Nasty malware not detected by any removal software!

**brchapman** · 2014-05-27, 16:16

File to large, uploading in three parts:

OTL logfile created on: 5/27/2014 9:56:00 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barry Chapman\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.92 Gb Total Physical Memory | 9.16 Gb Available Physical Memory | 76.88% Memory free
23.84 Gb Paging File | 20.92 Gb Available in Paging File | 87.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.06 Gb Total Space | 373.55 Gb Free Space | 84.69% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 445.11 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive Y: | 24.67 Gb Total Space | 14.20 Gb Free Space | 57.59% Space Free | Partition Type: NTFS

Computer Name: BARRYSNEW | User Name: Barry Chapman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Barry Chapman\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Backblaze\bzbui.exe ()
PRC - C:\Program Files (x86)\Backblaze\bzserv.exe ()
PRC - C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe ()
PRC - C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks SAS)
PRC - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe (Pervasive Software Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Backblaze\bzbui.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\d7a1bbd56dc15a29c2450b177f9468d7\System.Net.Http.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\0bedc417d3c5dcb1c9a5f15dd733c556\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll ()
MOD - C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (McAPExe) -- C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (mfecore) -- C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcpltsvc) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv2) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (HomeNetSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (Intel(R) -- c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (Intel(R) -- c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (McAWFwk) -- c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe (McAfee, Inc.)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (bzserv) -- C:\Program Files (x86)\Backblaze\bzserv.exe ()
SRV - (SystemUpdatekb70007) -- C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SftService) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks SAS)
SRV - (DellDigitalDelivery) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Windows (R) Win 7 DDK provider)
SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (mfencrk) -- C:\Windows\SysNative\drivers\mfencrk.sys (McAfee, Inc.)
DRV:64bit: - (mfencbdc) -- C:\Windows\SysNative\drivers\mfencbdc.sys (McAfee, Inc.)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (usbscan) -- C:\Windows\SysWOW64\drivers\usbscan.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D81273E4-7658-47B6-8075-3D404C64D87C}
IE:64bit: - HKLM\..\SearchScopes\{D81273E4-7658-47B6-8075-3D404C64D87C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D81273E4-7658-47B6-8075-3D404C64D87C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - prefs.js..network.proxy.type: 1user_pref("network.proxy.http", "127.0.0.1");user_pref("network.proxy.http_port", 8118);user_pref("network.proxy.ssl", "127.0.0.1");user_pref("network.proxy.ssl_port", 8118);
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2014/05/25 10:10:50 | 000,000,000 | ---D | M]

[2014/05/03 16:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barry Chapman\AppData\Roaming\Mozilla\Extensions
[2014/05/03 16:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barry Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\76t9nm76.default\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_1\
CHR - Extension: Google Drive = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google Wallet = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/05/15 14:38:25 | 000,450,709 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15469 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-670280924-550259233-2201882432-1000..\Run: [Backblaze] C:\Program Files (x86)\Backblaze\bzbui.exe ()
O4 - HKU\S-1-5-21-670280924-550259233-2201882432-1000..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 205.152.144.23 205.152.132.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52E3D270-9F67-475E-B16A-1D6443366E50}: DhcpNameServer = 8.8.8.8 8.8.4.4 205.152.144.23 205.152.132.23
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/15 20:52:18 | 000,000,080 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

**brchapman** · 2014-05-27, 16:18

========== Files/Folders - Created Within 30 Days ==========

[2014/05/27 09:18:51 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2014/05/27 08:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/05/27 08:54:00 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/05/26 10:19:40 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/25 10:38:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/05/25 10:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/05/25 10:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/05/23 08:25:39 | 000,000,000 | ---D | C] -- C:\New folder
[2014/05/23 07:48:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/05/23 07:41:53 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\QuickScan
[2014/05/22 16:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/22 15:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2014/05/22 15:35:36 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/22 15:35:22 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/22 15:35:22 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/22 15:35:22 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/22 15:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/05/22 10:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot
[2014/05/21 11:27:06 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\TuneUp Software
[2014/05/21 11:16:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/05/21 11:16:29 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\MFAData
[2014/05/21 11:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/05/20 14:53:08 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Norman Malware Cleaner
[2014/05/20 12:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/05/19 16:42:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/19 10:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014/05/19 10:20:13 | 000,000,000 | ---D | C] -- C:\Adobe XI Pro
[2014/05/19 08:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/05/19 07:54:08 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\ProcAlyzer Dumps
[2014/05/16 10:51:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\CrashDumps
[2014/05/16 09:39:50 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\SUPERAntiSpyware.com
[2014/05/16 09:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/05/16 08:33:26 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/05/16 08:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2014/05/16 08:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/05/15 11:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/05/15 11:40:14 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/05/15 11:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/05/15 11:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/05/15 03:25:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Virtual Machines
[2014/05/15 03:06:09 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/15 03:06:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/14 16:16:31 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\PDF24
[2014/05/14 15:56:37 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft
[2014/05/14 15:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSR
[2014/05/14 15:56:04 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\IdleCrawler
[2014/05/14 15:54:30 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\wi_upd
[2014/05/14 15:48:24 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\BitTorrent
[2014/05/14 11:56:55 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\Outlook Files
[2014/05/14 10:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2014/05/14 10:25:54 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2014/05/14 10:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/05/14 10:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2014/05/14 10:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/05/14 10:20:23 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014/05/14 08:30:28 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Secunia PSI
[2014/05/14 08:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2014/05/14 05:44:33 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/14 05:44:33 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/14 05:44:11 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/14 05:44:11 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/14 05:44:10 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/14 05:44:10 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/14 05:44:10 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/14 05:44:10 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/14 05:44:10 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/14 05:44:10 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/14 05:44:09 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/14 05:44:09 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/14 05:44:09 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/14 05:44:09 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/14 05:44:09 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/14 05:44:09 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/14 05:44:09 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/14 05:44:09 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/14 05:44:09 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/14 05:44:09 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/14 05:44:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/14 05:44:09 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/14 05:44:09 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/14 05:44:08 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/14 05:44:08 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/13 12:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backblaze
[2014/05/13 12:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Backblaze
[2014/05/13 12:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Backblaze
[2014/05/13 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\VMware
[2014/05/13 11:18:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/05/13 11:00:12 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\VMware
[2014/05/12 20:43:13 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\.asdm
[2014/05/12 20:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2014/05/12 13:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\My Lockbox
[2014/05/12 07:16:46 | 000,000,000 | -H-D | C] -- C:\.bzvol
[2014/05/09 11:38:06 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\CCWin
[2014/05/09 07:41:14 | 000,063,568 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2014/05/09 07:40:35 | 000,354,896 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2014/05/09 07:40:33 | 000,434,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2014/05/09 07:40:32 | 000,030,800 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2014/05/09 07:40:26 | 000,943,184 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2014/05/09 07:39:45 | 000,033,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2014/05/09 07:39:43 | 000,039,024 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2014/05/09 07:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2014/05/09 07:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2014/05/09 07:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2014/05/09 07:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2014/05/09 07:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2014/05/07 09:42:51 | 000,231,552 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXDFLT.DLL
[2014/05/07 09:42:51 | 000,102,672 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXTIFFN.DLL
[2014/05/07 09:42:51 | 000,049,424 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXTHK32.DLL
[2014/05/07 09:42:51 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXSLN.DLL
[2014/05/07 09:42:51 | 000,023,152 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXPERM.DLL
[2014/05/07 09:42:51 | 000,016,048 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXLOC.DLL
[2014/05/07 09:42:51 | 000,011,968 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\SysWow64\PIXMDLLC.CPL
[2014/05/07 09:42:51 | 000,006,416 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXTHK16.DLL
[2014/05/07 09:42:50 | 000,209,168 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXNOTEN.DLL
[2014/05/07 09:42:50 | 000,074,000 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXNAMEN.DLL
[2014/05/07 09:42:50 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXRAMN.DLL
[2014/05/07 09:42:50 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXPANN.DLL
[2014/05/07 09:42:50 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXMPN.DLL
[2014/05/07 09:42:50 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXMDLGN.DLL
[2014/05/07 09:42:49 | 000,753,936 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXANNOT.DLL
[2014/05/07 09:42:49 | 000,463,120 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXJP2K.DLL
[2014/05/07 09:42:49 | 000,327,680 | ---- | C] (The University of New South Wales) -- C:\Windows\SysWow64\PIXJP2KI.DLL
[2014/05/07 09:42:49 | 000,119,056 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXJBGN.DLL
[2014/05/07 09:42:49 | 000,094,480 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXAPS.DLL
[2014/05/07 09:42:49 | 000,069,904 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXDLGN.DLL
[2014/05/07 09:42:49 | 000,057,616 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXLZWN.DLL
[2014/05/07 09:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon Electronics
[2014/05/07 09:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CapturePerfect 3.1
[2014/05/06 16:16:12 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\ElevatedDiagnostics
[2014/05/06 15:56:54 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\My Documents from old
[2014/05/06 13:18:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/05/06 13:12:58 | 000,152,576 | ---- | C] (Canon Electronics) -- C:\Windows\SysNative\DR25SVC.dll
[2014/05/06 13:12:46 | 000,491,792 | ---- | C] (Captiva Software Corp.) -- C:\Windows\SysWow64\qd1.dll
[2014/05/06 10:10:41 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Oracle
[2014/05/06 10:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/05/06 10:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/05/06 10:05:04 | 000,313,256 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/05/06 10:04:56 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/05/06 10:04:56 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/05/06 10:04:56 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/05/06 10:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/05/06 10:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/05/06 09:31:13 | 000,233,744 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXMDLN.DLL
[2014/05/06 09:09:30 | 000,200,704 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\twpix32.dll
[2014/05/06 09:09:30 | 000,098,304 | ---- | C] (Cornerstone Imaging, Inc.) -- C:\Windows\SysWow64\Wiaext32.dll
[2014/05/06 09:09:30 | 000,023,152 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\System\Pixperm.dll
[2014/05/06 09:09:30 | 000,021,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\Ctl3d.dll
[2014/05/06 09:09:30 | 000,016,064 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\System\Pixloc.dll
[2014/05/06 09:09:29 | 000,231,552 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\System\Pixdflt.dll
[2014/05/06 09:06:37 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\ISIS Drivers
[2014/05/06 09:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ISIS Drivers
[2014/05/06 09:05:28 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Desktop\CapturePerfect 3.0
[2014/05/06 08:51:55 | 000,000,000 | ---D | C] -- C:\DR Scanner
[2014/05/06 08:43:03 | 000,000,000 | ---D | C] -- C:\DR2580C
[2014/05/06 08:37:30 | 000,096,768 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysNative\DR25CPL.dll
[2014/05/06 08:37:30 | 000,083,456 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysNative\CeiUSB64.dll
[2014/05/06 07:52:59 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/06 07:29:31 | 000,000,000 | ---D | C] -- C:\CapturePerfect Upgrade
[2014/05/06 03:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2014/05/05 17:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon DR-2580C
[2014/05/05 16:56:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\AdobeUM
[2014/05/05 16:53:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2014/05/05 16:53:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2014/05/05 16:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/05/05 16:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/05/05 16:24:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/05/05 16:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2014/05/05 16:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2014/05/05 15:50:08 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver
[2014/05/05 14:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landtech XML
[2014/05/05 14:52:53 | 000,204,800 | ---- | C] (Landtech Data Corporation) -- C:\Windows\SysWow64\ltwpvsw.DLL
[2014/05/05 14:52:53 | 000,065,536 | ---- | C] (Landtech Data Corp.) -- C:\Windows\SysWow64\LTWNode.exe
[2014/05/05 14:52:53 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Landtech XML
[2014/05/05 14:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Pervasive Software
[2014/05/05 14:44:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pervasive Software
[2014/05/05 14:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pervasive
[2014/05/05 14:22:07 | 000,000,000 | ---D | C] -- C:\LTAPPS
[2014/05/05 14:18:46 | 000,000,000 | ---D | C] -- C:\Wages
[2014/05/05 14:07:17 | 000,169,600 | ---- | C] (Wintertree Software Inc.) -- C:\Windows\SysWow64\WSpell.ocx
[2014/05/05 12:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WP-64
[2014/05/05 12:22:16 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Help
[2014/05/05 12:22:16 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Help
[2014/05/05 11:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/05/05 10:49:21 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvbvm50.dll
[2014/05/05 10:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medlin Accounting
[2014/05/05 10:49:20 | 000,000,000 | ---D | C] -- C:\MWACCT
[2014/05/05 10:49:04 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Programs
[2014/05/05 10:40:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\QuickenWindow
[2014/05/05 10:36:26 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\IsolatedStorage
[2014/05/05 10:28:28 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\Quicken
[2014/05/05 10:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2014/05/05 10:24:39 | 004,169,728 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
[2014/05/05 10:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2014
[2014/05/05 10:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2014/05/05 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken
[2014/05/05 10:24:08 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Intuit
[2014/05/05 10:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2014/05/05 10:13:09 | 000,000,000 | ---D | C] -- C:\Quicken 2014
[2014/05/05 09:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2014/05/05 08:58:28 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\EmieUserList
[2014/05/05 08:58:28 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\EmieSiteList
[2014/05/05 03:10:48 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/05 03:10:48 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/05 03:10:46 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/05 03:10:43 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/05 03:10:43 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/05 03:10:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/05 03:10:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/05 03:10:42 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/05 03:10:42 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/05 03:10:42 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/05 03:10:42 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/05 03:10:42 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/05 03:10:42 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/05 03:10:41 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/05 03:10:41 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/05 03:10:41 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/05 03:10:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/05 03:10:41 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/05 03:10:41 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/05 03:10:39 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/05/05 03:10:39 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/05 03:10:39 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/05 03:10:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/05 03:10:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/05 03:10:38 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/05 03:10:38 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/05 03:10:37 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/05 03:10:36 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/05 03:10:35 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/04 03:37:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2014/05/04 03:37:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2014/05/04 03:17:29 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/05/04 03:06:18 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2014/05/04 03:06:18 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2014/05/04 03:06:18 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2014/05/04 03:06:18 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2014/05/03 16:58:30 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2014/05/03 16:58:30 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2014/05/03 16:58:24 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/05/03 16:58:24 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/05/03 16:58:23 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/05/03 16:58:23 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/05/03 16:58:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/05/03 16:58:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/05/03 16:55:43 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/05/03 16:55:43 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/05/03 16:55:42 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/05/03 16:55:42 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/05/03 16:55:42 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/05/03 16:55:42 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/05/03 16:55:42 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/05/03 16:55:42 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/05/03 16:55:42 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/05/03 16:55:42 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/05/03 16:55:42 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/05/03 16:55:42 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/05/03 16:55:42 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/05/03 16:55:42 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/05/03 16:55:42 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/05/03 16:55:42 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/05/03 16:55:42 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/05/03 16:55:35 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/05/03 16:55:35 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/05/03 16:55:09 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/05/03 16:55:09 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/05/03 16:53:46 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/05/03 16:53:44 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/05/03 16:53:44 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/05/03 16:53:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/05/03 16:53:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/05/03 16:53:38 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/05/03 16:53:38 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/05/03 16:53:37 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/05/03 16:53:37 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/05/03 16:53:37 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2014/05/03 16:53:37 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2014/05/03 16:53:36 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/05/03 16:53:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/05/03 16:53:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/05/03 16:53:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/05/03 16:53:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/05/03 16:53:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/05/03 16:53:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/05/03 16:53:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/05/03 16:53:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2014/05/03 16:53:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2014/05/03 16:53:30 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/05/03 16:46:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014/05/03 16:40:07 | 000,000,000 | ---D | C] -- C:\Office 2000
[2014/05/03 16:34:04 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Microsoft Help
[2014/05/03 16:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2014/05/03 16:26:05 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\WinRAR
[2014/05/03 16:23:38 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Macromedia
[2014/05/03 16:21:15 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Mozilla
[2014/05/03 16:21:15 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Mozilla
[2014/05/03 16:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/05/03 16:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/05/03 16:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/03 16:10:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/05/03 16:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/05/03 16:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2014/05/03 15:48:38 | 001,098,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wab32res.dll
[2014/05/03 15:48:38 | 000,886,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wab32.dll
[2014/05/03 15:40:56 | 000,000,000 | ---D | C] -- C:\Windows\Msagent
[2014/05/03 15:40:38 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft Web Folders
[2014/05/03 15:33:02 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftsrch.dll
[2014/05/03 15:33:02 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftsrch.dll
[2014/05/03 15:33:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx041e.dll
[2014/05/03 15:33:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx041e.dll
[2014/05/03 15:33:02 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx0411.dll
[2014/05/03 15:33:02 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx0411.dll
[2014/05/03 14:40:10 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Adobe
[2014/05/03 14:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\wp51
[2014/05/03 14:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FAX User Software
[2014/05/03 14:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kyocera
[2014/05/03 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Canon Electronics
[2014/05/03 13:38:36 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\Corel User Files
[2014/05/03 13:38:11 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Corel
[2014/05/03 13:31:52 | 000,021,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CTL3D.DLL
[2014/05/03 13:31:15 | 000,067,888 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysWow64\SuStiUtl.dll
[2014/05/03 13:30:43 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Desktop\Canon DR-2580C
[2014/05/03 13:30:41 | 000,106,496 | ---- | C] (Canon Electronics) -- C:\Windows\SysWow64\DR25SVC.dll
[2014/05/03 13:30:41 | 000,094,208 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysWow64\DR25CPL.dll
[2014/05/03 13:30:41 | 000,036,864 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysWow64\CeiUSB2.dll
[2014/05/03 13:30:41 | 000,014,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\usbscan.sys
[2014/05/03 13:30:38 | 000,180,224 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN1120.DLL
[2014/05/03 13:30:38 | 000,176,128 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN1520.DLL
[2014/05/03 13:30:38 | 000,114,688 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN1320.DLL
[2014/05/03 13:30:38 | 000,051,712 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN20.DLL
[2014/05/03 13:30:37 | 000,602,384 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\SysWow64\pixipdll.dll
[2014/05/03 13:30:37 | 000,155,648 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN1020.DLL
[2014/05/03 13:30:36 | 000,401,484 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msvcrtd.dll
[2014/05/03 13:30:36 | 000,221,456 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXDFLTN.DLL
[2014/05/03 13:30:36 | 000,074,000 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXLOCN.DLL
[2014/05/03 13:30:36 | 000,053,520 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXPERMN.DLL
[2014/05/03 13:30:36 | 000,000,000 | ---D | C] -- C:\Windows\PIXTRAN
[2014/05/03 13:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon Electronics
[2014/05/03 13:30:31 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2014/05/03 13:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office 12
[2014/05/03 13:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Borland Shared
[2014/05/03 13:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WordPerfect Office 12
[2014/05/03 13:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2014/05/03 12:01:21 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\PCDr
[2014/05/02 20:32:20 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/05/02 20:32:20 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/05/02 20:32:20 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/05/02 20:32:12 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/05/02 20:32:12 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/05/02 20:32:12 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/05/02 20:32:05 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/05/02 20:32:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/05/02 19:50:51 | 000,197,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2014/05/02 16:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/05/02 16:12:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/05/02 16:12:46 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Google
[2014/05/02 16:10:13 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Diagnostics
[2014/05/02 15:58:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Apps
[2014/05/02 15:58:32 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Deployment
[2014/05/02 15:45:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Opera Software
[2014/05/02 15:45:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Opera Software
[2014/05/02 15:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2014/05/02 15:42:10 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Macromedia
[2014/05/02 15:26:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Intel Corporation
[2014/05/02 15:25:54 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Dell
[2014/05/02 15:25:50 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\BMExplorer
[2014/05/02 15:25:49 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\Bluetooth Folder
[2014/05/02 15:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2014/05/02 15:25:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Leadertech
[2014/05/02 15:25:31 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Atheros
[2014/05/02 15:25:20 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Adobe
[2014/05/02 15:25:19 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/05/02 15:25:19 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Searches
[2014/05/02 15:25:19 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/05/02 15:25:19 | 000,000,000 | -H-D | C] -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/05/02 15:25:10 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Identities
[2014/05/02 15:25:08 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Contacts
[2014/05/02 15:25:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\VirtualStore
[2014/05/02 15:23:34 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\softthinks
[2014/05/02 15:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\softthinks
[2014/05/02 15:17:44 | 000,000,000 | --SD | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Videos
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Saved Games
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Pictures
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Music
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Links
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Favorites
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Downloads
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Documents
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Desktop
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\Temporary Internet Files
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Templates
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Start Menu
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\SendTo
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Recent
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\PrintHood
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\NetHood
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Documents\My Videos
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Documents\My Pictures
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Documents\My Music
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\My Documents
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Local Settings
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\History
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Cookies
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Application Data
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\Application Data
[2014/05/02 15:17:44 | 000,000,000 | -H-D | C] -- C:\Users\Barry Chapman\AppData
[2014/05/02 15:17:44 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Temp
[2014/05/02 15:17:44 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Microsoft
[2014/05/02 15:17:44 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2014/05/27 09:57:26 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/27 09:57:26 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/27 09:55:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/27 09:18:20 | 000,791,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/27 09:18:20 | 000,670,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/27 09:18:20 | 000,125,196 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/27 09:13:14 | 001,440,846 | ---- | M] () -- C:\Program Files (x86)\mbam-chameleon-1.62.1.1000.zip
[2014/05/27 09:07:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/27 08:53:24 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/27 08:53:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/27 08:53:05 | 1008,427,006 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/25 11:49:58 | 000,004,447 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\attach.zip
[2014/05/25 11:38:01 | 000,000,512 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\MBR.dat
[2014/05/25 10:52:48 | 000,004,315 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\attach.rar
[2014/05/25 10:37:03 | 000,001,159 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/05/25 10:36:53 | 000,000,960 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\ERUNT.lnk
[2014/05/23 09:52:06 | 000,201,978 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 PRELIMINARY HUD.pdf
[2014/05/23 07:52:39 | 000,033,334 | ---- | M] () -- C:\ProgramData\1400845954.bdinstall.bin
[2014/05/23 07:52:28 | 000,000,189 | ---- | M] () -- C:\ProgramData\1400845920.2208.bin
[2014/05/23 07:52:24 | 000,002,061 | ---- | M] () -- C:\ProgramData\1400845920.2284.bin
[2014/05/23 07:52:14 | 000,039,641 | ---- | M] () -- C:\ProgramData\1400845920.2200.bin
[2014/05/23 07:48:44 | 624,028,561 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/05/23 07:44:29 | 000,000,965 | ---- | M] () -- C:\ProgramData\1400845426.13472.bin
[2014/05/23 07:44:27 | 000,043,785 | ---- | M] () -- C:\ProgramData\1400845426.14224.bin
[2014/05/23 07:44:03 | 000,002,062 | ---- | M] () -- C:\ProgramData\1400845426.13672.bin
[2014/05/23 07:42:32 | 000,044,557 | ---- | M] () -- C:\ProgramData\1400845313.bdinstall.bin
[2014/05/22 15:48:56 | 000,042,188 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141050 revised contract.pdf
[2014/05/22 15:35:06 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/22 15:35:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/22 15:35:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/22 15:35:06 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/22 15:20:40 | 000,103,981 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141050 signed contract.pdf
[2014/05/22 13:23:30 | 000,051,706 | ---- | M] () -- C:\Windows\SysWow64\bddel.dat
[2014/05/22 13:12:59 | 000,202,050 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141042 REVISED HUD.pdf
[2014/05/22 10:49:21 | 000,001,434 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/05/21 16:21:32 | 000,037,861 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Roaming\Comma Separated Values (Windows).ADR
[2014/05/21 15:00:00 | 000,017,064 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Martinez legal description.pdf
[2014/05/21 09:17:50 | 000,002,334 | ---- | M] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/21 09:17:50 | 000,002,310 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/20 11:11:14 | 000,024,389 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141042 preliminary HUD.pdf
[2014/05/20 09:17:06 | 000,166,076 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141049 HICKMAN ucc1.pdf
[2014/05/19 14:46:28 | 000,126,434 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141049 REVISED HUD.pdf
[2014/05/19 14:25:33 | 000,148,676 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141049 HUD & LEGAL DESCR.pdf
[2014/05/19 14:11:04 | 000,129,944 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141051 HUD.pdf
[2014/05/19 09:55:20 | 000,009,944 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Clayton Homes Invoice-Turbide.pdf
[2014/05/16 11:13:50 | 000,111,023 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Bunche Stree contract.pdf
[2014/05/15 14:38:25 | 000,450,709 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/05/15 12:49:03 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140515-143825.backup
[2014/05/15 11:40:19 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/05/15 11:40:19 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/05/15 11:40:19 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/05/15 11:36:53 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2014/05/14 15:27:56 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2014/05/14 15:14:45 | 000,494,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/14 15:08:15 | 000,001,520 | ---- | M] () -- C:\Users\Public\Documents\AcStd7_1_0.ini
[2014/05/14 14:39:51 | 000,129,908 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Wiggins hud.pdf
[2014/05/14 11:41:08 | 000,001,186 | ---- | M] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/05/14 08:36:30 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/14 08:36:30 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/13 15:37:53 | 000,125,914 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141044 PREL HUD.pdf
[2014/05/13 12:25:15 | 000,144,192 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 tax cert and plat.pdf
[2014/05/13 11:38:10 | 034,209,792 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\CHAPMA11_20140505-2014-05-13.QDF-backup
[2014/05/13 11:13:54 | 000,007,605 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Local\resmon.resmoncfg
[2014/05/13 10:04:35 | 000,000,000 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Local\{89B78C50-3F1E-4624-B5B6-B21F413891C7}
[2014/05/13 09:04:13 | 000,025,833 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Performance Monitor screen grab.gif
[2014/05/12 16:37:27 | 000,255,875 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 commitment.pdf
[2014/05/12 16:26:00 | 000,010,295 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 commitment.wpd
[2014/05/12 16:21:54 | 000,002,380 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 DATA FILE.wpd
[2014/05/09 10:58:52 | 000,729,275 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141039 signed docs.pdf
[2014/05/09 10:41:30 | 000,015,330 | ---- | M] () -- C:\Users\Barry Chapman\Documents\WIRE INSTRUCTIONS REAL ESTATE TRUST ACCT.pdf
[2014/05/09 07:41:18 | 000,001,070 | ---- | M] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2014/05/09 07:39:33 | 000,807,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/09 07:39:32 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2014/05/09 02:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/09 02:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/07 15:51:16 | 000,088,239 | ---- | M] () -- C:\Users\Barry Chapman\Documents\martin aff doc.pdf
[2014/05/07 15:43:47 | 002,744,977 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Gary Martin closing package.pdf
[2014/05/07 11:24:18 | 000,027,554 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141041 revised note.pdf
[2014/05/07 09:44:56 | 000,532,504 | ---- | M] () -- C:\Users\Barry Chapman\Documents\revised note and sd to change dates.pdf
[2014/05/07 09:16:15 | 000,024,895 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Old Republic Synovus letter.pdf
[2014/05/06 16:39:15 | 000,534,254 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Tillman revised note & sd.pdf
[2014/05/06 13:22:33 | 000,000,125 | ---- | M] () -- C:\Windows\SetScan.ini
[2014/05/06 10:04:49 | 000,313,256 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/05/06 10:04:49 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/05/06 10:04:49 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/05/06 10:04:49 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/05/06 09:06:37 | 000,005,432 | ---- | M] () -- C:\Windows\pixcache.ini
[2014/05/05 23:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/05 22:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/05 16:54:47 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Standard.lnk
[2014/05/05 16:15:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2014/05/05 16:12:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2014/05/05 15:02:39 | 000,013,839 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141000.pdf
[2014/05/05 14:53:30 | 000,001,534 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\Landtech XML.lnk
[2014/05/05 14:52:53 | 000,204,800 | ---- | M] (Landtech Data Corporation) -- C:\Windows\SysWow64\ltwpvsw.DLL
[2014/05/05 14:52:53 | 000,065,536 | ---- | M] (Landtech Data Corp.) -- C:\Windows\SysWow64\LTWNode.exe
[2014/05/05 14:44:31 | 000,000,519 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2014/05/05 14:44:25 | 000,002,781 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
[2014/05/05 11:17:49 | 000,000,580 | ---- | M] () -- C:\Users\Public\Desktop\Medlin Accounting.lnk
[2014/05/05 10:24:34 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Deluxe 2014.lnk
[2014/05/05 10:24:31 | 000,000,126 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2014/05/03 16:21:08 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/03 16:10:33 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2014/05/03 15:41:59 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/05/03 13:38:12 | 000,061,678 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Roaming\PFP120JPR.{PB
[2014/05/03 13:38:12 | 000,012,358 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Roaming\PFP120JCM.{PB
[2014/05/03 13:17:14 | 000,002,607 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\WordPerfect.lnk
[2014/05/02 15:31:58 | 000,001,409 | ---- | M] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/02 15:15:22 | 000,041,450 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/05/02 15:15:22 | 000,041,450 | ---- | M] () -- C:\Windows\SysNative\license.rtf

**brchapman** · 2014-05-27, 16:19

========== Files Created - No Company Name ==========

[2014/05/27 09:25:05 | 001,440,846 | ---- | C] () -- C:\Program Files (x86)\mbam-chameleon-1.62.1.1000.zip
[2014/05/25 11:49:58 | 000,004,447 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\attach.zip
[2014/05/25 11:38:01 | 000,000,512 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\MBR.dat
[2014/05/25 10:52:48 | 000,004,315 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\attach.rar
[2014/05/25 10:37:03 | 000,001,159 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/05/25 10:36:53 | 000,000,960 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\ERUNT.lnk
[2014/05/23 09:46:30 | 000,201,978 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 PRELIMINARY HUD.pdf
[2014/05/23 07:52:39 | 000,033,334 | ---- | C] () -- C:\ProgramData\1400845954.bdinstall.bin
[2014/05/23 07:52:03 | 000,000,189 | ---- | C] () -- C:\ProgramData\1400845920.2208.bin
[2014/05/23 07:52:02 | 000,002,061 | ---- | C] () -- C:\ProgramData\1400845920.2284.bin
[2014/05/23 07:52:00 | 000,039,641 | ---- | C] () -- C:\ProgramData\1400845920.2200.bin
[2014/05/23 07:48:44 | 624,028,561 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/05/23 07:43:56 | 000,000,965 | ---- | C] () -- C:\ProgramData\1400845426.13472.bin
[2014/05/23 07:43:55 | 000,002,062 | ---- | C] () -- C:\ProgramData\1400845426.13672.bin
[2014/05/23 07:43:46 | 000,043,785 | ---- | C] () -- C:\ProgramData\1400845426.14224.bin
[2014/05/23 07:42:32 | 000,044,557 | ---- | C] () -- C:\ProgramData\1400845313.bdinstall.bin
[2014/05/22 15:48:57 | 000,042,188 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141050 revised contract.pdf
[2014/05/22 15:20:41 | 000,103,981 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141050 signed contract.pdf
[2014/05/22 13:22:39 | 000,051,706 | ---- | C] () -- C:\Windows\SysWow64\bddel.dat
[2014/05/22 13:12:59 | 000,202,050 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141042 REVISED HUD.pdf
[2014/05/21 15:00:00 | 000,017,064 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Martinez legal description.pdf
[2014/05/20 11:11:14 | 000,024,389 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141042 preliminary HUD.pdf
[2014/05/20 09:17:02 | 000,166,076 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141049 HICKMAN ucc1.pdf
[2014/05/19 14:46:28 | 000,126,434 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141049 REVISED HUD.pdf
[2014/05/19 14:25:34 | 000,148,676 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141049 HUD & LEGAL DESCR.pdf
[2014/05/19 14:11:05 | 000,129,944 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141051 HUD.pdf
[2014/05/19 09:55:21 | 000,009,944 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Clayton Homes Invoice-Turbide.pdf
[2014/05/16 11:15:34 | 000,111,023 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Bunche Stree contract.pdf
[2014/05/15 11:40:19 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/05/15 11:40:19 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/05/15 11:40:19 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/05/15 11:40:16 | 000,001,446 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/05/15 11:40:16 | 000,001,434 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/05/15 11:36:51 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/05/14 14:43:14 | 000,129,908 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Wiggins hud.pdf
[2014/05/14 14:40:55 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2014/05/14 14:34:35 | 000,001,520 | ---- | C] () -- C:\Users\Public\Documents\AcStd7_1_0.ini
[2014/05/14 11:41:08 | 000,001,186 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/05/13 15:37:54 | 000,125,914 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141044 PREL HUD.pdf
[2014/05/13 12:25:15 | 000,144,192 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 tax cert and plat.pdf
[2014/05/13 11:38:10 | 034,209,792 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\CHAPMA11_20140505-2014-05-13.QDF-backup
[2014/05/13 10:04:35 | 000,000,000 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Local\{89B78C50-3F1E-4624-B5B6-B21F413891C7}
[2014/05/13 09:04:13 | 000,025,833 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Performance Monitor screen grab.gif
[2014/05/13 08:53:10 | 000,007,605 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Local\resmon.resmoncfg
[2014/05/12 16:39:10 | 000,255,875 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 commitment.pdf
[2014/05/12 16:26:00 | 000,010,295 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 commitment.wpd
[2014/05/12 16:21:54 | 000,002,380 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 DATA FILE.wpd
[2014/05/09 10:58:52 | 000,729,275 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141039 signed docs.pdf
[2014/05/09 10:41:30 | 000,015,330 | ---- | C] () -- C:\Users\Barry Chapman\Documents\WIRE INSTRUCTIONS REAL ESTATE TRUST ACCT.pdf
[2014/05/09 07:41:18 | 000,001,070 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2014/05/09 07:39:32 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2014/05/07 15:51:16 | 000,088,239 | ---- | C] () -- C:\Users\Barry Chapman\Documents\martin aff doc.pdf
[2014/05/07 15:43:46 | 002,744,977 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Gary Martin closing package.pdf
[2014/05/07 11:24:13 | 000,027,554 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141041 revised note.pdf
[2014/05/07 09:47:05 | 000,532,504 | ---- | C] () -- C:\Users\Barry Chapman\Documents\revised note and sd to change dates.pdf
[2014/05/07 09:16:15 | 000,024,895 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Old Republic Synovus letter.pdf
[2014/05/06 16:39:15 | 000,534,254 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Tillman revised note & sd.pdf
[2014/05/06 09:09:30 | 000,063,248 | ---- | C] () -- C:\Windows\SysWow64\picn1120.ssm
[2014/05/05 17:43:05 | 000,005,432 | ---- | C] () -- C:\Windows\pixcache.ini
[2014/05/05 16:54:47 | 000,002,501 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 Standard.lnk
[2014/05/05 16:54:47 | 000,002,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk
[2014/05/05 16:54:47 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Standard.lnk
[2014/05/05 16:15:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2014/05/05 16:12:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2014/05/05 14:53:30 | 000,001,534 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\Landtech XML.lnk
[2014/05/05 14:44:31 | 000,000,519 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2014/05/05 14:44:25 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
[2014/05/05 14:35:58 | 000,013,839 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141000.pdf
[2014/05/05 11:45:19 | 000,037,861 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\Comma Separated Values (Windows).ADR
[2014/05/05 10:49:21 | 000,000,580 | ---- | C] () -- C:\Users\Public\Desktop\Medlin Accounting.lnk
[2014/05/05 10:24:34 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2014.lnk
[2014/05/05 10:24:06 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2014/05/04 03:06:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/05/03 16:21:08 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/05/03 16:21:08 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/03 16:10:33 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2014/05/03 15:41:59 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/05/03 13:38:12 | 000,061,678 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\PFP120JPR.{PB
[2014/05/03 13:38:12 | 000,012,358 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\PFP120JCM.{PB
[2014/05/03 13:30:41 | 000,000,125 | ---- | C] () -- C:\Windows\SetScan.ini
[2014/05/03 13:17:14 | 000,002,607 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\WordPerfect.lnk
[2014/05/02 16:23:30 | 000,002,334 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/02 16:23:30 | 000,002,310 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/02 16:12:54 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/02 16:12:54 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/02 15:31:58 | 000,001,409 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/02 15:25:20 | 000,001,415 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/05/02 15:18:02 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2014/05/02 15:17:44 | 000,000,290 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/05/02 15:17:44 | 000,000,272 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/03/22 04:08:50 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2014/03/22 04:08:50 | 000,241,152 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/03/22 04:08:50 | 000,109,056 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2014/03/21 13:42:49 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/05/11 05:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2014/05/20 18:36:38 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/05/14 15:48:40 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\BitTorrent
[2014/05/03 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\Canon Electronics
[2014/05/16 08:33:26 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/05/20 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\ISIS Drivers
[2014/05/02 15:25:33 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\Leadertech
[2014/05/20 17:26:37 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\Opera Software
[2014/05/06 10:10:41 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\Oracle
[2014/05/04 18:11:07 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\PCDr
[2014/05/23 07:41:53 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\QuickScan
[2014/05/21 11:27:06 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\TuneUp Software
[2014/05/20 17:52:15 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\wi_upd

========== Purity Check ==========

< End of report >

**brchapman** · 2014-05-27, 16:22

Here's the Extras file:

OTL Extras logfile created on: 5/27/2014 9:56:00 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barry Chapman\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.92 Gb Total Physical Memory | 9.16 Gb Available Physical Memory | 76.88% Memory free
23.84 Gb Paging File | 20.92 Gb Available in Paging File | 87.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.06 Gb Total Space | 373.55 Gb Free Space | 84.69% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 445.11 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive Y: | 24.67 Gb Total Space | 14.20 Gb Free Space | 57.59% Space Free | Partition Type: NTFS

Computer Name: BARRYSNEW | User Name: Barry Chapman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-670280924-550259233-2201882432-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C52ADA-F7F9-4C6E-8A8C-B7D757FDE1C8}" = rport=139 | protocol=6 | dir=out | app=system |
"{1436ECE1-A3DD-418E-A644-45CC18276134}" = lport=138 | protocol=17 | dir=in | app=system |
"{17C1B1B9-D25B-4D53-A228-8C866A1D1950}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{1F103D52-7A68-4AFC-A054-736024F3DE01}" = rport=445 | protocol=6 | dir=out | app=system |
"{274EC9CA-17D5-4510-995F-88E1F8308B2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28835DB4-A842-4552-BB1B-C20952B4997C}" = rport=137 | protocol=17 | dir=out | app=system |
"{31ECFF31-BB3D-4F4F-8E2C-8C73729D595D}" = lport=445 | protocol=6 | dir=in | app=system |
"{35F63BE7-3F92-493F-BE2A-B20186805D7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{482EC901-06F0-42F9-8D75-4DB660E27BB8}" = lport=139 | protocol=6 | dir=in | app=system |
"{4BAEB164-45F5-470F-914D-AA854775D325}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{643526CF-0C7D-4415-B8A5-7C542C669EEC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7124136F-21DF-4A45-9B09-0A05B0BD3CD8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{739D16E0-F677-4D00-B6DA-3535CDC53409}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7B6370D6-66BA-48DB-A8C2-3088EDC10B85}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9A683F8C-9887-4778-85D1-B9B8883A0AAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A21435E0-E6D3-48EC-AF04-7C8070EA7EF9}" = rport=138 | protocol=17 | dir=out | app=system |
"{B4CB2CA9-7C40-4CC9-8253-D90D97C8C887}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C48234D7-891A-4D9D-B2E9-4F4DD768DB24}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEB04216-C143-4A2A-A49C-E47BA48E7965}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DDF4B81F-A96B-44E1-BA69-1831B13B3F12}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DEFD6B7B-A25B-40CA-9572-FE88207F3F07}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E989FE69-824C-42F4-9E6C-08FF10736834}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FC292D5D-EEFA-40B5-B321-6535751BAA51}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055617C7-03EE-484A-9A82-D0789938FDA3}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{0D3E3C34-4E49-489B-9837-50DAB01372E4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{0DEFBA21-4454-40F7-BC90-141CC1336E86}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{231B8FAF-4B97-4B50-B1FA-63EBA70C1099}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{2AAFEFB9-7709-40C9-80F9-7C6D63B0A534}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4581E7DF-A984-401A-B3A5-7C7327829A8C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{75E438DD-8712-4F85-877D-0A523FDCF490}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{88DAD500-42FF-4B70-A936-B13D30BE0046}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9753A171-9CAD-43E3-BB7D-0DFB0E8DFD9F}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{9B0FB172-671C-414A-A7B5-541E19590F2B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AC19239E-4510-4EE5-85DB-AE73D8C9B5EE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{AE27E0CE-50D8-43C5-8C57-8C93E6EEDF11}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B5B977D8-6974-4C23-860E-C3FC7BEB3005}" = protocol=6 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
"{B795DAD7-7A2E-4D16-8735-9B738EB44B1C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{D56B5BE7-7A4E-4BE0-A14D-C1CC827EEC1A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E460D64D-919E-4249-8D41-3C6852BFE71D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EDA06360-7C81-46FE-A770-6E9E7CDB145E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{F27AD313-9A3D-4ECF-B55F-19283A2D5D79}" = protocol=17 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
"{F6BC580B-F650-4281-AE30-186F8E6FEEBB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{B2E66777-48E3-4496-9EE4-9C7E14F334DA}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
"UDP Query User{F2DF2244-2D79-4418-9951-E2F3E894BF88}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8B7B39-179F-47F8-A7AC-63D9C433A567}" = Intel(R) Rapid Storage Technology
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{26A24AE4-039D-4CA4-87B4-2F86417055FF}" = Java 7 Update 55 (64-bit)
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A1F2E701-F148-4359-84CF-4CDA51FDF55F}" = VmciSockets
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F7A70D00-F283-45C8-B163-49EC365D7E27}" = DSC/AA Factory Installer
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"PC-Doctor for Windows" = My Dell

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A9F528-A754-460F-B2C1-AC125A147114}" = Dell Digital Delivery
"{0877F595-254F-45F4-991D-3F72E86B17CE}" = Quicken 2014
"{09AAA659-ACF9-47B3-B362-C216693C7A11}" = Canon DR-2580C Driver
"{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 SP3 Workgroup (32-bit)
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1BBE4C53-634B-44B3-8693-314ED6260557}" = Adobe Flash Player 13 ActiveX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{50600275-223D-455E-959E-DCA40A037B7B}" = CapturePerfect 3.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A79B3745-665C-11D6-AF01-0010B5A02D6F}" = Kyocera Address Book for Network FAX
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-1033-F400-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) MUI
"{ADEE751B-09AE-4DA7-9658-DCF90E8F9ED7}" = Adobe Flash Player 13 Plugin
"{AEB719FD-EDB0-43E9-B524-90F97C1E6499}" = System Update kb70007
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AF809A35-F15C-47EC-B21A-E1A62D4FC7DC}" = CapturePerfect 3.0 Help & Manual
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}" = Google+ Auto Backup
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"Adobe Acrobat 7.0 Standard - EFG - V" = Adobe Acrobat 7.1.4 Standard - English, Français, Deutsch
"Adobe Acrobat 7.0 Standard - EFG - V_714" = Adobe Acrobat 7.1.4 - CPSID_50030
"Adobe Acrobat 7.0 Standard - English, Français, Deutsch - V" = Adobe Acrobat 7.1.2 Standard - English, Français, Deutsch
"Backblaze" = Backblaze
"DR-2580C Driver" = Canon DR-2580C Driver
"DR-2580C Job Tool" = DR-2580C Job Tool
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Medlin Accounting Shareware_is1" = Medlin Accounting
"Medlin Payroll_is1" = Medlin Payroll
"Mozilla Firefox 29.0 (x86 en-US)" = Mozilla Firefox 29.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee LiveSafe – Internet Security
"Office14.STANDARD" = Microsoft Office Standard 2010
"Picasa 3" = Picasa 3
"VMware_Player" = VMware Player
"WinRAR archiver" = WinRAR 5.00 (32-bit)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/27/2014 7:46:46 AM | Computer Name = BarrysNew | Source = Chrome | ID = 1
Description =

Error - 5/27/2014 7:47:02 AM | Computer Name = BarrysNew | Source = Chrome | ID = 1
Description =

Error - 5/27/2014 7:47:18 AM | Computer Name = BarrysNew | Source = Chrome | ID = 1
Description =

Error - 5/27/2014 7:59:08 AM | Computer Name = BarrysNew | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.500, time stamp:
0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id:
0x5a4 Faulting application start time: 0x01cf79a3075d351d Faulting application path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 4e692b12-e596-11e3-b064-afc890ab93b6

Error - 5/27/2014 8:00:05 AM | Computer Name = BarrysNew | Source = WinMgmt | ID = 10
Description =

Error - 5/27/2014 8:00:34 AM | Computer Name = BarrysNew | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.500, time stamp:
0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id:
0x78c Faulting application start time: 0x01cf79a33aec636d Faulting application path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 81a76a98-e596-11e3-b064-afc890ab93b6

Error - 5/27/2014 8:53:40 AM | Computer Name = BarrysNew | Source = WinMgmt | ID = 10
Description =

Error - 5/27/2014 8:55:00 AM | Computer Name = BarrysNew | Source = MsiInstaller | ID = 11311
Description =

Error - 5/27/2014 9:05:45 AM | Computer Name = BarrysNew | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id:
0xaa0 Faulting application start time: 0x01cf79ac5d6a265d Faulting application path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 9c92df27-e59f-11e3-848b-142d271ccbca

Error - 5/27/2014 9:22:29 AM | Computer Name = BarrysNew | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id:
0x2a38 Faulting application start time: 0x01cf79aeb489ed46 Faulting application path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: f36c9b59-e5a1-11e3-848b-142d271ccbca

[ Media Center Events ]
Error - 5/25/2014 7:58:00 AM | Computer Name = BarrysNew | Source = MCUpdate | ID = 0
Description = 7:58:00 AM - Error connecting to the internet. 7:58:00 AM - Unable
to contact server..

Error - 5/25/2014 7:58:27 AM | Computer Name = BarrysNew | Source = MCUpdate | ID = 0
Description = 7:58:09 AM - Error connecting to the internet. 7:58:09 AM - Unable
to contact server..

[ System Events ]
Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 8:02:32 AM | Computer Name = BarrysNew | Source = DCOM | ID = 10005
Description =

Error - 5/27/2014 8:02:32 AM | Computer Name = BarrysNew | Source = DCOM | ID = 10005
Description =

< End of report >

**ken545** · 2014-05-27, 17:05

It looks like that proxy is going through China

Are you having problems with Windows Updates ?

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118
IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118
FF - prefs.js..network.proxy.type: 1user_pref("network.proxy.http", "127.0.0.1");user_pref("network.proxy.http_port", 8118);user_pref("network.proxy.ssl", "127.0.0.1");user_pref("network.proxy.ssl_port", 8118);
[2014/05/14 15:56:04 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\IdleCrawler
[2014/05/14 15:48:24 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\BitTorrent
[2014/05/15 12:49:03 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140515-143825.backup



:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA] 
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Then run a new scan with OTL and post the new log please

**brchapman** · 2014-05-27, 17:51

Here's the post boot log. On the re-scan do you want to scan as before, i.e. all users, minimum output, etc.?

OTL Extras logfile created on: 5/27/2014 9:56:00 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barry Chapman\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.92 Gb Total Physical Memory | 9.16 Gb Available Physical Memory | 76.88% Memory free
23.84 Gb Paging File | 20.92 Gb Available in Paging File | 87.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.06 Gb Total Space | 373.55 Gb Free Space | 84.69% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 445.11 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive Y: | 24.67 Gb Total Space | 14.20 Gb Free Space | 57.59% Space Free | Partition Type: NTFS

Computer Name: BARRYSNEW | User Name: Barry Chapman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-670280924-550259233-2201882432-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C52ADA-F7F9-4C6E-8A8C-B7D757FDE1C8}" = rport=139 | protocol=6 | dir=out | app=system |
"{1436ECE1-A3DD-418E-A644-45CC18276134}" = lport=138 | protocol=17 | dir=in | app=system |
"{17C1B1B9-D25B-4D53-A228-8C866A1D1950}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{1F103D52-7A68-4AFC-A054-736024F3DE01}" = rport=445 | protocol=6 | dir=out | app=system |
"{274EC9CA-17D5-4510-995F-88E1F8308B2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28835DB4-A842-4552-BB1B-C20952B4997C}" = rport=137 | protocol=17 | dir=out | app=system |
"{31ECFF31-BB3D-4F4F-8E2C-8C73729D595D}" = lport=445 | protocol=6 | dir=in | app=system |
"{35F63BE7-3F92-493F-BE2A-B20186805D7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{482EC901-06F0-42F9-8D75-4DB660E27BB8}" = lport=139 | protocol=6 | dir=in | app=system |
"{4BAEB164-45F5-470F-914D-AA854775D325}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{643526CF-0C7D-4415-B8A5-7C542C669EEC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7124136F-21DF-4A45-9B09-0A05B0BD3CD8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{739D16E0-F677-4D00-B6DA-3535CDC53409}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7B6370D6-66BA-48DB-A8C2-3088EDC10B85}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9A683F8C-9887-4778-85D1-B9B8883A0AAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A21435E0-E6D3-48EC-AF04-7C8070EA7EF9}" = rport=138 | protocol=17 | dir=out | app=system |
"{B4CB2CA9-7C40-4CC9-8253-D90D97C8C887}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C48234D7-891A-4D9D-B2E9-4F4DD768DB24}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEB04216-C143-4A2A-A49C-E47BA48E7965}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DDF4B81F-A96B-44E1-BA69-1831B13B3F12}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DEFD6B7B-A25B-40CA-9572-FE88207F3F07}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E989FE69-824C-42F4-9E6C-08FF10736834}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FC292D5D-EEFA-40B5-B321-6535751BAA51}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055617C7-03EE-484A-9A82-D0789938FDA3}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{0D3E3C34-4E49-489B-9837-50DAB01372E4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{0DEFBA21-4454-40F7-BC90-141CC1336E86}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{231B8FAF-4B97-4B50-B1FA-63EBA70C1099}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{2AAFEFB9-7709-40C9-80F9-7C6D63B0A534}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4581E7DF-A984-401A-B3A5-7C7327829A8C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{75E438DD-8712-4F85-877D-0A523FDCF490}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{88DAD500-42FF-4B70-A936-B13D30BE0046}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9753A171-9CAD-43E3-BB7D-0DFB0E8DFD9F}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{9B0FB172-671C-414A-A7B5-541E19590F2B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AC19239E-4510-4EE5-85DB-AE73D8C9B5EE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{AE27E0CE-50D8-43C5-8C57-8C93E6EEDF11}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B5B977D8-6974-4C23-860E-C3FC7BEB3005}" = protocol=6 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
"{B795DAD7-7A2E-4D16-8735-9B738EB44B1C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{D56B5BE7-7A4E-4BE0-A14D-C1CC827EEC1A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E460D64D-919E-4249-8D41-3C6852BFE71D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EDA06360-7C81-46FE-A770-6E9E7CDB145E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{F27AD313-9A3D-4ECF-B55F-19283A2D5D79}" = protocol=17 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
"{F6BC580B-F650-4281-AE30-186F8E6FEEBB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{B2E66777-48E3-4496-9EE4-9C7E14F334DA}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
"UDP Query User{F2DF2244-2D79-4418-9951-E2F3E894BF88}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8B7B39-179F-47F8-A7AC-63D9C433A567}" = Intel(R) Rapid Storage Technology
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{26A24AE4-039D-4CA4-87B4-2F86417055FF}" = Java 7 Update 55 (64-bit)
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A1F2E701-F148-4359-84CF-4CDA51FDF55F}" = VmciSockets
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F7A70D00-F283-45C8-B163-49EC365D7E27}" = DSC/AA Factory Installer
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"PC-Doctor for Windows" = My Dell

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A9F528-A754-460F-B2C1-AC125A147114}" = Dell Digital Delivery
"{0877F595-254F-45F4-991D-3F72E86B17CE}" = Quicken 2014
"{09AAA659-ACF9-47B3-B362-C216693C7A11}" = Canon DR-2580C Driver
"{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 SP3 Workgroup (32-bit)
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1BBE4C53-634B-44B3-8693-314ED6260557}" = Adobe Flash Player 13 ActiveX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{50600275-223D-455E-959E-DCA40A037B7B}" = CapturePerfect 3.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A79B3745-665C-11D6-AF01-0010B5A02D6F}" = Kyocera Address Book for Network FAX
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-1033-F400-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) MUI
"{ADEE751B-09AE-4DA7-9658-DCF90E8F9ED7}" = Adobe Flash Player 13 Plugin
"{AEB719FD-EDB0-43E9-B524-90F97C1E6499}" = System Update kb70007
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AF809A35-F15C-47EC-B21A-E1A62D4FC7DC}" = CapturePerfect 3.0 Help & Manual
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}" = Google+ Auto Backup
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"Adobe Acrobat 7.0 Standard - EFG - V" = Adobe Acrobat 7.1.4 Standard - English, Français, Deutsch
"Adobe Acrobat 7.0 Standard - EFG - V_714" = Adobe Acrobat 7.1.4 - CPSID_50030
"Adobe Acrobat 7.0 Standard - English, Français, Deutsch - V" = Adobe Acrobat 7.1.2 Standard - English, Français, Deutsch
"Backblaze" = Backblaze
"DR-2580C Driver" = Canon DR-2580C Driver
"DR-2580C Job Tool" = DR-2580C Job Tool
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Medlin Accounting Shareware_is1" = Medlin Accounting
"Medlin Payroll_is1" = Medlin Payroll
"Mozilla Firefox 29.0 (x86 en-US)" = Mozilla Firefox 29.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee LiveSafe – Internet Security
"Office14.STANDARD" = Microsoft Office Standard 2010
"Picasa 3" = Picasa 3
"VMware_Player" = VMware Player
"WinRAR archiver" = WinRAR 5.00 (32-bit)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/27/2014 7:46:46 AM | Computer Name = BarrysNew | Source = Chrome | ID = 1
Description =

Error - 5/27/2014 7:47:02 AM | Computer Name = BarrysNew | Source = Chrome | ID = 1
Description =

Error - 5/27/2014 7:47:18 AM | Computer Name = BarrysNew | Source = Chrome | ID = 1
Description =

Error - 5/27/2014 7:59:08 AM | Computer Name = BarrysNew | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.500, time stamp:
0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id:
0x5a4 Faulting application start time: 0x01cf79a3075d351d Faulting application path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 4e692b12-e596-11e3-b064-afc890ab93b6

Error - 5/27/2014 8:00:05 AM | Computer Name = BarrysNew | Source = WinMgmt | ID = 10
Description =

Error - 5/27/2014 8:00:34 AM | Computer Name = BarrysNew | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.500, time stamp:
0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id:
0x78c Faulting application start time: 0x01cf79a33aec636d Faulting application path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 81a76a98-e596-11e3-b064-afc890ab93b6

Error - 5/27/2014 8:53:40 AM | Computer Name = BarrysNew | Source = WinMgmt | ID = 10
Description =

Error - 5/27/2014 8:55:00 AM | Computer Name = BarrysNew | Source = MsiInstaller | ID = 11311
Description =

Error - 5/27/2014 9:05:45 AM | Computer Name = BarrysNew | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id:
0xaa0 Faulting application start time: 0x01cf79ac5d6a265d Faulting application path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 9c92df27-e59f-11e3-848b-142d271ccbca

Error - 5/27/2014 9:22:29 AM | Computer Name = BarrysNew | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id:
0x2a38 Faulting application start time: 0x01cf79aeb489ed46 Faulting application path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: f36c9b59-e5a1-11e3-848b-142d271ccbca

[ Media Center Events ]
Error - 5/25/2014 7:58:00 AM | Computer Name = BarrysNew | Source = MCUpdate | ID = 0
Description = 7:58:00 AM - Error connecting to the internet. 7:58:00 AM - Unable
to contact server..

Error - 5/25/2014 7:58:27 AM | Computer Name = BarrysNew | Source = MCUpdate | ID = 0
Description = 7:58:09 AM - Error connecting to the internet. 7:58:09 AM - Unable
to contact server..

[ System Events ]
Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 8:02:32 AM | Computer Name = BarrysNew | Source = DCOM | ID = 10005
Description =

Error - 5/27/2014 8:02:32 AM | Computer Name = BarrysNew | Source = DCOM | ID = 10005
Description =

< End of report >

**brchapman** · 2014-05-27, 18:00

Here's the new OTL scan, do you want the extras also?

OTL logfile created on: 5/27/2014 11:46:27 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barry Chapman\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.92 Gb Total Physical Memory | 8.88 Gb Available Physical Memory | 74.49% Memory free
23.84 Gb Paging File | 20.66 Gb Available in Paging File | 86.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.06 Gb Total Space | 374.01 Gb Free Space | 84.80% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 445.11 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive Y: | 24.67 Gb Total Space | 14.20 Gb Free Space | 57.59% Space Free | Partition Type: NTFS

Computer Name: BARRYSNEW | User Name: Barry Chapman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Barry Chapman\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Backblaze\bzbui.exe ()
PRC - C:\Program Files (x86)\Backblaze\bzserv.exe ()
PRC - C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks SAS)
PRC - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe (Pervasive Software Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Backblaze\bzbui.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\d7a1bbd56dc15a29c2450b177f9468d7\System.Net.Http.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\0bedc417d3c5dcb1c9a5f15dd733c556\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll ()
MOD - C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (McAPExe) -- C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (mfecore) -- C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcpltsvc) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv2) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (HomeNetSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (Intel(R) -- c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (Intel(R) -- c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (McAWFwk) -- c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe (McAfee, Inc.)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (bzserv) -- C:\Program Files (x86)\Backblaze\bzserv.exe ()
SRV - (SystemUpdatekb70007) -- C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SftService) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks SAS)
SRV - (DellDigitalDelivery) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Windows (R) Win 7 DDK provider)
SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (mfencrk) -- C:\Windows\SysNative\drivers\mfencrk.sys (McAfee, Inc.)
DRV:64bit: - (mfencbdc) -- C:\Windows\SysNative\drivers\mfencbdc.sys (McAfee, Inc.)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (usbscan) -- C:\Windows\SysWOW64\drivers\usbscan.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D81273E4-7658-47B6-8075-3D404C64D87C}
IE:64bit: - HKLM\..\SearchScopes\{D81273E4-7658-47B6-8075-3D404C64D87C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D81273E4-7658-47B6-8075-3D404C64D87C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - prefs.js..network.proxy.type: 1user_pref("network.proxy.http", "127.0.0.1");user_pref("network.proxy.http_port", 8118);user_pref("network.proxy.ssl", "127.0.0.1");user_pref("network.proxy.ssl_port", 8118);
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2014/05/25 10:10:50 | 000,000,000 | ---D | M]

[2014/05/03 16:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barry Chapman\AppData\Roaming\Mozilla\Extensions
[2014/05/03 16:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barry Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\76t9nm76.default\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_1\
CHR - Extension: Google Drive = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google Wallet = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/05/27 11:23:37 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-670280924-550259233-2201882432-1000..\Run: [Backblaze] C:\Program Files (x86)\Backblaze\bzbui.exe ()
O4 - HKU\S-1-5-21-670280924-550259233-2201882432-1000..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 205.152.144.23 205.152.132.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52E3D270-9F67-475E-B16A-1D6443366E50}: DhcpNameServer = 8.8.8.8 8.8.4.4 205.152.144.23 205.152.132.23
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/15 20:52:18 | 000,000,080 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/27 11:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/05/27 11:30:46 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/05/27 11:23:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/27 09:18:51 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2014/05/26 10:19:40 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/25 10:38:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/05/25 10:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/05/25 10:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/05/23 08:25:39 | 000,000,000 | ---D | C] -- C:\New folder
[2014/05/23 07:48:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/05/23 07:41:53 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\QuickScan
[2014/05/22 16:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/22 15:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2014/05/22 15:35:36 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/22 15:35:22 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/22 15:35:22 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/22 15:35:22 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/22 15:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/05/22 10:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot
[2014/05/21 11:27:06 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\TuneUp Software
[2014/05/21 11:16:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/05/21 11:16:29 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\MFAData
[2014/05/21 11:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/05/20 14:53:08 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Norman Malware Cleaner
[2014/05/20 12:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/05/19 16:42:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/19 10:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014/05/19 10:20:13 | 000,000,000 | ---D | C] -- C:\Adobe XI Pro
[2014/05/19 08:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/05/19 07:54:08 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\ProcAlyzer Dumps
[2014/05/16 10:51:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\CrashDumps
[2014/05/16 09:39:50 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\SUPERAntiSpyware.com
[2014/05/16 09:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/05/16 08:33:26 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/05/16 08:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2014/05/16 08:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/05/15 11:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/05/15 11:40:14 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/05/15 11:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/05/15 11:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/05/15 03:25:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Virtual Machines
[2014/05/15 03:06:09 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/15 03:06:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/14 16:16:31 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\PDF24
[2014/05/14 15:56:37 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft
[2014/05/14 15:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSR
[2014/05/14 15:54:30 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\wi_upd
[2014/05/14 11:56:55 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\Outlook Files
[2014/05/14 10:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2014/05/14 10:25:54 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2014/05/14 10:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/05/14 10:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2014/05/14 10:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/05/14 10:20:23 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014/05/14 08:30:28 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Secunia PSI
[2014/05/14 08:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2014/05/14 05:44:33 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/14 05:44:33 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/14 05:44:11 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/14 05:44:11 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/14 05:44:10 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/14 05:44:10 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/14 05:44:10 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/14 05:44:10 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/14 05:44:10 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/14 05:44:10 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/14 05:44:09 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/14 05:44:09 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/14 05:44:09 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/14 05:44:09 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/14 05:44:09 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/14 05:44:09 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/14 05:44:09 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/14 05:44:09 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/14 05:44:09 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/14 05:44:09 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/14 05:44:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/14 05:44:09 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/14 05:44:09 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/14 05:44:08 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/14 05:44:08 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/13 12:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backblaze
[2014/05/13 12:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Backblaze
[2014/05/13 12:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Backblaze
[2014/05/13 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\VMware
[2014/05/13 11:18:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/05/13 11:00:12 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\VMware
[2014/05/12 20:43:13 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\.asdm
[2014/05/12 20:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2014/05/12 13:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\My Lockbox
[2014/05/12 07:16:46 | 000,000,000 | -H-D | C] -- C:\.bzvol
[2014/05/09 11:38:06 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\CCWin
[2014/05/09 07:41:14 | 000,063,568 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2014/05/09 07:40:35 | 000,354,896 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2014/05/09 07:40:33 | 000,434,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2014/05/09 07:40:32 | 000,030,800 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2014/05/09 07:40:26 | 000,943,184 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2014/05/09 07:39:45 | 000,033,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2014/05/09 07:39:43 | 000,039,024 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2014/05/09 07:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2014/05/09 07:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2014/05/09 07:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2014/05/09 07:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2014/05/09 07:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2014/05/07 09:42:51 | 000,231,552 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXDFLT.DLL
[2014/05/07 09:42:51 | 000,102,672 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXTIFFN.DLL
[2014/05/07 09:42:51 | 000,049,424 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXTHK32.DLL
[2014/05/07 09:42:51 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXSLN.DLL
[2014/05/07 09:42:51 | 000,023,152 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXPERM.DLL
[2014/05/07 09:42:51 | 000,016,048 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXLOC.DLL
[2014/05/07 09:42:51 | 000,011,968 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\SysWow64\PIXMDLLC.CPL
[2014/05/07 09:42:51 | 000,006,416 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXTHK16.DLL
[2014/05/07 09:42:50 | 000,209,168 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXNOTEN.DLL
[2014/05/07 09:42:50 | 000,074,000 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXNAMEN.DLL
[2014/05/07 09:42:50 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXRAMN.DLL
[2014/05/07 09:42:50 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXPANN.DLL
[2014/05/07 09:42:50 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXMPN.DLL
[2014/05/07 09:42:50 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXMDLGN.DLL
[2014/05/07 09:42:49 | 000,753,936 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXANNOT.DLL
[2014/05/07 09:42:49 | 000,463,120 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXJP2K.DLL
[2014/05/07 09:42:49 | 000,327,680 | ---- | C] (The University of New South Wales) -- C:\Windows\SysWow64\PIXJP2KI.DLL
[2014/05/07 09:42:49 | 000,119,056 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXJBGN.DLL
[2014/05/07 09:42:49 | 000,094,480 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXAPS.DLL
[2014/05/07 09:42:49 | 000,069,904 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXDLGN.DLL
[2014/05/07 09:42:49 | 000,057,616 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXLZWN.DLL
[2014/05/07 09:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon Electronics
[2014/05/07 09:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CapturePerfect 3.1
[2014/05/06 16:16:12 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\ElevatedDiagnostics
[2014/05/06 15:56:54 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\My Documents from old
[2014/05/06 13:18:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/05/06 13:12:58 | 000,152,576 | ---- | C] (Canon Electronics) -- C:\Windows\SysNative\DR25SVC.dll
[2014/05/06 13:12:46 | 000,491,792 | ---- | C] (Captiva Software Corp.) -- C:\Windows\SysWow64\qd1.dll
[2014/05/06 10:10:41 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Oracle
[2014/05/06 10:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/05/06 10:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/05/06 10:05:04 | 000,313,256 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/05/06 10:04:56 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/05/06 10:04:56 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/05/06 10:04:56 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/05/06 10:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/05/06 10:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/05/06 09:31:13 | 000,233,744 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXMDLN.DLL
[2014/05/06 09:09:30 | 000,200,704 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\twpix32.dll
[2014/05/06 09:09:30 | 000,098,304 | ---- | C] (Cornerstone Imaging, Inc.) -- C:\Windows\SysWow64\Wiaext32.dll
[2014/05/06 09:09:30 | 000,023,152 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\System\Pixperm.dll
[2014/05/06 09:09:30 | 000,021,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\Ctl3d.dll
[2014/05/06 09:09:30 | 000,016,064 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\System\Pixloc.dll
[2014/05/06 09:09:29 | 000,231,552 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\System\Pixdflt.dll
[2014/05/06 09:06:37 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\ISIS Drivers
[2014/05/06 09:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ISIS Drivers
[2014/05/06 09:05:28 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Desktop\CapturePerfect 3.0
[2014/05/06 08:51:55 | 000,000,000 | ---D | C] -- C:\DR Scanner
[2014/05/06 08:43:03 | 000,000,000 | ---D | C] -- C:\DR2580C
[2014/05/06 08:37:30 | 000,096,768 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysNative\DR25CPL.dll
[2014/05/06 08:37:30 | 000,083,456 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysNative\CeiUSB64.dll
[2014/05/06 07:52:59 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/06 07:29:31 | 000,000,000 | ---D | C] -- C:\CapturePerfect Upgrade
[2014/05/06 03:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2014/05/05 17:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon DR-2580C
[2014/05/05 16:56:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\AdobeUM
[2014/05/05 16:53:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2014/05/05 16:53:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2014/05/05 16:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/05/05 16:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/05/05 16:24:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/05/05 16:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2014/05/05 16:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2014/05/05 15:50:08 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver
[2014/05/05 14:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landtech XML
[2014/05/05 14:52:53 | 000,204,800 | ---- | C] (Landtech Data Corporation) -- C:\Windows\SysWow64\ltwpvsw.DLL
[2014/05/05 14:52:53 | 000,065,536 | ---- | C] (Landtech Data Corp.) -- C:\Windows\SysWow64\LTWNode.exe
[2014/05/05 14:52:53 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Landtech XML
[2014/05/05 14:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Pervasive Software
[2014/05/05 14:44:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pervasive Software
[2014/05/05 14:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pervasive
[2014/05/05 14:22:07 | 000,000,000 | ---D | C] -- C:\LTAPPS
[2014/05/05 14:18:46 | 000,000,000 | ---D | C] -- C:\Wages
[2014/05/05 14:07:17 | 000,169,600 | ---- | C] (Wintertree Software Inc.) -- C:\Windows\SysWow64\WSpell.ocx
[2014/05/05 12:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WP-64
[2014/05/05 12:22:16 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Help
[2014/05/05 12:22:16 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Help
[2014/05/05 11:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/05/05 10:49:21 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvbvm50.dll
[2014/05/05 10:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medlin Accounting
[2014/05/05 10:49:20 | 000,000,000 | ---D | C] -- C:\MWACCT
[2014/05/05 10:49:04 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Programs
[2014/05/05 10:40:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\QuickenWindow
[2014/05/05 10:36:26 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\IsolatedStorage
[2014/05/05 10:28:28 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\Quicken
[2014/05/05 10:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2014/05/05 10:24:39 | 004,169,728 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll

**brchapman** · 2014-05-27, 18:03

[2014/05/05 10:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2014
[2014/05/05 10:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2014/05/05 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken
[2014/05/05 10:24:08 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Intuit
[2014/05/05 10:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2014/05/05 10:13:09 | 000,000,000 | ---D | C] -- C:\Quicken 2014
[2014/05/05 09:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2014/05/05 08:58:28 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\EmieUserList
[2014/05/05 08:58:28 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\EmieSiteList
[2014/05/05 03:10:48 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/05 03:10:48 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/05 03:10:46 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/05 03:10:43 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/05 03:10:43 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/05 03:10:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/05 03:10:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/05 03:10:42 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/05 03:10:42 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/05 03:10:42 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/05 03:10:42 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/05 03:10:42 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/05 03:10:42 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/05 03:10:41 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/05 03:10:41 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/05 03:10:41 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/05 03:10:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/05 03:10:41 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/05 03:10:41 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/05 03:10:39 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/05/05 03:10:39 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/05 03:10:39 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/05 03:10:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/05 03:10:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/05 03:10:38 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/05 03:10:38 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/05 03:10:37 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/05 03:10:36 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/05 03:10:35 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/04 03:37:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2014/05/04 03:37:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2014/05/04 03:17:29 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/05/04 03:06:18 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2014/05/04 03:06:18 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2014/05/04 03:06:18 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2014/05/04 03:06:18 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2014/05/03 16:58:30 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2014/05/03 16:58:30 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2014/05/03 16:58:24 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/05/03 16:58:24 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/05/03 16:58:23 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/05/03 16:58:23 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/05/03 16:58:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/05/03 16:58:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/05/03 16:55:43 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/05/03 16:55:43 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/05/03 16:55:42 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/05/03 16:55:42 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/05/03 16:55:42 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/05/03 16:55:42 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/05/03 16:55:42 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/05/03 16:55:42 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/05/03 16:55:42 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/05/03 16:55:42 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/05/03 16:55:42 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/05/03 16:55:42 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/05/03 16:55:42 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/05/03 16:55:42 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/05/03 16:55:42 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/05/03 16:55:42 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/05/03 16:55:42 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/05/03 16:55:35 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/05/03 16:55:35 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/05/03 16:55:09 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/05/03 16:55:09 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/05/03 16:53:46 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/05/03 16:53:44 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/05/03 16:53:44 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/05/03 16:53:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/05/03 16:53:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/05/03 16:53:38 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/05/03 16:53:38 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/05/03 16:53:37 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/05/03 16:53:37 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/05/03 16:53:37 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2014/05/03 16:53:37 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2014/05/03 16:53:36 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/05/03 16:53:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/05/03 16:53:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/05/03 16:53:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/05/03 16:53:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/05/03 16:53:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/05/03 16:53:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/05/03 16:53:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/05/03 16:53:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2014/05/03 16:53:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2014/05/03 16:53:30 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/05/03 16:46:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014/05/03 16:40:07 | 000,000,000 | ---D | C] -- C:\Office 2000
[2014/05/03 16:34:04 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Microsoft Help
[2014/05/03 16:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2014/05/03 16:26:05 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\WinRAR
[2014/05/03 16:23:38 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Macromedia
[2014/05/03 16:21:15 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Mozilla
[2014/05/03 16:21:15 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Mozilla
[2014/05/03 16:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/05/03 16:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/05/03 16:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/03 16:10:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/05/03 16:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/05/03 16:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2014/05/03 15:48:38 | 001,098,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wab32res.dll
[2014/05/03 15:48:38 | 000,886,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wab32.dll
[2014/05/03 15:40:56 | 000,000,000 | ---D | C] -- C:\Windows\Msagent
[2014/05/03 15:40:38 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft Web Folders
[2014/05/03 15:33:02 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftsrch.dll
[2014/05/03 15:33:02 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftsrch.dll
[2014/05/03 15:33:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx041e.dll
[2014/05/03 15:33:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx041e.dll
[2014/05/03 15:33:02 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx0411.dll
[2014/05/03 15:33:02 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx0411.dll
[2014/05/03 14:40:10 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Adobe
[2014/05/03 14:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\wp51
[2014/05/03 14:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FAX User Software
[2014/05/03 14:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kyocera
[2014/05/03 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Canon Electronics
[2014/05/03 13:38:36 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\Corel User Files
[2014/05/03 13:38:11 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Corel
[2014/05/03 13:31:52 | 000,021,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CTL3D.DLL
[2014/05/03 13:31:15 | 000,067,888 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysWow64\SuStiUtl.dll
[2014/05/03 13:30:43 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Desktop\Canon DR-2580C
[2014/05/03 13:30:41 | 000,106,496 | ---- | C] (Canon Electronics) -- C:\Windows\SysWow64\DR25SVC.dll
[2014/05/03 13:30:41 | 000,094,208 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysWow64\DR25CPL.dll
[2014/05/03 13:30:41 | 000,036,864 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysWow64\CeiUSB2.dll
[2014/05/03 13:30:41 | 000,014,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\usbscan.sys
[2014/05/03 13:30:38 | 000,180,224 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN1120.DLL
[2014/05/03 13:30:38 | 000,176,128 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN1520.DLL
[2014/05/03 13:30:38 | 000,114,688 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN1320.DLL
[2014/05/03 13:30:38 | 000,051,712 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN20.DLL
[2014/05/03 13:30:37 | 000,602,384 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\SysWow64\pixipdll.dll
[2014/05/03 13:30:37 | 000,155,648 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN1020.DLL
[2014/05/03 13:30:36 | 000,401,484 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msvcrtd.dll
[2014/05/03 13:30:36 | 000,221,456 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXDFLTN.DLL
[2014/05/03 13:30:36 | 000,074,000 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXLOCN.DLL
[2014/05/03 13:30:36 | 000,053,520 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXPERMN.DLL
[2014/05/03 13:30:36 | 000,000,000 | ---D | C] -- C:\Windows\PIXTRAN
[2014/05/03 13:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon Electronics
[2014/05/03 13:30:31 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2014/05/03 13:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office 12
[2014/05/03 13:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Borland Shared
[2014/05/03 13:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WordPerfect Office 12
[2014/05/03 13:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2014/05/03 12:01:21 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\PCDr
[2014/05/02 20:32:20 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/05/02 20:32:20 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/05/02 20:32:20 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/05/02 20:32:12 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/05/02 20:32:12 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/05/02 20:32:12 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/05/02 20:32:05 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/05/02 20:32:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/05/02 19:50:51 | 000,197,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2014/05/02 16:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/05/02 16:12:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/05/02 16:12:46 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Google
[2014/05/02 16:10:13 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Diagnostics
[2014/05/02 15:58:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Apps
[2014/05/02 15:58:32 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Deployment
[2014/05/02 15:45:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Opera Software
[2014/05/02 15:45:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Opera Software
[2014/05/02 15:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2014/05/02 15:42:10 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Macromedia
[2014/05/02 15:26:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Intel Corporation
[2014/05/02 15:25:54 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Dell
[2014/05/02 15:25:50 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\BMExplorer
[2014/05/02 15:25:49 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\Bluetooth Folder
[2014/05/02 15:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2014/05/02 15:25:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Leadertech
[2014/05/02 15:25:31 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Atheros
[2014/05/02 15:25:20 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Adobe
[2014/05/02 15:25:19 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/05/02 15:25:19 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Searches
[2014/05/02 15:25:19 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/05/02 15:25:19 | 000,000,000 | -H-D | C] -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/05/02 15:25:10 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Identities
[2014/05/02 15:25:08 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Contacts
[2014/05/02 15:25:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\VirtualStore
[2014/05/02 15:23:34 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\softthinks
[2014/05/02 15:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\softthinks
[2014/05/02 15:17:44 | 000,000,000 | --SD | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Videos
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Saved Games
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Pictures
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Music
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Links
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Favorites
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Downloads
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Documents
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Desktop
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\Temporary Internet Files
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Templates
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Start Menu
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\SendTo
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Recent
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\PrintHood
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\NetHood
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Documents\My Videos
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Documents\My Pictures
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Documents\My Music
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\My Documents
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Local Settings
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\History
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Cookies
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Application Data
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\Application Data
[2014/05/02 15:17:44 | 000,000,000 | -H-D | C] -- C:\Users\Barry Chapman\AppData
[2014/05/02 15:17:44 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Temp
[2014/05/02 15:17:44 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Microsoft
[2014/05/02 15:17:44 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2014/05/27 11:37:50 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/27 11:37:50 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/27 11:36:12 | 000,791,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/27 11:36:12 | 000,670,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/27 11:36:12 | 000,125,196 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/27 11:29:31 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/27 11:29:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/27 11:29:10 | 1008,427,006 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/27 11:23:37 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/05/27 11:07:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/27 10:55:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/27 10:44:00 | 000,219,894 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141042 revised hud 5-26.pdf
[2014/05/27 09:13:14 | 001,440,846 | ---- | M] () -- C:\Program Files (x86)\mbam-chameleon-1.62.1.1000.zip
[2014/05/25 11:49:58 | 000,004,447 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\attach.zip
[2014/05/25 11:38:01 | 000,000,512 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\MBR.dat
[2014/05/25 10:52:48 | 000,004,315 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\attach.rar
[2014/05/25 10:37:03 | 000,001,159 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/05/25 10:36:53 | 000,000,960 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\ERUNT.lnk
[2014/05/23 09:52:06 | 000,201,978 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 PRELIMINARY HUD.pdf
[2014/05/23 07:52:39 | 000,033,334 | ---- | M] () -- C:\ProgramData\1400845954.bdinstall.bin
[2014/05/23 07:52:28 | 000,000,189 | ---- | M] () -- C:\ProgramData\1400845920.2208.bin
[2014/05/23 07:52:24 | 000,002,061 | ---- | M] () -- C:\ProgramData\1400845920.2284.bin
[2014/05/23 07:52:14 | 000,039,641 | ---- | M] () -- C:\ProgramData\1400845920.2200.bin
[2014/05/23 07:48:44 | 624,028,561 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/05/23 07:44:29 | 000,000,965 | ---- | M] () -- C:\ProgramData\1400845426.13472.bin
[2014/05/23 07:44:27 | 000,043,785 | ---- | M] () -- C:\ProgramData\1400845426.14224.bin
[2014/05/23 07:44:03 | 000,002,062 | ---- | M] () -- C:\ProgramData\1400845426.13672.bin
[2014/05/23 07:42:32 | 000,044,557 | ---- | M] () -- C:\ProgramData\1400845313.bdinstall.bin
[2014/05/22 15:48:56 | 000,042,188 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141050 revised contract.pdf
[2014/05/22 15:35:06 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/22 15:35:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/22 15:35:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/22 15:35:06 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/22 15:20:40 | 000,103,981 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141050 signed contract.pdf
[2014/05/22 13:23:30 | 000,051,706 | ---- | M] () -- C:\Windows\SysWow64\bddel.dat
[2014/05/22 13:12:59 | 000,202,050 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141042 REVISED HUD.pdf
[2014/05/22 10:49:21 | 000,001,434 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/05/21 16:21:32 | 000,037,861 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Roaming\Comma Separated Values (Windows).ADR
[2014/05/21 15:00:00 | 000,017,064 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Martinez legal description.pdf
[2014/05/21 09:17:50 | 000,002,334 | ---- | M] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/21 09:17:50 | 000,002,310 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/20 11:11:14 | 000,024,389 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141042 preliminary HUD.pdf
[2014/05/20 09:17:06 | 000,166,076 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141049 HICKMAN ucc1.pdf
[2014/05/19 14:46:28 | 000,126,434 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141049 REVISED HUD.pdf
[2014/05/19 14:25:33 | 000,148,676 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141049 HUD & LEGAL DESCR.pdf
[2014/05/19 14:11:04 | 000,129,944 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141051 HUD.pdf
[2014/05/19 09:55:20 | 000,009,944 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Clayton Homes Invoice-Turbide.pdf
[2014/05/16 11:13:50 | 000,111,023 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Bunche Stree contract.pdf
[2014/05/15 11:40:19 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/05/15 11:40:19 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/05/15 11:40:19 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/05/15 11:36:53 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2014/05/14 15:27:56 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2014/05/14 15:14:45 | 000,494,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/14 15:08:15 | 000,001,520 | ---- | M] () -- C:\Users\Public\Documents\AcStd7_1_0.ini
[2014/05/14 14:39:51 | 000,129,908 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Wiggins hud.pdf
[2014/05/14 11:41:08 | 000,001,186 | ---- | M] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/05/14 08:36:30 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/14 08:36:30 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/13 15:37:53 | 000,125,914 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141044 PREL HUD.pdf
[2014/05/13 12:25:15 | 000,144,192 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 tax cert and plat.pdf
[2014/05/13 11:38:10 | 034,209,792 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\CHAPMA11_20140505-2014-05-13.QDF-backup
[2014/05/13 11:13:54 | 000,007,605 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Local\resmon.resmoncfg
[2014/05/13 10:04:35 | 000,000,000 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Local\{89B78C50-3F1E-4624-B5B6-B21F413891C7}
[2014/05/13 09:04:13 | 000,025,833 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Performance Monitor screen grab.gif
[2014/05/12 16:37:27 | 000,255,875 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 commitment.pdf
[2014/05/12 16:26:00 | 000,010,295 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 commitment.wpd
[2014/05/12 16:21:54 | 000,002,380 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 DATA FILE.wpd
[2014/05/09 10:58:52 | 000,729,275 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141039 signed docs.pdf
[2014/05/09 10:41:30 | 000,015,330 | ---- | M] () -- C:\Users\Barry Chapman\Documents\WIRE INSTRUCTIONS REAL ESTATE TRUST ACCT.pdf
[2014/05/09 07:41:18 | 000,001,070 | ---- | M] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2014/05/09 07:39:33 | 000,807,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/09 07:39:32 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2014/05/09 02:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/09 02:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/07 15:51:16 | 000,088,239 | ---- | M] () -- C:\Users\Barry Chapman\Documents\martin aff doc.pdf
[2014/05/07 15:43:47 | 002,744,977 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Gary Martin closing package.pdf
[2014/05/07 11:24:18 | 000,027,554 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141041 revised note.pdf
[2014/05/07 09:44:56 | 000,532,504 | ---- | M] () -- C:\Users\Barry Chapman\Documents\revised note and sd to change dates.pdf
[2014/05/07 09:16:15 | 000,024,895 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Old Republic Synovus letter.pdf
[2014/05/06 16:39:15 | 000,534,254 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Tillman revised note & sd.pdf
[2014/05/06 13:22:33 | 000,000,125 | ---- | M] () -- C:\Windows\SetScan.ini
[2014/05/06 10:04:49 | 000,313,256 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/05/06 10:04:49 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/05/06 10:04:49 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/05/06 10:04:49 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/05/06 09:06:37 | 000,005,432 | ---- | M] () -- C:\Windows\pixcache.ini
[2014/05/05 23:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/05 22:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/05 16:54:47 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Standard.lnk
[2014/05/05 16:15:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2014/05/05 16:12:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2014/05/05 15:02:39 | 000,013,839 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141000.pdf
[2014/05/05 14:53:30 | 000,001,534 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\Landtech XML.lnk
[2014/05/05 14:52:53 | 000,204,800 | ---- | M] (Landtech Data Corporation) -- C:\Windows\SysWow64\ltwpvsw.DLL
[2014/05/05 14:52:53 | 000,065,536 | ---- | M] (Landtech Data Corp.) -- C:\Windows\SysWow64\LTWNode.exe
[2014/05/05 14:44:31 | 000,000,519 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2014/05/05 14:44:25 | 000,002,781 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
[2014/05/05 11:17:49 | 000,000,580 | ---- | M] () -- C:\Users\Public\Desktop\Medlin Accounting.lnk
[2014/05/05 10:24:34 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Deluxe 2014.lnk
[2014/05/05 10:24:31 | 000,000,126 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2014/05/03 16:21:08 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/03 16:10:33 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2014/05/03 15:41:59 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/05/03 13:38:12 | 000,061,678 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Roaming\PFP120JPR.{PB
[2014/05/03 13:38:12 | 000,012,358 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Roaming\PFP120JCM.{PB
[2014/05/03 13:17:14 | 000,002,607 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\WordPerfect.lnk
[2014/05/02 15:31:58 | 000,001,409 | ---- | M] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/02 15:15:22 | 000,041,450 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/05/02 15:15:22 | 000,041,450 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2014/05/27 10:44:00 | 000,219,894 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141042 revised hud 5-26.pdf
[2014/05/27 09:25:05 | 001,440,846 | ---- | C] () -- C:\Program Files (x86)\mbam-chameleon-1.62.1.1000.zip
[2014/05/25 11:49:58 | 000,004,447 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\attach.zip
[2014/05/25 11:38:01 | 000,000,512 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\MBR.dat
[2014/05/25 10:52:48 | 000,004,315 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\attach.rar
[2014/05/25 10:37:03 | 000,001,159 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/05/25 10:36:53 | 000,000,960 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\ERUNT.lnk
[2014/05/23 09:46:30 | 000,201,978 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 PRELIMINARY HUD.pdf
[2014/05/23 07:52:39 | 000,033,334 | ---- | C] () -- C:\ProgramData\1400845954.bdinstall.bin
[2014/05/23 07:52:03 | 000,000,189 | ---- | C] () -- C:\ProgramData\1400845920.2208.bin
[2014/05/23 07:52:02 | 000,002,061 | ---- | C] () -- C:\ProgramData\1400845920.2284.bin
[2014/05/23 07:52:00 | 000,039,641 | ---- | C] () -- C:\ProgramData\1400845920.2200.bin
[2014/05/23 07:48:44 | 624,028,561 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/05/23 07:43:56 | 000,000,965 | ---- | C] () -- C:\ProgramData\1400845426.13472.bin
[2014/05/23 07:43:55 | 000,002,062 | ---- | C] () -- C:\ProgramData\1400845426.13672.bin
[2014/05/23 07:43:46 | 000,043,785 | ---- | C] () -- C:\ProgramData\1400845426.14224.bin
[2014/05/23 07:42:32 | 000,044,557 | ---- | C] () -- C:\ProgramData\1400845313.bdinstall.bin
[2014/05/22 15:48:57 | 000,042,188 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141050 revised contract.pdf
[2014/05/22 15:20:41 | 000,103,981 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141050 signed contract.pdf
[2014/05/22 13:22:39 | 000,051,706 | ---- | C] () -- C:\Windows\SysWow64\bddel.dat
[2014/05/22 13:12:59 | 000,202,050 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141042 REVISED HUD.pdf
[2014/05/21 15:00:00 | 000,017,064 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Martinez legal description.pdf
[2014/05/20 11:11:14 | 000,024,389 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141042 preliminary HUD.pdf
[2014/05/20 09:17:02 | 000,166,076 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141049 HICKMAN ucc1.pdf
[2014/05/19 14:46:28 | 000,126,434 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141049 REVISED HUD.pdf
[2014/05/19 14:25:34 | 000,148,676 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141049 HUD & LEGAL DESCR.pdf
[2014/05/19 14:11:05 | 000,129,944 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141051 HUD.pdf
[2014/05/19 09:55:21 | 000,009,944 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Clayton Homes Invoice-Turbide.pdf
[2014/05/16 11:15:34 | 000,111,023 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Bunche Stree contract.pdf
[2014/05/15 11:40:19 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/05/15 11:40:19 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/05/15 11:40:19 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/05/15 11:40:16 | 000,001,446 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/05/15 11:40:16 | 000,001,434 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/05/15 11:36:51 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/05/14 14:43:14 | 000,129,908 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Wiggins hud.pdf
[2014/05/14 14:40:55 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2014/05/14 14:34:35 | 000,001,520 | ---- | C] () -- C:\Users\Public\Documents\AcStd7_1_0.ini
[2014/05/14 11:41:08 | 000,001,186 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/05/13 15:37:54 | 000,125,914 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141044 PREL HUD.pdf
[2014/05/13 12:25:15 | 000,144,192 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 tax cert and plat.pdf
[2014/05/13 11:38:10 | 034,209,792 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\CHAPMA11_20140505-2014-05-13.QDF-backup
[2014/05/13 10:04:35 | 000,000,000 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Local\{89B78C50-3F1E-4624-B5B6-B21F413891C7}
[2014/05/13 09:04:13 | 000,025,833 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Performance Monitor screen grab.gif
[2014/05/13 08:53:10 | 000,007,605 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Local\resmon.resmoncfg
[2014/05/12 16:39:10 | 000,255,875 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 commitment.pdf
[2014/05/12 16:26:00 | 000,010,295 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 commitment.wpd
[2014/05/12 16:21:54 | 000,002,380 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 DATA FILE.wpd
[2014/05/09 10:58:52 | 000,729,275 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141039 signed docs.pdf
[2014/05/09 10:41:30 | 000,015,330 | ---- | C] () -- C:\Users\Barry Chapman\Documents\WIRE INSTRUCTIONS REAL ESTATE TRUST ACCT.pdf
[2014/05/09 07:41:18 | 000,001,070 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2014/05/09 07:39:32 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2014/05/07 15:51:16 | 000,088,239 | ---- | C] () -- C:\Users\Barry Chapman\Documents\martin aff doc.pdf
[2014/05/07 15:43:46 | 002,744,977 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Gary Martin closing package.pdf
[2014/05/07 11:24:13 | 000,027,554 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141041 revised note.pdf
[2014/05/07 09:47:05 | 000,532,504 | ---- | C] () -- C:\Users\Barry Chapman\Documents\revised note and sd to change dates.pdf
[2014/05/07 09:16:15 | 000,024,895 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Old Republic Synovus letter.pdf
[2014/05/06 16:39:15 | 000,534,254 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Tillman revised note & sd.pdf
[2014/05/06 09:09:30 | 000,063,248 | ---- | C] () -- C:\Windows\SysWow64\picn1120.ssm
[2014/05/05 17:43:05 | 000,005,432 | ---- | C] () -- C:\Windows\pixcache.ini
[2014/05/05 16:54:47 | 000,002,501 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 Standard.lnk
[2014/05/05 16:54:47 | 000,002,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk
[2014/05/05 16:54:47 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Standard.lnk
[2014/05/05 16:15:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2014/05/05 16:12:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2014/05/05 14:53:30 | 000,001,534 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\Landtech XML.lnk
[2014/05/05 14:44:31 | 000,000,519 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2014/05/05 14:44:25 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
[2014/05/05 14:35:58 | 000,013,839 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141000.pdf
[2014/05/05 11:45:19 | 000,037,861 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\Comma Separated Values (Windows).ADR
[2014/05/05 10:49:21 | 000,000,580 | ---- | C] () -- C:\Users\Public\Desktop\Medlin Accounting.lnk
[2014/05/05 10:24:34 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2014.lnk
[2014/05/05 10:24:06 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2014/05/04 03:06:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/05/03 16:21:08 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/05/03 16:21:08 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/03 16:10:33 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2014/05/03 15:41:59 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/05/03 13:38:12 | 000,061,678 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\PFP120JPR.{PB
[2014/05/03 13:38:12 | 000,012,358 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\PFP120JCM.{PB
[2014/05/03 13:30:41 | 000,000,125 | ---- | C] () -- C:\Windows\SetScan.ini
[2014/05/03 13:17:14 | 000,002,607 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\WordPerfect.lnk
[2014/05/02 16:23:30 | 000,002,334 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/02 16:23:30 | 000,002,310 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/02 16:12:54 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/02 16:12:54 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/02 15:31:58 | 000,001,409 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/02 15:25:20 | 000,001,415 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/05/02 15:18:02 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2014/05/02 15:17:44 | 000,000,290 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/05/02 15:17:44 | 000,000,272 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/03/22 04:08:50 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2014/03/22 04:08:50 | 000,241,152 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/03/22 04:08:50 | 000,109,056 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2014/03/21 13:42:49 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/05/11 05:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2014/05/20 18:36:38 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/05/03 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\Canon Electronics
[2014/05/16 08:33:26 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/05/20 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\ISIS Drivers
[2014/05/02 15:25:33 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\Leadertech
[2014/05/20 17:26:37 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\Opera Software
[2014/05/06 10:10:41 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\Oracle
[2014/05/04 18:11:07 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\PCDr
[2014/05/23 07:41:53 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\QuickScan
[2014/05/21 11:27:06 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\TuneUp Software
[2014/05/20 17:52:15 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\wi_upd

========== Purity Check ==========

< End of report >

**ken545** · 2014-05-27, 18:18

I really wanted to see the log from the fix . It looks like the proxy problem has not be resolved.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

**brchapman** · 2014-05-27, 19:33

Here's the Combofix log:

ComboFix 14-05-27.02 - Barry Chapman 05/27/2014 12:59:46.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12205.8695 [GMT -4:00]
Running from: c:\users\Barry Chapman\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1400845313.bdinstall.bin
c:\programdata\1400845426.13472.bin
c:\programdata\1400845426.13672.bin
c:\programdata\1400845426.14224.bin
c:\programdata\1400845920.2200.bin
c:\programdata\1400845920.2208.bin
c:\programdata\1400845920.2284.bin
c:\programdata\1400845954.bdinstall.bin
c:\windows\MICROSOFT
c:\windows\MICROSOFT\SystemUpdatekb70007\Installer.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\InstallerLibrary.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\Newtonsoft.Json.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\SQLite.Interop.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\System.Data.SQLite.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\win32.reg
c:\windows\MICROSOFT\SystemUpdatekb70007\WindowsUpdater.exe
c:\windows\SysWow64\setup.ini
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SystemUpdatekb70007
-------\Service_SystemUpdatekb70007
.
.
((((((((((((((((((((((((( Files Created from 2014-04-27 to 2014-05-27 )))))))))))))))))))))))))))))))
.
.
2014-05-27 17:04 . 2014-05-27 17:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-27 15:23 . 2014-05-27 15:23 -------- d-----w- C:\_OTL
2014-05-27 13:18 . 2014-05-27 13:18 -------- d-----w- C:\Malwarebytes' Anti-Malware
2014-05-26 14:19 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-25 14:36 . 2014-05-25 14:37 -------- d-----w- c:\program files (x86)\ERUNT
2014-05-25 13:09 . 2014-05-25 13:09 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-05-25 12:59 . 2014-05-25 12:59 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-05-25 12:59 . 2014-05-25 12:59 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-05-25 12:59 . 2014-05-25 12:59 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-05-23 13:20 . 2014-05-20 05:26 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3456136A-31BD-44AD-AC9F-CC6C03C478DA}\mpengine.dll
2014-05-23 12:25 . 2014-05-23 12:25 -------- d-----w- C:\New folder
2014-05-22 19:35 . 2014-05-22 19:35 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-22 19:35 . 2014-05-22 19:35 -------- d-----w- c:\program files (x86)\Java
2014-05-22 14:47 . 2014-05-22 14:47 -------- d-----w- c:\program files (x86)\Spybot
2014-05-21 15:16 . 2014-05-21 15:16 -------- d--h--w- c:\programdata\Common Files
2014-05-21 15:16 . 2014-05-23 11:03 -------- d-----w- c:\programdata\MFAData
2014-05-20 16:44 . 2014-05-20 17:35 -------- d-----w- c:\programdata\HitmanPro
2014-05-19 20:42 . 2014-05-26 14:25 -------- d-----w- C:\AdwCleaner
2014-05-19 14:55 . 2014-05-19 14:55 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-05-19 14:20 . 2014-05-19 14:20 -------- d-----w- C:\Adobe XI Pro
2014-05-19 12:08 . 2014-05-20 22:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-05-16 13:39 . 2014-05-16 13:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-05-16 12:33 . 2014-05-20 21:34 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2014-05-16 12:32 . 2014-05-19 14:19 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2014-05-15 15:40 . 2013-09-20 14:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-05-15 15:21 . 2014-05-22 14:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-05-15 15:21 . 2014-05-22 14:51 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-05-15 07:06 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 07:06 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 07:06 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 07:06 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 19:56 . 2014-05-26 14:24 -------- d-----w- c:\program files (x86)\MSR
2014-05-14 14:25 . 2014-05-14 14:25 -------- d-----w- c:\windows\PCHEALTH
2014-05-14 14:22 . 2014-05-14 14:22 -------- d-----w- c:\program files\Microsoft Office
2014-05-14 14:22 . 2014-05-14 14:22 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2014-05-14 14:20 . 2014-05-14 14:20 -------- d-----r- C:\MSOCache
2014-05-14 12:30 . 2014-05-20 20:20 -------- d-----w- c:\program files (x86)\Secunia
2014-05-13 16:16 . 2014-05-20 21:44 -------- d-----w- c:\program files (x86)\Backblaze
2014-05-13 16:16 . 2014-05-13 16:16 -------- d-----w- c:\programdata\Backblaze
2014-05-13 00:43 . 2014-05-13 00:43 -------- d-----w- c:\program files (x86)\Cisco Systems
2014-05-12 17:51 . 2014-05-13 15:07 -------- d-----w- c:\program files\My Lockbox
2014-05-12 11:16 . 2014-05-13 16:17 -------- d-----w- C:\.bzvol
2014-05-09 11:41 . 2013-03-01 06:27 63568 ----a-w- c:\windows\system32\drivers\vmx86.sys
2014-05-09 11:40 . 2013-03-01 06:27 354896 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2014-05-09 11:40 . 2013-03-01 06:26 434256 ----a-w- c:\windows\SysWow64\vmnat.exe
2014-05-09 11:40 . 2013-03-01 06:26 30800 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2014-05-09 11:40 . 2013-03-01 06:27 943184 ----a-w- c:\windows\system32\vnetlib64.dll
2014-05-09 11:39 . 2013-03-01 06:26 33360 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2014-05-09 11:39 . 2011-08-30 02:11 39024 ----a-w- c:\windows\system32\drivers\hcmon.sys
2014-05-09 11:39 . 2014-05-27 17:24 -------- d-----w- c:\programdata\VMware
2014-05-09 11:39 . 2014-05-09 11:39 -------- d-----w- c:\program files (x86)\VMware
2014-05-09 11:39 . 2014-05-09 11:39 -------- d-----w- c:\program files (x86)\Common Files\VMware
2014-05-09 11:38 . 2014-05-09 11:38 -------- d-----w- c:\program files\Common Files\VMware
2014-05-07 13:29 . 2014-05-07 13:29 -------- d-----w- c:\programdata\Canon Electronics
2014-05-06 17:18 . 2014-05-18 07:05 -------- d-----w- c:\windows\system32\MRT
2014-05-06 17:12 . 2012-12-17 12:56 152576 ----a-w- c:\windows\system32\DR25SVC.dll
2014-05-06 17:12 . 2009-05-13 20:08 491792 ----a-w- c:\windows\SysWow64\qd1.dll
2014-05-06 14:09 . 2014-05-06 14:09 -------- d-----w- c:\programdata\Oracle
2014-05-06 14:05 . 2014-05-06 14:04 313256 ----a-w- c:\windows\system32\javaws.exe
2014-05-06 14:04 . 2014-05-06 14:04 189352 ----a-w- c:\windows\system32\javaw.exe
2014-05-06 14:04 . 2014-05-06 14:04 189352 ----a-w- c:\windows\system32\java.exe
2014-05-06 14:04 . 2014-05-06 14:04 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-05-06 14:04 . 2014-05-06 14:04 -------- d-----w- c:\program files\Java
2014-05-06 13:31 . 2006-05-17 01:40 233744 ----a-w- c:\windows\SysWow64\PIXMDLN.DLL
2014-05-06 13:09 . 2009-05-13 20:16 200704 ----a-w- c:\windows\SysWow64\twpix32.dll
2014-05-06 13:09 . 2009-05-13 20:05 21008 ----a-w- c:\windows\system\Ctl3d.dll
2014-05-06 13:09 . 2003-12-18 22:09 23152 ----a-w- c:\windows\system\Pixperm.dll
2014-05-06 13:09 . 2003-12-18 22:09 16064 ----a-w- c:\windows\system\Pixloc.dll
2014-05-06 13:09 . 1998-04-13 17:13 98304 ----a-w- c:\windows\SysWow64\Wiaext32.dll
2014-05-06 13:09 . 2003-12-18 22:09 231552 ----a-w- c:\windows\system\Pixdflt.dll
2014-05-06 13:06 . 2014-05-20 21:51 -------- d-----w- c:\programdata\ISIS Drivers
2014-05-06 12:51 . 2014-05-06 12:51 -------- d-----w- C:\DR Scanner
2014-05-06 12:43 . 2014-05-06 12:43 -------- d-----w- C:\DR2580C
2014-05-06 12:37 . 2008-11-11 23:00 96768 ----a-w- c:\windows\system32\DR25CPL.dll
2014-05-06 12:37 . 2007-04-24 11:53 83456 ----a-w- c:\windows\system32\CeiUSB64.dll
2014-05-06 11:52 . 2014-05-20 22:19 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-06 11:29 . 2014-05-07 13:22 -------- d-----w- C:\CapturePerfect Upgrade
2014-05-06 07:02 . 2014-05-06 07:02 -------- d-----w- c:\program files (x86)\MSXML 4.0
2014-05-05 20:53 . 2014-05-20 22:03 -------- d-----w- c:\windows\SysWow64\spool
2014-05-05 20:24 . 2014-05-20 21:51 -------- d-----w- c:\program files\Microsoft Silverlight
2014-05-05 20:24 . 2014-05-20 21:45 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-05-05 20:15 . 2014-05-20 21:51 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2014-05-05 19:50 . 2014-05-05 19:53 -------- d-----w- C:\HP Universal Print Driver
2014-05-05 18:52 . 2014-05-05 18:52 65536 ----a-w- c:\windows\SysWow64\LTWNode.exe
2014-05-05 18:52 . 2014-05-05 18:52 204800 ----a-w- c:\windows\SysWow64\ltwpvsw.DLL
2014-05-05 18:44 . 2014-05-05 18:44 -------- d-----w- c:\programdata\Pervasive Software
2014-05-05 18:44 . 2014-05-05 18:44 -------- d-----w- c:\program files (x86)\Pervasive Software
2014-05-05 18:22 . 2014-05-20 21:44 -------- d-----w- C:\LTAPPS
2014-05-05 18:18 . 2014-05-05 18:18 -------- d-----w- C:\Wages
2014-05-05 18:07 . 2001-06-01 18:17 169600 ----a-w- c:\windows\SysWow64\WSpell.ocx
2014-05-05 15:26 . 2014-05-05 15:26 -------- d-----w- c:\programdata\Malwarebytes
2014-05-05 14:49 . 1998-05-12 00:01 1355776 ----a-w- c:\windows\SysWow64\msvbvm50.dll
2014-05-05 14:49 . 2014-05-25 16:10 -------- d-----w- C:\MWACCT
2014-05-05 14:24 . 2014-05-20 21:44 -------- d-----w- c:\program files (x86)\Common Files\AnswerWorks 5.0
2014-05-05 14:24 . 2009-05-12 19:14 4169728 ----a-w- c:\windows\SysWow64\cdintf400.dll
2014-05-05 14:24 . 2014-05-05 14:24 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2014-05-05 14:24 . 2014-05-20 21:46 -------- d-----w- c:\program files (x86)\Quicken
2014-05-05 14:23 . 2014-05-05 14:23 -------- d-----w- c:\programdata\Intuit
2014-05-05 14:13 . 2014-05-20 21:52 -------- d-----w- C:\Quicken 2014
2014-05-05 13:54 . 2008-05-07 23:59 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL
2014-05-05 13:43 . 2014-05-05 13:43 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2014-05-05 07:06 . 2014-05-05 07:06 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-05-04 07:37 . 2014-05-20 22:03 -------- d-----w- c:\windows\SysWow64\Wat
2014-05-04 07:37 . 2014-05-20 22:02 -------- d-----w- c:\windows\system32\Wat
2014-05-04 07:17 . 2014-05-04 07:17 -------- d-----w- c:\windows\Migration
2014-05-04 07:06 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-05-04 07:06 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-05-04 07:06 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-05-04 07:06 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-05-04 07:06 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-05-04 07:06 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-05-04 07:06 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-05-03 20:55 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-05-03 20:53 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-05-03 20:46 . 2014-05-03 20:46 -------- d-----w- c:\windows\system32\appmgmt
2014-05-03 20:40 . 2014-05-14 15:55 -------- d-----w- C:\Office 2000
2014-05-03 20:34 . 2014-05-22 20:23 -------- d-----w- c:\programdata\Microsoft Help
2014-05-03 20:21 . 2014-05-20 21:45 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-05-03 19:48 . 2009-07-14 01:41 886784 ----a-w- c:\windows\system32\wab32.dll
2014-05-03 19:48 . 2009-07-14 01:33 1098752 ----a-w- c:\windows\system32\wab32res.dll
2014-05-03 19:40 . 2014-05-20 21:55 -------- d-----w- c:\windows\Msagent
2014-05-03 19:33 . 2009-08-04 17:56 296960 ----a-w- c:\windows\winhlp32.exe
2014-05-03 19:33 . 2009-08-04 17:55 195072 ----a-w- c:\windows\SysWow64\ftsrch.dll
2014-05-03 19:33 . 2009-08-04 17:55 195072 ----a-w- c:\windows\system32\ftsrch.dll
2014-05-03 19:33 . 2009-08-04 17:55 9216 ----a-w- c:\windows\SysWow64\ftlx0411.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 12:36 . 2014-03-21 17:36 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 12:36 . 2014-03-21 17:36 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-15 06:34 . 2014-04-15 06:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-03 21:23 . 2012-11-08 22:40 70592 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-04-03 21:16 . 2012-11-08 22:37 346760 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-04-03 21:15 . 2014-03-21 17:52 189912 ----a-w- c:\windows\system32\mfevtps.exe
2014-04-03 21:10 . 2012-11-08 22:35 784760 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-04-03 21:08 . 2012-11-08 22:34 522360 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-04-03 21:06 . 2012-11-08 22:34 311856 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-04-03 21:03 . 2012-11-08 22:33 177544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-03-31 13:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-22 08:21 . 2014-03-22 08:21 360832 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2014-03-22 08:21 . 2014-03-22 08:21 936448 ----a-w- c:\windows\system32\vmsal.exe
2014-03-22 08:21 . 2014-03-22 08:21 793600 ----a-w- c:\windows\SysWow64\vmsal.exe
2014-03-22 08:21 . 2014-03-22 08:21 59392 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2014-03-22 08:21 . 2014-03-22 08:21 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2014-03-22 08:21 . 2014-03-22 08:21 4514816 ----a-w- c:\windows\system32\vpc.exe
2014-03-22 08:21 . 2014-03-22 08:21 2264064 ----a-w- c:\windows\system32\VPCWizard.exe
2014-03-22 08:21 . 2014-03-22 08:21 1369600 ----a-w- c:\windows\system32\VPCSettings.exe
2014-03-22 08:21 . 2014-03-22 08:21 1210368 ----a-w- c:\windows\system32\VMWindow.exe
2014-03-22 08:21 . 2014-03-22 08:21 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2014-03-22 08:21 . 2014-03-22 08:21 194944 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2014-03-22 08:21 . 2014-03-22 08:21 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll
2014-03-22 08:21 . 2014-03-22 08:21 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2014-03-22 08:21 . 2014-03-22 08:21 778752 ----a-w- c:\windows\system32\mssvp.dll
2014-03-22 08:21 . 2014-03-22 08:21 75264 ----a-w- c:\windows\system32\msscntrs.dll
2014-03-22 08:21 . 2014-03-22 08:21 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2014-03-22 08:21 . 2014-03-22 08:21 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2014-03-22 08:21 . 2014-03-22 08:21 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2014-03-22 08:21 . 2014-03-22 08:21 491520 ----a-w- c:\windows\system32\mssph.dll
2014-03-22 08:21 . 2014-03-22 08:21 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2014-03-22 08:21 . 2014-03-22 08:21 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2014-03-22 08:21 . 2014-03-22 08:21 288256 ----a-w- c:\windows\system32\mssphtb.dll
2014-03-22 08:21 . 2014-03-22 08:21 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2014-03-22 08:21 . 2014-03-22 08:21 2315776 ----a-w- c:\windows\system32\tquery.dll
2014-03-22 08:21 . 2014-03-22 08:21 2223616 ----a-w- c:\windows\system32\mssrch.dll
2014-03-22 08:21 . 2014-03-22 08:21 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2014-03-22 08:21 . 2014-03-22 08:21 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2014-03-22 08:21 . 2014-03-22 08:21 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2014-03-22 08:21 . 2014-03-22 08:21 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2014-03-22 08:21 . 2014-03-22 08:21 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2014-03-22 08:21 . 2014-03-22 08:21 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-03-22 08:21 . 2014-03-22 08:21 830464 ----a-w- c:\windows\system32\nshwfp.dll
2014-03-22 08:21 . 2014-03-22 08:21 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2014-03-22 08:21 . 2014-03-22 08:21 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2014-03-22 08:21 . 2014-03-22 08:21 46080 ----a-w- c:\windows\system32\atmlib.dll
2014-03-22 08:21 . 2014-03-22 08:21 41472 ----a-w- c:\windows\system32\lpk.dll
2014-03-22 08:21 . 2014-03-22 08:21 368128 ----a-w- c:\windows\system32\atmfd.dll
2014-03-22 08:21 . 2014-03-22 08:21 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2014-03-22 08:21 . 2014-03-22 08:21 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-03-22 08:21 . 2014-03-22 08:21 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2014-03-22 08:21 . 2014-03-22 08:21 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2014-03-22 08:21 . 2014-03-22 08:21 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2014-03-22 08:21 . 2014-03-22 08:21 197120 ----a-w- c:\windows\system32\credui.dll
2014-03-22 08:21 . 2014-03-22 08:21 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-03-22 08:21 . 2014-03-22 08:21 168960 ----a-w- c:\windows\SysWow64\credui.dll
2014-03-22 08:21 . 2014-03-22 08:21 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2014-03-22 08:21 . 2014-03-22 08:21 1474048 ----a-w- c:\windows\system32\crypt32.dll
2014-03-22 08:21 . 2014-03-22 08:21 14336 ----a-w- c:\windows\system32\dciman32.dll
2014-03-22 08:21 . 2014-03-22 08:21 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2014-03-22 08:21 . 2014-03-22 08:21 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2014-03-22 08:21 . 2014-03-22 08:21 100864 ----a-w- c:\windows\system32\fontsub.dll
2014-03-22 08:21 . 2014-03-22 08:21 81920 ----a-w- c:\windows\SysWow64\davclnt.dll
2014-03-22 08:21 . 2014-03-22 08:21 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2014-03-22 08:21 . 2014-03-22 08:21 6656 ----a-w- c:\windows\system32\apisetschema.dll
2014-03-22 08:21 . 2014-03-22 08:21 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2014-03-22 08:21 . 2014-03-22 08:21 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 338432 ----a-w- c:\windows\system32\conhost.exe
2014-03-22 08:21 . 2014-03-22 08:21 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"Backblaze"="c:\program files (x86)\Backblaze\bzbui.exe" [2014-05-13 492136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-04-25 4101584]
"mcpltui_exe"="c:\program files\Common Files\McAfee\Platform\mcuicnt.exe" [2013-09-11 645168]
.
c:\users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe [2014-5-5 25214]
Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe -SRDE [2014-5-5 92854]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe\0bddel.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S1 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 bzserv;Backblaze Service;c:\program files (x86)\Backblaze\bzserv.exe;c:\program files (x86)\Backblaze\bzserv.exe [x]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 McOobeSv2;McAfee OOBE Service2;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\sftservice.exe;c:\program files (x86)\Dell Backup and Recovery\sftservice.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-21 13:17 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-21 12:36]
.
2014-05-15 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-05-15 18:14]
.
2014-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-02 20:12]
.
2014-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-02 20:12]
.
2014-05-15 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-05-15 18:13]
.
2014-05-15 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-05-15 18:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileBackuped]
@="{831cebdd-6baf-4432-be76-9e0989c14aef}"
[HKEY_CLASSES_ROOT\CLSID\{831cebdd-6baf-4432-be76-9e0989c14aef}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileNotBackuped]
@="{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}"
[HKEY_CLASSES_ROOT\CLSID\{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-08-11 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-08-11 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-08-11 444400]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-07-27 7194840]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-07-29 1321688]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-07-30 36352]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 205.152.144.23 205.152.132.23
FF - ProfilePath - c:\users\Barry Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\76t9nm76.default\
FF - prefs.js: network.proxy.ssl_port - 8118
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-05-27 13:29:23 - machine was rebooted
ComboFix-quarantined-files.txt 2014-05-27 17:29
.
Pre-Run: 401,124,175,872 bytes free
Post-Run: 400,572,882,944 bytes free
.
- - End Of File - - 5B6B3561063F4A3860330BE71BB71871
5C616939100B85E558DA92B899A0FC36

Thread: Nasty malware not detected by any removal software!

Thread Tools

Display

OTL file Part 1

OTL part 2

OTL part 3

OTL Extras

Post boot log

new scan OTL txt file part 1

New scan OTL tst file part 2

Combofix log

Posting Permissions