYC19\xd_arbiter[1].htm moved successfully.
C:\Users\David Lee Volz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HTFQ9R2O\105583-active-windows-7-explorer-fails-startup-wow-dll-error-message-3[1].htm moved successfully.
C:\Users\David Lee Volz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HTFQ9R2O\xd_arbiter[1].htm moved successfully.
C:\Users\David Lee Volz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CBDZRQXM\like[2].htm moved successfully.
C:\Users\David Lee Volz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\David Lee Volz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

broni · 2013/06/13

Yes. Good job

Go on...

Woodstock1780 · 2013/06/13

sc

Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 29
Java(TM) 6 Update 31
Java version out of Date!
Mozilla Thunderbird (17.0.6)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

Woodstock1780 · 2013/06/13

fss

Farbar Service Scanner Version: 31-05-2013 01
Ran by David Lee Volz (administrator) on 13-06-2013 at 23:19:34
Running from "C:\Users\David Lee Volz\Desktop "
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware "=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-12 07:28] - [2013-05-08 02:39] - 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2013-06-12 07:28] - [2013-05-13 01:51] - 0184320 ____A (Microsoft Corporation) D8129C49798CBBFB2E4351D4B7B8EF9C

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Woodstock1780 · 2013/06/13

eset

program would not update and download...asked if proxy was configured. don't know how to work around this, broni.

broni · 2013/06/13

Try different browser.

Woodstock1780 · 2013/06/13

IE 9 is all I have installed...what do you suggest? Can we get away without this last step?

Log in or Sign up

Solved Windows 7 Explorer fails on startup & wow.dll error message

broni Moderator Malware Analyst

Woodstock1780 Inactive Thread Starter

broni Moderator Malware Analyst

Woodstock1780 Inactive Thread Starter

broni Moderator Malware Analyst

Woodstock1780 Inactive Thread Starter

Woodstock1780 Inactive Thread Starter

Woodstock1780 Inactive Thread Starter

Woodstock1780 Inactive Thread Starter

Woodstock1780 Inactive Thread Starter

broni Moderator Malware Analyst

Woodstock1780 Inactive Thread Starter

broni Moderator Malware Analyst

Woodstock1780 Inactive Thread Starter

broni Moderator Malware Analyst

Woodstock1780 Inactive Thread Starter

Woodstock1780 Inactive Thread Starter

Woodstock1780 Inactive Thread Starter

broni Moderator Malware Analyst

Woodstock1780 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Windows 7 Explorer fails on startup & wow.dll error message

broni Moderator Malware Analyst

Woodstock1780 Inactive Thread Starter

broni Moderator Malware Analyst

Woodstock1780 Inactive Thread Starter

broni Moderator Malware Analyst

Woodstock1780 Inactive Thread Starter

Woodstock1780 Inactive Thread Starter

Woodstock1780 Inactive Thread Starter

Woodstock1780 Inactive Thread Starter

Woodstock1780 Inactive Thread Starter

broni Moderator Malware Analyst

Woodstock1780 Inactive Thread Starter

broni Moderator Malware Analyst

Woodstock1780 Inactive Thread Starter

broni Moderator Malware Analyst

Woodstock1780 Inactive Thread Starter

Woodstock1780 Inactive Thread Starter

Woodstock1780 Inactive Thread Starter

broni Moderator Malware Analyst

Woodstock1780 Inactive Thread Starter

Share This Page

Useful Searches