Nasty malware not detected by any removal software!

brchapman · May 23, 2014

I have a real nasty virus that keeps changing my proxy server settings and redirects online to ad sites and has tons of popups on web pages. I've tried to detect it with Spybot, AVG, Malwarbytes and Mcafee, but no luck. Can you help????

ken545 · May 23, 2014

:snwelcome:

Please read this and go to page 2 and download and run the required programs and post the logs please, without this information its hard to help you

http://forums.spybot.info/showthrea...-this-Procedure-Before-Requesting-Assistance)

brchapman · May 25, 2014

log files

Here are the log files (atached) Any help will be greatly appreciated!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
Run by Barry Chapman at 10:38:59 on 2014-05-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12205.8448 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Backblaze\bzserv.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Backblaze\bzbui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\msiexec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uProxyServer = hxxp=127.0.0.1:8118;https=127.0.0.1:8118
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
uRun: [updateMgr] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcStd7_1_0 -reboot 1
uRun: [Backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [mcpltui_exe] "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
StartupFolder: C:\Users\BARRYC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTP~1.LNK - C:\Windows\Installer\{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %SystemRoot%\system32\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 8.8.8.8 8.8.4.4 205.152.144.23 205.152.132.23
TCP: Interfaces\{52E3D270-9F67-475E-B16A-1D6443366E50} : DHCPNameServer = 8.8.8.8 8.8.4.4 205.152.144.23 205.152.132.23
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Barry Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\76t9nm76.default\
FF - prefs.js: network.proxy.ssl_port - 8118
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-3-22 666984]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-3-22 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-3-21 20464]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-11-8 784760]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-11-8 346760]
R1 SDHookDriver;Hook Test Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2014-5-15 64160]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2014-3-21 98208]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2013-7-2 312448]
R2 bzserv;Backblaze Service;C:\Program Files (x86)\Backblaze\bzserv.exe [2014-5-13 234600]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2014-1-13 198664]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-3-21 328928]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-7-29 14696]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-3-21 169432]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2012-11-29 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-3-21 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-3-21 328928]
R2 McOobeSv2;McAfee OOBE Service2;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-3-21 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-3-21 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-3-21 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2014-3-21 1041192]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2014-3-21 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-3-21 189912]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-3-21 246488]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-5-15 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-5-15 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-5-15 171928]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2014-4-4 1915920]
R2 SystemUpdatekb70007;SystemUpdatekb70007;C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [2014-5-14 18944]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2014-3-21 81536]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2013-7-2 89800]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2013-7-2 347336]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2013-7-2 116424]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2013-7-2 34384]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2013-7-2 179432]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2013-7-2 77464]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2013-7-2 137928]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2013-7-2 589000]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-8 70592]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-3-21 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-3-21 786416]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-5 25816]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-8 311856]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-8 522360]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-3-18 441264]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2014-3-21 263896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-3-22 849992]
S2 0311681401027050mcinstcleanup;McAfee Application Installer Cleanup (0311681401027050);C:\Windows\TEMP\031168~1.EXE -cleanup -nolog --> C:\Windows\TEMP\031168~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-5 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-5 857912]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-5-2 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-5 111616]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-3-22 452088]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-5 63192]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [2014-3-21 334760]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-3-18 96592]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-4 1255736]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=C:\Windows\SysWow64\WScript.exe "%1" %*
FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2014-05-25 13:09:53 736952 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-05-25 12:59:19 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-05-25 12:59:06 42168 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-05-25 12:59:03 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-05-25 08:27:17 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3456136A-31BD-44AD-AC9F-CC6C03C478DA}\offreg.dll
2014-05-23 13:20:18 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-05-23 13:20:10 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3456136A-31BD-44AD-AC9F-CC6C03C478DA}\mpengine.dll
2014-05-23 12:25:39 -------- d-----w- C:\New folder
2014-05-23 11:52:39 33334 ----a-w- C:\ProgramData\1400845954.bdinstall.bin
2014-05-23 11:52:03 189 ----a-w- C:\ProgramData\1400845920.2208.bin
2014-05-23 11:52:02 2061 ----a-w- C:\ProgramData\1400845920.2284.bin
2014-05-23 11:52:00 39641 ----a-w- C:\ProgramData\1400845920.2200.bin
2014-05-23 11:43:56 965 ----a-w- C:\ProgramData\1400845426.13472.bin
2014-05-23 11:43:55 2062 ----a-w- C:\ProgramData\1400845426.13672.bin
2014-05-23 11:43:46 43785 ----a-w- C:\ProgramData\1400845426.14224.bin
2014-05-23 11:42:32 44557 ----a-w- C:\ProgramData\1400845313.bdinstall.bin
2014-05-23 11:41:53 -------- d-----w- C:\Users\Barry Chapman\AppData\Roaming\QuickScan
2014-05-22 19:35:22 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-22 14:47:49 -------- d-----w- C:\Program Files (x86)\Spybot
2014-05-21 15:27:06 -------- d-----w- C:\Users\Barry Chapman\AppData\Roaming\TuneUp Software
2014-05-21 15:16:30 -------- d--h--w- C:\ProgramData\Common Files
2014-05-21 15:16:29 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\MFAData
2014-05-21 15:16:29 -------- d-----w- C:\ProgramData\MFAData
2014-05-20 18:53:08 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\Norman Malware Cleaner
2014-05-20 16:44:27 -------- d-----w- C:\ProgramData\HitmanPro
2014-05-19 20:42:54 -------- d-----w- C:\AdwCleaner
2014-05-19 14:55:46 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2014-05-19 14:20:13 -------- d-----w- C:\Adobe XI Pro
2014-05-19 12:08:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-05-16 14:51:07 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\CrashDumps
2014-05-16 13:39:50 -------- d-----w- C:\Users\Barry Chapman\AppData\Roaming\SUPERAntiSpyware.com
2014-05-16 13:39:36 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-05-16 12:33:26 -------- d-----w- C:\Users\Barry Chapman\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-05-16 12:33:05 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2014-05-15 15:40:14 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-05-15 15:21:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-05-15 15:21:38 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-15 07:25:44 -------- d-----r- C:\Users\Barry Chapman\Virtual Machines
2014-05-15 07:06:08 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-15 07:06:08 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-14 20:16:31 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\PDF24
2014-05-14 19:56:37 -------- d-----w- C:\Windows\Microsoft
2014-05-14 19:56:07 -------- d-----w- C:\Program Files (x86)\MSR
2014-05-14 19:56:04 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\IdleCrawler
2014-05-14 19:54:59 -------- d-----w- C:\Users\Barry Chapman\AppData\Roaming\GetPrivate
2014-05-14 19:54:30 -------- d-----w- C:\Users\Barry Chapman\AppData\Roaming\wi_upd
2014-05-14 19:48:24 -------- d-----w- C:\Users\Barry Chapman\AppData\Roaming\BitTorrent
2014-05-14 14:25:54 -------- d-----w- C:\Windows\PCHEALTH
2014-05-14 14:22:10 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2014-05-14 12:30:28 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\Secunia PSI
2014-05-14 12:30:08 -------- d-----w- C:\Program Files (x86)\Secunia
2014-05-13 16:16:21 -------- d-----w- C:\ProgramData\Backblaze
2014-05-13 16:16:21 -------- d-----w- C:\Program Files (x86)\Backblaze
2014-05-13 16:02:10 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\VMware
2014-05-13 15:18:34 -------- d-----w- C:\Windows\pss
2014-05-13 00:43:13 -------- d-----w- C:\Users\Barry Chapman\.asdm
2014-05-13 00:43:03 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2014-05-12 17:51:55 -------- d-----w- C:\Program Files\My Lockbox
2014-05-12 11:16:46 -------- d--h--w- C:\.bzvol
2014-05-09 11:41:14 63568 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2014-05-09 11:40:35 354896 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2014-05-09 11:40:33 434256 ----a-w- C:\Windows\SysWow64\vmnat.exe
2014-05-09 11:40:32 30800 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2014-05-09 11:40:26 943184 ----a-w- C:\Windows\System32\vnetlib64.dll
2014-05-09 11:39:45 33360 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2014-05-09 11:39:43 39024 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2014-05-09 11:39:13 -------- d-----w- C:\Program Files (x86)\VMware
2014-05-09 11:39:13 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2014-05-09 11:38:43 -------- d-----w- C:\Program Files\Common Files\VMware
2014-05-07 13:29:31 -------- d-----w- C:\ProgramData\Canon Electronics
2014-05-06 20:16:12 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\ElevatedDiagnostics
2014-05-06 17:18:22 -------- d-----w- C:\Windows\System32\MRT
2014-05-06 17:12:58 152576 ----a-w- C:\Windows\System32\DR25SVC.dll
2014-05-06 17:12:46 491792 ----a-w- C:\Windows\SysWow64\qd1.dll
2014-05-06 14:09:29 -------- d-----w- C:\ProgramData\Oracle
2014-05-06 14:04:56 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-05-06 13:31:13 233744 ----a-w- C:\Windows\SysWow64\PIXMDLN.DLL
2014-05-06 13:09:30 98304 ----a-w- C:\Windows\SysWow64\Wiaext32.dll
2014-05-06 13:09:30 23152 ----a-w- C:\Windows\system\Pixperm.dll
2014-05-06 13:09:30 21008 ----a-w- C:\Windows\system\Ctl3d.dll
2014-05-06 13:09:30 200704 ----a-w- C:\Windows\SysWow64\twpix32.dll
2014-05-06 13:09:30 16064 ----a-w- C:\Windows\system\Pixloc.dll
2014-05-06 13:09:29 231552 ----a-w- C:\Windows\system\Pixdflt.dll
2014-05-06 13:06:37 -------- d-----w- C:\Users\Barry Chapman\AppData\Roaming\ISIS Drivers
2014-05-06 13:06:37 -------- d-----w- C:\ProgramData\ISIS Drivers
2014-05-06 12:51:55 -------- d-----w- C:\DR Scanner
2014-05-06 12:43:03 -------- d-----w- C:\DR2580C
2014-05-06 12:37:30 96768 ----a-w- C:\Windows\System32\DR25CPL.dll
2014-05-06 12:37:30 83456 ----a-w- C:\Windows\System32\CeiUSB64.dll
2014-05-06 11:52:59 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-06 11:29:31 -------- d-----w- C:\CapturePerfect Upgrade
2014-05-06 07:02:54 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2014-05-05 20:53:00 -------- d-----w- C:\Windows\SysWow64\spool
2014-05-05 20:15:01 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2014-05-05 19:50:08 -------- d-----w- C:\HP Universal Print Driver
2014-05-05 18:52:53 65536 ----a-w- C:\Windows\SysWow64\LTWNode.exe
2014-05-05 18:52:53 204800 ----a-w- C:\Windows\SysWow64\ltwpvsw.DLL
2014-05-05 18:44:05 -------- d-----w- C:\ProgramData\Pervasive Software
2014-05-05 18:44:05 -------- d-----w- C:\Program Files (x86)\Pervasive Software
2014-05-05 18:22:07 -------- d-----w- C:\LTAPPS
2014-05-05 18:18:46 -------- d-----w- C:\Wages
2014-05-05 18:07:17 169600 ----a-w- C:\Windows\SysWow64\WSpell.ocx
2014-05-05 16:22:16 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\Help
2014-05-05 15:26:58 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-05 15:26:05 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-05 15:26:05 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-05 15:26:04 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-05 15:26:04 -------- d-----w- C:\ProgramData\Malwarebytes
2014-05-05 15:26:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-05 14:49:21 1355776 ----a-w- C:\Windows\SysWow64\msvbvm50.dll
2014-05-05 14:49:20 -------- d-----w- C:\MWACCT
2014-05-05 14:49:04 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\Programs
2014-05-05 14:40:33 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\QuickenWindow
2014-05-05 14:36:26 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\IsolatedStorage
2014-05-05 14:24:51 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
2014-05-05 14:24:39 4169728 ----a-w- C:\Windows\SysWow64\cdintf400.dll
2014-05-05 14:24:09 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2014-05-05 14:24:08 -------- d-----w- C:\Users\Barry Chapman\AppData\Roaming\Intuit
2014-05-05 14:24:08 -------- d-----w- C:\Program Files (x86)\Quicken
2014-05-05 14:23:30 -------- d-----w- C:\ProgramData\Intuit
2014-05-05 14:13:09 -------- d-----w- C:\Quicken 2014
2014-05-05 13:54:36 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPLHN.DLL
2014-05-05 13:43:40 -------- d-----w- C:\Program Files (x86)\Common Files\SWF Studio
2014-05-05 12:58:28 -------- d-sh--w- C:\Users\Barry Chapman\AppData\Local\EmieUserList
2014-05-05 12:58:28 -------- d-sh--w- C:\Users\Barry Chapman\AppData\Local\EmieSiteList
2014-05-04 07:37:17 -------- d-----w- C:\Windows\SysWow64\Wat
2014-05-04 07:37:17 -------- d-----w- C:\Windows\System32\Wat
2014-05-04 07:17:29 -------- d-----w- C:\Windows\Migration
2014-05-04 07:06:19 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-05-04 07:06:19 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-05-04 07:06:18 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-05-04 07:06:18 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-05-04 07:06:18 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-05-04 07:06:18 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-05-04 07:06:18 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-05-03 20:55:45 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-05-03 20:53:46 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-05-03 20:46:07 -------- d-----w- C:\Windows\System32\appmgmt
2014-05-03 20:40:07 -------- d-----w- C:\Office 2000
2014-05-03 20:34:04 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\Microsoft Help
2014-05-03 20:23:38 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\Macromedia
2014-05-03 19:48:38 886784 ----a-w- C:\Windows\System32\wab32.dll
2014-05-03 19:48:38 1098752 ----a-w- C:\Windows\System32\wab32res.dll
2014-05-03 19:40:56 -------- d-----w- C:\Windows\Msagent
2014-05-03 19:33:02 9216 ----a-w- C:\Windows\SysWow64\ftlx0411.dll
2014-05-03 19:33:02 9216 ----a-w- C:\Windows\System32\ftlx0411.dll
2014-05-03 19:33:02 296960 ----a-w- C:\Windows\winhlp32.exe
2014-05-03 19:33:02 195072 ----a-w- C:\Windows\SysWow64\ftsrch.dll
2014-05-03 19:33:02 195072 ----a-w- C:\Windows\System32\ftsrch.dll
2014-05-03 19:33:02 10240 ----a-w- C:\Windows\SysWow64\ftlx041e.dll
2014-05-03 19:33:02 10240 ----a-w- C:\Windows\System32\ftlx041e.dll
2014-05-03 18:40:10 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\Adobe
2014-05-03 18:29:44 -------- d-----w- C:\Program Files (x86)\wp51
2014-05-03 18:14:42 -------- d-----w- C:\Program Files (x86)\Kyocera
2014-05-03 18:14:25 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2014-05-03 18:14:25 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2014-05-03 18:14:25 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2014-05-03 18:14:25 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2014-05-03 17:53:55 -------- d-----w- C:\Users\Barry Chapman\AppData\Roaming\Canon Electronics
2014-05-03 17:31:52 21008 ----a-w- C:\Windows\SysWow64\CTL3D.DLL
2014-05-03 17:31:31 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2014-05-03 17:31:31 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2014-05-03 17:31:31 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2014-05-03 17:31:31 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2014-05-03 17:31:31 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2014-05-03 17:31:31 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2014-05-03 17:31:30 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2014-05-03 17:31:15 67888 ----a-w- C:\Windows\SysWow64\SuStiUtl.dll
2014-05-03 17:16:43 -------- d-----w- C:\Program Files (x86)\Common Files\Borland Shared
2014-05-03 17:14:53 -------- d-----w- C:\Program Files (x86)\WordPerfect Office 12
2014-05-03 17:14:53 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
2014-05-03 16:01:21 -------- d-----w- C:\Users\Barry Chapman\AppData\Roaming\PCDr
2014-05-03 00:32:20 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-05-03 00:32:12 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-05-03 00:32:05 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-05-03 00:32:05 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-05-03 00:30:25 736952 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-05-03 00:29:56 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-05-03 00:29:42 42168 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-05-03 00:29:39 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-05-02 23:50:51 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2014-05-02 20:12:46 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\Google
2014-05-02 20:10:13 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\Diagnostics
2014-05-02 19:58:33 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\Apps
2014-05-02 19:58:32 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\Deployment
2014-05-02 19:45:07 -------- d-----w- C:\Users\Barry Chapman\AppData\Roaming\Opera Software
2014-05-02 19:45:07 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\Opera Software
2014-05-02 19:26:33 -------- d-----w- C:\Users\Barry Chapman\AppData\Roaming\Intel Corporation
2014-05-02 19:25:54 -------- d-----w- C:\Users\Barry Chapman\AppData\Roaming\Dell
2014-05-02 19:25:50 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\BMExplorer
2014-05-02 19:25:38 -------- d-----w- C:\ProgramData\Atheros
2014-05-02 19:25:31 -------- d-----w- C:\Users\Barry Chapman\AppData\Roaming\Atheros
2014-05-02 19:25:07 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\VirtualStore
2014-05-02 19:23:34 -------- d-----w- C:\Users\Barry Chapman\AppData\Local\softthinks
2014-05-02 19:23:34 -------- d-----w- C:\ProgramData\softthinks
.
==================== Find3M ====================
.
2014-05-14 12:36:30 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 12:36:30 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-15 06:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-03 21:23:54 70592 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2014-04-03 21:16:04 346760 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2014-04-03 21:15:34 189912 ----a-w- C:\Windows\System32\mfevtps.exe
2014-04-03 21:10:34 784760 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2014-04-03 21:08:04 522360 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2014-04-03 21:06:04 311856 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2014-04-03 21:03:32 177544 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-22 08:05:50 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2014-03-22 08:04:58 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-03-19 19:23:14 50896 ----a-w- C:\Windows\System32\drivers\point64.sys
2014-03-18 11:09:16 11336 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys
2014-03-18 11:08:50 96592 ----a-w- C:\Windows\System32\drivers\mfencrk.sys
2014-03-18 11:08:26 441264 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 10:46:11.46 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-05-25 10:43:56
-----------------------------
10:43:56.230 OS Version: Windows x64 6.1.7601 Service Pack 1
10:43:56.230 Number of processors: 4 586 0x3C03
10:43:56.232 ComputerName: BARRYSNEW UserName:
10:44:02.497 Initialize success
11:23:17.612 AVAST engine defs: 14052500
11:26:21.779 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007d
11:26:21.784 Disk 0 Vendor: TOSHIBA_ MS1O Size: 476940MB BusType: 11
11:26:21.893 Disk 0 MBR read successfully
11:26:21.894 Disk 0 MBR scan
11:26:21.913 Disk 0 Windows VISTA default MBR code
11:26:21.915 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
11:26:21.945 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 25258 MB offset 81920
11:26:21.979 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 451641 MB offset 51810304
11:26:22.025 Disk 0 scanning C:\Windows\system32\drivers
11:26:33.648 Service scanning
11:27:00.723 Modules scanning
11:27:00.726 Disk 0 trace - called modules:
11:27:00.739 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
11:27:01.064 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800cb4d060]
11:27:01.066 3 CLASSPNP.SYS[fffff88001d7843f] -> nt!IofCallDriver -> [0xfffffa800a776af0]
11:27:01.068 5 iaStorF.sys[fffff88001d14ab0] -> nt!IofCallDriver -> \Device\0000007d[0xfffffa800a1d7960]
11:27:01.620 AVAST engine scan C:\Windows
11:27:03.626 AVAST engine scan C:\Windows\system32
11:31:00.443 AVAST engine scan C:\Windows\system32\drivers
11:31:14.789 AVAST engine scan C:\Users\Barry Chapman
11:32:27.850 File: C:\Users\Barry Chapman\AppData\Local\IdleCrawler\IdleProfile.exe **INFECTED** Win32:Malware-gen
11:35:07.598 AVAST engine scan C:\ProgramData
11:36:48.837 Scan finished successfully
11:38:01.469 Disk 0 MBR has been saved successfully to "C:\Users\Barry Chapman\Desktop\MBR.dat"
11:38:01.477 The log file has been saved successfully to "C:\Users\Barry Chapman\Desktop\aswMBR.txt"

ken545 · May 25, 2014

Looking over your logs now, be right back. Any further logs we ask for please just copy and paste them in in lew of attaching them, its easier for us to analyze them.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/2/2014 3:17:37 PM
System Uptime: 5/25/2014 7:52:23 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 02YRK5
Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz | CPU 1 | 3400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 441 GiB total, 373.667 GiB free.
D: is CDROM ()
Y: is FIXED (NTFS) - 25 GiB total, 14.205 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP49: 5/21/2014 11:25:30 AM - Installed AVG 2014
RP50: 5/21/2014 11:25:58 AM - Installed AVG 2014
RP51: 5/22/2014 3:00:19 AM - Windows Update
RP52: 5/22/2014 3:03:06 PM - Removed AVG 2014
RP53: 5/22/2014 3:06:22 PM - Removed AVG 2014
RP54: 5/22/2014 4:16:37 PM - Windows Update
RP55: 5/23/2014 8:00:45 AM - Removed eBay
.
==== Installed Programs ======================
.
Accidental Damage Services Agreement
Adobe Acrobat 7.0 Standard - English, Français, Deutsch
Adobe Acrobat 7.1.2 Standard - English, Français, Deutsch
Adobe Acrobat 7.1.4 - CPSID_50030
Adobe Acrobat 7.1.4 Standard - English, Français, Deutsch
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.06) MUI
Backblaze
Banctec Service Agreement
Canon DR-2580C Driver
CapturePerfect 3.0 Help & Manual
CapturePerfect 3.1
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Digital Delivery
Dell Edoc Viewer
Dell Home Systems Service Agreement
Dell WLAN and Bluetooth Client Installation
DR-2580C Job Tool
DSC/AA Factory Installer
ERUNT 1.1j
Google Chrome
Google Update Helper
Google+ Auto Backup
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel® Trusted Connect Service Client
iSEEK AnswerWorks English Runtime
Java 7 Update 55
Java 7 Update 55 (64-bit)
Kyocera Address Book for Network FAX
Malwarebytes Anti-Malware version 2.0.1.1004
McAfee LiveSafe – Internet Security
Medlin Accounting
Medlin Payroll
Microsoft .NET Framework 4.5.1
Microsoft Mouse and Keyboard Center
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 29.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
Pervasive PSQL v10 SP3 Workgroup (32-bit)
Picasa 3
Premium Service Agreement
Qualcomm Atheros Bluetooth Suite (64)
QualxServ Service Agreement
Quicken 2014
Realtek Card Reader
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shared C Run-time for x64
Spybot - Search & Destroy
System Update kb70007
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VmciSockets
VMware Player
WinRAR 5.00 (32-bit)
WordPerfect Office 12
.
==== Event Viewer Messages From Past Week ========
.
5/25/2014 7:53:50 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
5/25/2014 7:53:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
5/25/2014 7:53:10 AM, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/25/2014 4:26:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/24/2014 12:14:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
5/24/2014 12:14:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {C90134D2-4AE9-407A-919A-4A2EF09C6C51}
5/24/2014 12:13:14 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/24/2014 12:13:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/24/2014 12:13:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/24/2014 12:13:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/24/2014 12:13:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/24/2014 12:13:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/24/2014 12:13:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/24/2014 12:13:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
5/24/2014 12:13:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk NetBIOS NetBT nsiproxy Psched rdbss SDHookDriver spldr tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf ws2ifsl
5/24/2014 12:12:59 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/24/2014 12:12:59 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/24/2014 12:12:59 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/24/2014 12:12:59 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/24/2014 12:12:59 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/24/2014 12:12:59 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/24/2014 12:12:59 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/24/2014 12:12:59 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
5/24/2014 12:12:59 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
5/24/2014 12:12:59 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
5/24/2014 12:12:59 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
5/24/2014 12:12:59 PM, Error: Service Control Manager [7001] - The McAfee AP Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
5/24/2014 12:12:59 PM, Error: Service Control Manager [7001] - The McAfee Anti-Malware Core service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
5/24/2014 12:12:59 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/24/2014 12:12:59 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/24/2014 12:12:59 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/23/2014 7:52:37 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/23/2014 7:49:15 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
5/23/2014 7:49:02 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SDHookDriver spldr vpcvmm Wanarpv6
5/23/2014 7:48:56 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000034 (0x0000000000050853, 0xfffff8800359a5d8, 0xfffff88003599e30, 0xfffff800037aa123). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052314-21138-01.
5/22/2014 9:59:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
5/22/2014 9:59:07 AM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2014 9:48:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgdiska AVGIDSDriver Avgldx64 discache SDHookDriver spldr vpcvmm Wanarpv6
5/22/2014 9:48:34 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2014 3:40:57 AM, Error: Service Control Manager [7022] - The McAfee Home Network service hung on starting.
5/22/2014 3:37:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Secunia Update Agent service to connect.
5/22/2014 3:37:17 AM, Error: Service Control Manager [7000] - The Secunia Update Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2014 3:06:36 PM, Error: Service Control Manager [7034] - The Andrea RT Filters Service service terminated unexpectedly. It has done this 1 time(s).
5/22/2014 10:01:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
5/22/2014 10:01:00 AM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2014 1:43:40 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
5/21/2014 3:04:41 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition.
5/21/2014 3:02:35 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition.
5/21/2014 3:01:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition.
5/21/2014 3:01:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition.
5/20/2014 6:50:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
5/20/2014 6:50:40 PM, Error: Service Control Manager [7000] - The McAfee Platform Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/20/2014 6:49:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfecore service.
5/20/2014 6:48:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Anti-Spam Service service to connect.
5/20/2014 6:48:45 PM, Error: Service Control Manager [7000] - The McAfee Anti-Spam Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/20/2014 6:48:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Proxy Service service to connect.
5/20/2014 6:48:44 PM, Error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/20/2014 6:48:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Personal Firewall Service service to connect.
5/20/2014 6:48:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Home Network service to connect.
5/20/2014 6:48:42 PM, Error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/20/2014 6:48:42 PM, Error: Service Control Manager [7000] - The McAfee Home Network service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/20/2014 6:43:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service mcpltsvc with arguments "" in order to run the server: {20966775-18A4-4299-B8E3-772C336B52A7}
5/20/2014 6:42:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service mcpltsvc with arguments "" in order to run the server: {26608B46-476A-4BF1-9CC6-AFEA28EBBC17}
5/20/2014 6:25:29 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
5/20/2014 6:01:48 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
5/20/2014 2:01:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SDHookDriver
.
==== End Of File ===========================

ken545 · May 25, 2014

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

brchapman · May 26, 2014

ADW scan log file

Here's the ADW log:

# AdwCleaner v3.211 - Report created 26/05/2014 at 10:24:53
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Barry Chapman - BARRYSNEW
# Running from : C:\Users\Barry Chapman\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

The virus is still there because it is still changing the proxy settings in the background...

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Program Files (x86)\MSR
Folder Deleted : C:\Users\Barry Chapman\AppData\Roaming\GetPrivate
File Deleted : C:\Windows\System32\Tasks\GPUpdate

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v29.0 (en-US)

[ File : C:\Users\Barry Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\76t9nm76.default\prefs.js ]

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

*************************

AdwCleaner[R0].txt - [1137 octets] - [26/05/2014 10:19:25]
AdwCleaner[R1].txt - [1198 octets] - [26/05/2014 10:20:43]
AdwCleaner[S0].txt - [1281 octets] - [26/05/2014 10:24:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1341 octets] ##########

brchapman · May 26, 2014

Virus still there

The virus is still there because it keeps changing the proxy settings in the background...

ken545 · May 26, 2014

Where not done yet !!! I am glad that nothing was removed with AdwCleaner that you needed because in my instructions I just wanted to see a report first. Most times cleaning up malware takes more than just a click of the mouse, it usually takes running more than one program

Run Malwarebytes first and you can quarantine anything it finds

Please download Malwarebytes Anti-Malware to your desktop.

Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
Once installed, Malwarebytes will ask if you want to Launch Now. Please select to do so and then Malwarebytes will open and update on its own. Please allow this to complete.
If an update is found, it will download and install the latest version.
Let's be sure to run a Hyper Scan. Press the Scan tab and then select Hyper Scan.
Press Scan Now then Skip Update (since we just updated it)

When the scan is complete, click View Detailed Log, then Export to save the log to your Desktop (name the log MBAM Scan).
Copy and Paste all of the information in that file to your next reply.

Then

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

brchapman · May 27, 2014

Malwarebytes won't load

I tried to downloand and install Malwarebytes, but I get errors when it tries to install: Internal Error: Expresson Error 'Runtime Error (at 79:177); External exception E06D7363.' I also tried to install Malwarebytes Chameleon, but it wouldn't load either.

ken545 · May 27, 2014

OK, bypass Malwarebytes for now and download and run OTL and post the logs please

brchapman · May 27, 2014

OTL file Part 1

File to large, uploading in three parts:

OTL logfile created on: 5/27/2014 9:56:00 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barry Chapman\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.92 Gb Total Physical Memory | 9.16 Gb Available Physical Memory | 76.88% Memory free
23.84 Gb Paging File | 20.92 Gb Available in Paging File | 87.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.06 Gb Total Space | 373.55 Gb Free Space | 84.69% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 445.11 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive Y: | 24.67 Gb Total Space | 14.20 Gb Free Space | 57.59% Space Free | Partition Type: NTFS

Computer Name: BARRYSNEW | User Name: Barry Chapman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Barry Chapman\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Backblaze\bzbui.exe ()
PRC - C:\Program Files (x86)\Backblaze\bzserv.exe ()
PRC - C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe ()
PRC - C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks SAS)
PRC - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe (Pervasive Software Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Backblaze\bzbui.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\d7a1bbd56dc15a29c2450b177f9468d7\System.Net.Http.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\0bedc417d3c5dcb1c9a5f15dd733c556\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll ()
MOD - C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (McAPExe) -- C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (mfecore) -- C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcpltsvc) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv2) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (HomeNetSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (Intel(R) -- c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (Intel(R) -- c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (McAWFwk) -- c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe (McAfee, Inc.)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (bzserv) -- C:\Program Files (x86)\Backblaze\bzserv.exe ()
SRV - (SystemUpdatekb70007) -- C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SftService) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks SAS)
SRV - (DellDigitalDelivery) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Windows (R) Win 7 DDK provider)
SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (mfencrk) -- C:\Windows\SysNative\drivers\mfencrk.sys (McAfee, Inc.)
DRV:64bit: - (mfencbdc) -- C:\Windows\SysNative\drivers\mfencbdc.sys (McAfee, Inc.)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (usbscan) -- C:\Windows\SysWOW64\drivers\usbscan.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D81273E4-7658-47B6-8075-3D404C64D87C}
IE:64bit: - HKLM\..\SearchScopes\{D81273E4-7658-47B6-8075-3D404C64D87C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D81273E4-7658-47B6-8075-3D404C64D87C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - prefs.js..network.proxy.type: 1user_pref("network.proxy.http", "127.0.0.1");user_pref("network.proxy.http_port", 8118);user_pref("network.proxy.ssl", "127.0.0.1");user_pref("network.proxy.ssl_port", 8118);
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2014/05/25 10:10:50 | 000,000,000 | ---D | M]

[2014/05/03 16:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barry Chapman\AppData\Roaming\Mozilla\Extensions
[2014/05/03 16:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barry Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\76t9nm76.default\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google

mniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google

ageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_1\
CHR - Extension: Google Drive = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google Wallet = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/05/15 14:38:25 | 000,450,709 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15469 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-670280924-550259233-2201882432-1000..\Run: [Backblaze] C:\Program Files (x86)\Backblaze\bzbui.exe ()
O4 - HKU\S-1-5-21-670280924-550259233-2201882432-1000..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 205.152.144.23 205.152.132.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52E3D270-9F67-475E-B16A-1D6443366E50}: DhcpNameServer = 8.8.8.8 8.8.4.4 205.152.144.23 205.152.132.23
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/15 20:52:18 | 000,000,080 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

brchapman · May 27, 2014

OTL part 2

========== Files/Folders - Created Within 30 Days ==========

[2014/05/27 09:18:51 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2014/05/27 08:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/05/27 08:54:00 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/05/26 10:19:40 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/25 10:38:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/05/25 10:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/05/25 10:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/05/23 08:25:39 | 000,000,000 | ---D | C] -- C:\New folder
[2014/05/23 07:48:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/05/23 07:41:53 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\QuickScan
[2014/05/22 16:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/22 15:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2014/05/22 15:35:36 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/22 15:35:22 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/22 15:35:22 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/22 15:35:22 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/22 15:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/05/22 10:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot
[2014/05/21 11:27:06 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\TuneUp Software
[2014/05/21 11:16:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/05/21 11:16:29 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\MFAData
[2014/05/21 11:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/05/20 14:53:08 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Norman Malware Cleaner
[2014/05/20 12:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/05/19 16:42:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/19 10:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014/05/19 10:20:13 | 000,000,000 | ---D | C] -- C:\Adobe XI Pro
[2014/05/19 08:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/05/19 07:54:08 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\ProcAlyzer Dumps
[2014/05/16 10:51:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\CrashDumps
[2014/05/16 09:39:50 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\SUPERAntiSpyware.com
[2014/05/16 09:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/05/16 08:33:26 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/05/16 08:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2014/05/16 08:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/05/15 11:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/05/15 11:40:14 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/05/15 11:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/05/15 11:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/05/15 03:25:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Virtual Machines
[2014/05/15 03:06:09 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/15 03:06:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/14 16:16:31 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\PDF24
[2014/05/14 15:56:37 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft
[2014/05/14 15:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSR
[2014/05/14 15:56:04 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\IdleCrawler
[2014/05/14 15:54:30 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\wi_upd
[2014/05/14 15:48:24 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\BitTorrent
[2014/05/14 11:56:55 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\Outlook Files
[2014/05/14 10:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2014/05/14 10:25:54 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2014/05/14 10:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/05/14 10:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2014/05/14 10:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/05/14 10:20:23 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014/05/14 08:30:28 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Secunia PSI
[2014/05/14 08:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2014/05/14 05:44:33 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/14 05:44:33 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/14 05:44:11 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/14 05:44:11 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/14 05:44:10 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/14 05:44:10 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/14 05:44:10 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/14 05:44:10 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/14 05:44:10 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/14 05:44:10 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/14 05:44:09 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/14 05:44:09 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/14 05:44:09 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/14 05:44:09 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/14 05:44:09 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/14 05:44:09 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/14 05:44:09 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/14 05:44:09 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/14 05:44:09 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/14 05:44:09 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/14 05:44:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/14 05:44:09 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/14 05:44:09 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/14 05:44:08 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/14 05:44:08 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/13 12:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backblaze
[2014/05/13 12:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Backblaze
[2014/05/13 12:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Backblaze
[2014/05/13 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\VMware
[2014/05/13 11:18:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/05/13 11:00:12 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\VMware
[2014/05/12 20:43:13 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\.asdm
[2014/05/12 20:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2014/05/12 13:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\My Lockbox
[2014/05/12 07:16:46 | 000,000,000 | -H-D | C] -- C:\.bzvol
[2014/05/09 11:38:06 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\CCWin
[2014/05/09 07:41:14 | 000,063,568 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2014/05/09 07:40:35 | 000,354,896 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2014/05/09 07:40:33 | 000,434,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2014/05/09 07:40:32 | 000,030,800 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2014/05/09 07:40:26 | 000,943,184 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2014/05/09 07:39:45 | 000,033,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2014/05/09 07:39:43 | 000,039,024 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2014/05/09 07:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2014/05/09 07:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2014/05/09 07:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2014/05/09 07:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2014/05/09 07:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2014/05/07 09:42:51 | 000,231,552 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXDFLT.DLL
[2014/05/07 09:42:51 | 000,102,672 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXTIFFN.DLL
[2014/05/07 09:42:51 | 000,049,424 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXTHK32.DLL
[2014/05/07 09:42:51 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXSLN.DLL
[2014/05/07 09:42:51 | 000,023,152 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXPERM.DLL
[2014/05/07 09:42:51 | 000,016,048 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXLOC.DLL
[2014/05/07 09:42:51 | 000,011,968 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\SysWow64\PIXMDLLC.CPL
[2014/05/07 09:42:51 | 000,006,416 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXTHK16.DLL
[2014/05/07 09:42:50 | 000,209,168 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXNOTEN.DLL
[2014/05/07 09:42:50 | 000,074,000 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXNAMEN.DLL
[2014/05/07 09:42:50 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXRAMN.DLL
[2014/05/07 09:42:50 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXPANN.DLL
[2014/05/07 09:42:50 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXMPN.DLL
[2014/05/07 09:42:50 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXMDLGN.DLL
[2014/05/07 09:42:49 | 000,753,936 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXANNOT.DLL
[2014/05/07 09:42:49 | 000,463,120 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXJP2K.DLL
[2014/05/07 09:42:49 | 000,327,680 | ---- | C] (The University of New South Wales) -- C:\Windows\SysWow64\PIXJP2KI.DLL
[2014/05/07 09:42:49 | 000,119,056 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXJBGN.DLL
[2014/05/07 09:42:49 | 000,094,480 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXAPS.DLL
[2014/05/07 09:42:49 | 000,069,904 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXDLGN.DLL
[2014/05/07 09:42:49 | 000,057,616 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXLZWN.DLL
[2014/05/07 09:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon Electronics
[2014/05/07 09:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CapturePerfect 3.1
[2014/05/06 16:16:12 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\ElevatedDiagnostics
[2014/05/06 15:56:54 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\My Documents from old
[2014/05/06 13:18:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/05/06 13:12:58 | 000,152,576 | ---- | C] (Canon Electronics) -- C:\Windows\SysNative\DR25SVC.dll
[2014/05/06 13:12:46 | 000,491,792 | ---- | C] (Captiva Software Corp.) -- C:\Windows\SysWow64\qd1.dll
[2014/05/06 10:10:41 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Oracle
[2014/05/06 10:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/05/06 10:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/05/06 10:05:04 | 000,313,256 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/05/06 10:04:56 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/05/06 10:04:56 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/05/06 10:04:56 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/05/06 10:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/05/06 10:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/05/06 09:31:13 | 000,233,744 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXMDLN.DLL
[2014/05/06 09:09:30 | 000,200,704 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\twpix32.dll
[2014/05/06 09:09:30 | 000,098,304 | ---- | C] (Cornerstone Imaging, Inc.) -- C:\Windows\SysWow64\Wiaext32.dll
[2014/05/06 09:09:30 | 000,023,152 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\System\Pixperm.dll
[2014/05/06 09:09:30 | 000,021,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\Ctl3d.dll
[2014/05/06 09:09:30 | 000,016,064 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\System\Pixloc.dll
[2014/05/06 09:09:29 | 000,231,552 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\System\Pixdflt.dll
[2014/05/06 09:06:37 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\ISIS Drivers
[2014/05/06 09:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ISIS Drivers
[2014/05/06 09:05:28 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Desktop\CapturePerfect 3.0
[2014/05/06 08:51:55 | 000,000,000 | ---D | C] -- C:\DR Scanner
[2014/05/06 08:43:03 | 000,000,000 | ---D | C] -- C:\DR2580C
[2014/05/06 08:37:30 | 000,096,768 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysNative\DR25CPL.dll
[2014/05/06 08:37:30 | 000,083,456 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysNative\CeiUSB64.dll
[2014/05/06 07:52:59 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/06 07:29:31 | 000,000,000 | ---D | C] -- C:\CapturePerfect Upgrade
[2014/05/06 03:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2014/05/05 17:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon DR-2580C
[2014/05/05 16:56:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\AdobeUM
[2014/05/05 16:53:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2014/05/05 16:53:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2014/05/05 16:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/05/05 16:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/05/05 16:24:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/05/05 16:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2014/05/05 16:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2014/05/05 15:50:08 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver
[2014/05/05 14:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landtech XML
[2014/05/05 14:52:53 | 000,204,800 | ---- | C] (Landtech Data Corporation) -- C:\Windows\SysWow64\ltwpvsw.DLL
[2014/05/05 14:52:53 | 000,065,536 | ---- | C] (Landtech Data Corp.) -- C:\Windows\SysWow64\LTWNode.exe
[2014/05/05 14:52:53 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Landtech XML
[2014/05/05 14:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Pervasive Software
[2014/05/05 14:44:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pervasive Software
[2014/05/05 14:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pervasive
[2014/05/05 14:22:07 | 000,000,000 | ---D | C] -- C:\LTAPPS
[2014/05/05 14:18:46 | 000,000,000 | ---D | C] -- C:\Wages
[2014/05/05 14:07:17 | 000,169,600 | ---- | C] (Wintertree Software Inc.) -- C:\Windows\SysWow64\WSpell.ocx
[2014/05/05 12:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WP-64
[2014/05/05 12:22:16 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Help
[2014/05/05 12:22:16 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Help
[2014/05/05 11:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/05/05 10:49:21 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvbvm50.dll
[2014/05/05 10:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medlin Accounting
[2014/05/05 10:49:20 | 000,000,000 | ---D | C] -- C:\MWACCT
[2014/05/05 10:49:04 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Programs
[2014/05/05 10:40:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\QuickenWindow
[2014/05/05 10:36:26 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\IsolatedStorage
[2014/05/05 10:28:28 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\Quicken
[2014/05/05 10:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2014/05/05 10:24:39 | 004,169,728 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
[2014/05/05 10:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2014
[2014/05/05 10:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2014/05/05 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken
[2014/05/05 10:24:08 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Intuit
[2014/05/05 10:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2014/05/05 10:13:09 | 000,000,000 | ---D | C] -- C:\Quicken 2014
[2014/05/05 09:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2014/05/05 08:58:28 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\EmieUserList
[2014/05/05 08:58:28 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\EmieSiteList
[2014/05/05 03:10:48 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/05 03:10:48 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/05 03:10:46 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/05 03:10:43 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/05 03:10:43 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/05 03:10:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/05 03:10:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/05 03:10:42 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/05 03:10:42 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/05 03:10:42 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/05 03:10:42 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/05 03:10:42 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/05 03:10:42 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/05 03:10:41 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/05 03:10:41 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/05 03:10:41 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/05 03:10:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/05 03:10:41 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/05 03:10:41 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/05 03:10:39 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/05/05 03:10:39 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/05 03:10:39 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/05 03:10:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/05 03:10:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/05 03:10:38 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/05 03:10:38 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/05 03:10:37 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/05 03:10:36 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/05 03:10:35 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/04 03:37:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2014/05/04 03:37:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2014/05/04 03:17:29 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/05/04 03:06:18 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2014/05/04 03:06:18 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2014/05/04 03:06:18 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2014/05/04 03:06:18 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2014/05/03 16:58:30 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2014/05/03 16:58:30 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2014/05/03 16:58:24 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/05/03 16:58:24 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/05/03 16:58:23 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/05/03 16:58:23 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/05/03 16:58:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/05/03 16:58:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/05/03 16:55:43 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/05/03 16:55:43 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/05/03 16:55:42 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/05/03 16:55:42 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/05/03 16:55:42 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/05/03 16:55:42 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/05/03 16:55:42 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/05/03 16:55:42 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/05/03 16:55:42 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/05/03 16:55:42 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/05/03 16:55:42 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/05/03 16:55:42 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/05/03 16:55:42 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/05/03 16:55:42 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/05/03 16:55:42 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/05/03 16:55:42 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/05/03 16:55:42 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/05/03 16:55:35 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/05/03 16:55:35 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/05/03 16:55:09 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/05/03 16:55:09 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/05/03 16:53:46 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/05/03 16:53:44 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/05/03 16:53:44 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/05/03 16:53:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/05/03 16:53:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/05/03 16:53:38 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/05/03 16:53:38 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/05/03 16:53:37 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/05/03 16:53:37 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/05/03 16:53:37 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2014/05/03 16:53:37 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2014/05/03 16:53:36 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/05/03 16:53:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/05/03 16:53:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/05/03 16:53:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/05/03 16:53:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/05/03 16:53:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/05/03 16:53:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/05/03 16:53:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/05/03 16:53:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2014/05/03 16:53:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2014/05/03 16:53:30 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/05/03 16:46:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014/05/03 16:40:07 | 000,000,000 | ---D | C] -- C:\Office 2000
[2014/05/03 16:34:04 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Microsoft Help
[2014/05/03 16:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2014/05/03 16:26:05 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\WinRAR
[2014/05/03 16:23:38 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Macromedia
[2014/05/03 16:21:15 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Mozilla
[2014/05/03 16:21:15 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Mozilla
[2014/05/03 16:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/05/03 16:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/05/03 16:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/03 16:10:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/05/03 16:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/05/03 16:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2014/05/03 15:48:38 | 001,098,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wab32res.dll
[2014/05/03 15:48:38 | 000,886,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wab32.dll
[2014/05/03 15:40:56 | 000,000,000 | ---D | C] -- C:\Windows\Msagent
[2014/05/03 15:40:38 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft Web Folders
[2014/05/03 15:33:02 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftsrch.dll
[2014/05/03 15:33:02 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftsrch.dll
[2014/05/03 15:33:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx041e.dll
[2014/05/03 15:33:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx041e.dll
[2014/05/03 15:33:02 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx0411.dll
[2014/05/03 15:33:02 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx0411.dll
[2014/05/03 14:40:10 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Adobe
[2014/05/03 14:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\wp51
[2014/05/03 14:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FAX User Software
[2014/05/03 14:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kyocera
[2014/05/03 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Canon Electronics
[2014/05/03 13:38:36 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\Corel User Files
[2014/05/03 13:38:11 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Corel
[2014/05/03 13:31:52 | 000,021,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CTL3D.DLL
[2014/05/03 13:31:15 | 000,067,888 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysWow64\SuStiUtl.dll
[2014/05/03 13:30:43 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Desktop\Canon DR-2580C
[2014/05/03 13:30:41 | 000,106,496 | ---- | C] (Canon Electronics) -- C:\Windows\SysWow64\DR25SVC.dll
[2014/05/03 13:30:41 | 000,094,208 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysWow64\DR25CPL.dll
[2014/05/03 13:30:41 | 000,036,864 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysWow64\CeiUSB2.dll
[2014/05/03 13:30:41 | 000,014,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\usbscan.sys
[2014/05/03 13:30:38 | 000,180,224 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN1120.DLL
[2014/05/03 13:30:38 | 000,176,128 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN1520.DLL
[2014/05/03 13:30:38 | 000,114,688 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN1320.DLL
[2014/05/03 13:30:38 | 000,051,712 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN20.DLL
[2014/05/03 13:30:37 | 000,602,384 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\SysWow64\pixipdll.dll
[2014/05/03 13:30:37 | 000,155,648 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN1020.DLL
[2014/05/03 13:30:36 | 000,401,484 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msvcrtd.dll
[2014/05/03 13:30:36 | 000,221,456 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXDFLTN.DLL
[2014/05/03 13:30:36 | 000,074,000 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXLOCN.DLL
[2014/05/03 13:30:36 | 000,053,520 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXPERMN.DLL
[2014/05/03 13:30:36 | 000,000,000 | ---D | C] -- C:\Windows\PIXTRAN
[2014/05/03 13:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon Electronics
[2014/05/03 13:30:31 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2014/05/03 13:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office 12
[2014/05/03 13:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Borland Shared
[2014/05/03 13:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WordPerfect Office 12
[2014/05/03 13:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2014/05/03 12:01:21 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\PCDr
[2014/05/02 20:32:20 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/05/02 20:32:20 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/05/02 20:32:20 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/05/02 20:32:12 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/05/02 20:32:12 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/05/02 20:32:12 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/05/02 20:32:05 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/05/02 20:32:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/05/02 19:50:51 | 000,197,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2014/05/02 16:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/05/02 16:12:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/05/02 16:12:46 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Google
[2014/05/02 16:10:13 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Diagnostics
[2014/05/02 15:58:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Apps
[2014/05/02 15:58:32 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Deployment
[2014/05/02 15:45:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Opera Software
[2014/05/02 15:45:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Opera Software
[2014/05/02 15:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2014/05/02 15:42:10 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Macromedia
[2014/05/02 15:26:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Intel Corporation
[2014/05/02 15:25:54 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Dell
[2014/05/02 15:25:50 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\BMExplorer
[2014/05/02 15:25:49 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\Bluetooth Folder
[2014/05/02 15:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2014/05/02 15:25:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Leadertech
[2014/05/02 15:25:31 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Atheros
[2014/05/02 15:25:20 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Adobe
[2014/05/02 15:25:19 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/05/02 15:25:19 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Searches
[2014/05/02 15:25:19 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/05/02 15:25:19 | 000,000,000 | -H-D | C] -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/05/02 15:25:10 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Identities
[2014/05/02 15:25:08 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Contacts
[2014/05/02 15:25:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\VirtualStore
[2014/05/02 15:23:34 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\softthinks
[2014/05/02 15:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\softthinks
[2014/05/02 15:17:44 | 000,000,000 | --SD | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Videos
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Saved Games
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Pictures
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Music
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Links
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Favorites
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Downloads
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Documents
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Desktop
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\Temporary Internet Files
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Templates
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Start Menu
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\SendTo
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Recent
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\PrintHood
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\NetHood
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Documents\My Videos
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Documents\My Pictures
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Documents\My Music
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\My Documents
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Local Settings
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\History
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Cookies
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Application Data
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\Application Data
[2014/05/02 15:17:44 | 000,000,000 | -H-D | C] -- C:\Users\Barry Chapman\AppData
[2014/05/02 15:17:44 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Temp
[2014/05/02 15:17:44 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Microsoft
[2014/05/02 15:17:44 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2014/05/27 09:57:26 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/27 09:57:26 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/27 09:55:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/27 09:18:20 | 000,791,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/27 09:18:20 | 000,670,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/27 09:18:20 | 000,125,196 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/27 09:13:14 | 001,440,846 | ---- | M] () -- C:\Program Files (x86)\mbam-chameleon-1.62.1.1000.zip
[2014/05/27 09:07:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/27 08:53:24 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/27 08:53:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/27 08:53:05 | 1008,427,006 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/25 11:49:58 | 000,004,447 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\attach.zip
[2014/05/25 11:38:01 | 000,000,512 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\MBR.dat
[2014/05/25 10:52:48 | 000,004,315 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\attach.rar
[2014/05/25 10:37:03 | 000,001,159 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/05/25 10:36:53 | 000,000,960 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\ERUNT.lnk
[2014/05/23 09:52:06 | 000,201,978 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 PRELIMINARY HUD.pdf
[2014/05/23 07:52:39 | 000,033,334 | ---- | M] () -- C:\ProgramData\1400845954.bdinstall.bin
[2014/05/23 07:52:28 | 000,000,189 | ---- | M] () -- C:\ProgramData\1400845920.2208.bin
[2014/05/23 07:52:24 | 000,002,061 | ---- | M] () -- C:\ProgramData\1400845920.2284.bin
[2014/05/23 07:52:14 | 000,039,641 | ---- | M] () -- C:\ProgramData\1400845920.2200.bin
[2014/05/23 07:48:44 | 624,028,561 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/05/23 07:44:29 | 000,000,965 | ---- | M] () -- C:\ProgramData\1400845426.13472.bin
[2014/05/23 07:44:27 | 000,043,785 | ---- | M] () -- C:\ProgramData\1400845426.14224.bin
[2014/05/23 07:44:03 | 000,002,062 | ---- | M] () -- C:\ProgramData\1400845426.13672.bin
[2014/05/23 07:42:32 | 000,044,557 | ---- | M] () -- C:\ProgramData\1400845313.bdinstall.bin
[2014/05/22 15:48:56 | 000,042,188 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141050 revised contract.pdf
[2014/05/22 15:35:06 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/22 15:35:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/22 15:35:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/22 15:35:06 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/22 15:20:40 | 000,103,981 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141050 signed contract.pdf
[2014/05/22 13:23:30 | 000,051,706 | ---- | M] () -- C:\Windows\SysWow64\bddel.dat
[2014/05/22 13:12:59 | 000,202,050 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141042 REVISED HUD.pdf
[2014/05/22 10:49:21 | 000,001,434 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/05/21 16:21:32 | 000,037,861 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Roaming\Comma Separated Values (Windows).ADR
[2014/05/21 15:00:00 | 000,017,064 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Martinez legal description.pdf
[2014/05/21 09:17:50 | 000,002,334 | ---- | M] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/21 09:17:50 | 000,002,310 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/20 11:11:14 | 000,024,389 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141042 preliminary HUD.pdf
[2014/05/20 09:17:06 | 000,166,076 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141049 HICKMAN ucc1.pdf
[2014/05/19 14:46:28 | 000,126,434 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141049 REVISED HUD.pdf
[2014/05/19 14:25:33 | 000,148,676 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141049 HUD & LEGAL DESCR.pdf
[2014/05/19 14:11:04 | 000,129,944 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141051 HUD.pdf
[2014/05/19 09:55:20 | 000,009,944 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Clayton Homes Invoice-Turbide.pdf
[2014/05/16 11:13:50 | 000,111,023 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Bunche Stree contract.pdf
[2014/05/15 14:38:25 | 000,450,709 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/05/15 12:49:03 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140515-143825.backup
[2014/05/15 11:40:19 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/05/15 11:40:19 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/05/15 11:40:19 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/05/15 11:36:53 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2014/05/14 15:27:56 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2014/05/14 15:14:45 | 000,494,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/14 15:08:15 | 000,001,520 | ---- | M] () -- C:\Users\Public\Documents\AcStd7_1_0.ini
[2014/05/14 14:39:51 | 000,129,908 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Wiggins hud.pdf
[2014/05/14 11:41:08 | 000,001,186 | ---- | M] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/05/14 08:36:30 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/14 08:36:30 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/13 15:37:53 | 000,125,914 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141044 PREL HUD.pdf
[2014/05/13 12:25:15 | 000,144,192 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 tax cert and plat.pdf
[2014/05/13 11:38:10 | 034,209,792 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\CHAPMA11_20140505-2014-05-13.QDF-backup
[2014/05/13 11:13:54 | 000,007,605 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Local\resmon.resmoncfg
[2014/05/13 10:04:35 | 000,000,000 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Local\{89B78C50-3F1E-4624-B5B6-B21F413891C7}
[2014/05/13 09:04:13 | 000,025,833 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Performance Monitor screen grab.gif
[2014/05/12 16:37:27 | 000,255,875 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 commitment.pdf
[2014/05/12 16:26:00 | 000,010,295 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 commitment.wpd
[2014/05/12 16:21:54 | 000,002,380 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 DATA FILE.wpd
[2014/05/09 10:58:52 | 000,729,275 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141039 signed docs.pdf
[2014/05/09 10:41:30 | 000,015,330 | ---- | M] () -- C:\Users\Barry Chapman\Documents\WIRE INSTRUCTIONS REAL ESTATE TRUST ACCT.pdf
[2014/05/09 07:41:18 | 000,001,070 | ---- | M] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2014/05/09 07:39:33 | 000,807,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/09 07:39:32 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2014/05/09 02:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/09 02:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/07 15:51:16 | 000,088,239 | ---- | M] () -- C:\Users\Barry Chapman\Documents\martin aff doc.pdf
[2014/05/07 15:43:47 | 002,744,977 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Gary Martin closing package.pdf
[2014/05/07 11:24:18 | 000,027,554 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141041 revised note.pdf
[2014/05/07 09:44:56 | 000,532,504 | ---- | M] () -- C:\Users\Barry Chapman\Documents\revised note and sd to change dates.pdf
[2014/05/07 09:16:15 | 000,024,895 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Old Republic Synovus letter.pdf
[2014/05/06 16:39:15 | 000,534,254 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Tillman revised note & sd.pdf
[2014/05/06 13:22:33 | 000,000,125 | ---- | M] () -- C:\Windows\SetScan.ini
[2014/05/06 10:04:49 | 000,313,256 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/05/06 10:04:49 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/05/06 10:04:49 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/05/06 10:04:49 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/05/06 09:06:37 | 000,005,432 | ---- | M] () -- C:\Windows\pixcache.ini
[2014/05/05 23:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/05 22:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/05 16:54:47 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Standard.lnk
[2014/05/05 16:15:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2014/05/05 16:12:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2014/05/05 15:02:39 | 000,013,839 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141000.pdf
[2014/05/05 14:53:30 | 000,001,534 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\Landtech XML.lnk
[2014/05/05 14:52:53 | 000,204,800 | ---- | M] (Landtech Data Corporation) -- C:\Windows\SysWow64\ltwpvsw.DLL
[2014/05/05 14:52:53 | 000,065,536 | ---- | M] (Landtech Data Corp.) -- C:\Windows\SysWow64\LTWNode.exe
[2014/05/05 14:44:31 | 000,000,519 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2014/05/05 14:44:25 | 000,002,781 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
[2014/05/05 11:17:49 | 000,000,580 | ---- | M] () -- C:\Users\Public\Desktop\Medlin Accounting.lnk
[2014/05/05 10:24:34 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Deluxe 2014.lnk
[2014/05/05 10:24:31 | 000,000,126 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2014/05/03 16:21:08 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/03 16:10:33 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2014/05/03 15:41:59 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/05/03 13:38:12 | 000,061,678 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Roaming\PFP120JPR.{PB
[2014/05/03 13:38:12 | 000,012,358 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Roaming\PFP120JCM.{PB
[2014/05/03 13:17:14 | 000,002,607 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\WordPerfect.lnk
[2014/05/02 15:31:58 | 000,001,409 | ---- | M] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/02 15:15:22 | 000,041,450 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/05/02 15:15:22 | 000,041,450 | ---- | M] () -- C:\Windows\SysNative\license.rtf

brchapman · May 27, 2014

OTL part 3

========== Files Created - No Company Name ==========

[2014/05/27 09:25:05 | 001,440,846 | ---- | C] () -- C:\Program Files (x86)\mbam-chameleon-1.62.1.1000.zip
[2014/05/25 11:49:58 | 000,004,447 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\attach.zip
[2014/05/25 11:38:01 | 000,000,512 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\MBR.dat
[2014/05/25 10:52:48 | 000,004,315 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\attach.rar
[2014/05/25 10:37:03 | 000,001,159 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/05/25 10:36:53 | 000,000,960 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\ERUNT.lnk
[2014/05/23 09:46:30 | 000,201,978 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 PRELIMINARY HUD.pdf
[2014/05/23 07:52:39 | 000,033,334 | ---- | C] () -- C:\ProgramData\1400845954.bdinstall.bin
[2014/05/23 07:52:03 | 000,000,189 | ---- | C] () -- C:\ProgramData\1400845920.2208.bin
[2014/05/23 07:52:02 | 000,002,061 | ---- | C] () -- C:\ProgramData\1400845920.2284.bin
[2014/05/23 07:52:00 | 000,039,641 | ---- | C] () -- C:\ProgramData\1400845920.2200.bin
[2014/05/23 07:48:44 | 624,028,561 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/05/23 07:43:56 | 000,000,965 | ---- | C] () -- C:\ProgramData\1400845426.13472.bin
[2014/05/23 07:43:55 | 000,002,062 | ---- | C] () -- C:\ProgramData\1400845426.13672.bin
[2014/05/23 07:43:46 | 000,043,785 | ---- | C] () -- C:\ProgramData\1400845426.14224.bin
[2014/05/23 07:42:32 | 000,044,557 | ---- | C] () -- C:\ProgramData\1400845313.bdinstall.bin
[2014/05/22 15:48:57 | 000,042,188 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141050 revised contract.pdf
[2014/05/22 15:20:41 | 000,103,981 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141050 signed contract.pdf
[2014/05/22 13:22:39 | 000,051,706 | ---- | C] () -- C:\Windows\SysWow64\bddel.dat
[2014/05/22 13:12:59 | 000,202,050 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141042 REVISED HUD.pdf
[2014/05/21 15:00:00 | 000,017,064 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Martinez legal description.pdf
[2014/05/20 11:11:14 | 000,024,389 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141042 preliminary HUD.pdf
[2014/05/20 09:17:02 | 000,166,076 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141049 HICKMAN ucc1.pdf
[2014/05/19 14:46:28 | 000,126,434 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141049 REVISED HUD.pdf
[2014/05/19 14:25:34 | 000,148,676 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141049 HUD & LEGAL DESCR.pdf
[2014/05/19 14:11:05 | 000,129,944 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141051 HUD.pdf
[2014/05/19 09:55:21 | 000,009,944 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Clayton Homes Invoice-Turbide.pdf
[2014/05/16 11:15:34 | 000,111,023 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Bunche Stree contract.pdf
[2014/05/15 11:40:19 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/05/15 11:40:19 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/05/15 11:40:19 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/05/15 11:40:16 | 000,001,446 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/05/15 11:40:16 | 000,001,434 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/05/15 11:36:51 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/05/14 14:43:14 | 000,129,908 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Wiggins hud.pdf
[2014/05/14 14:40:55 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2014/05/14 14:34:35 | 000,001,520 | ---- | C] () -- C:\Users\Public\Documents\AcStd7_1_0.ini
[2014/05/14 11:41:08 | 000,001,186 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/05/13 15:37:54 | 000,125,914 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141044 PREL HUD.pdf
[2014/05/13 12:25:15 | 000,144,192 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 tax cert and plat.pdf
[2014/05/13 11:38:10 | 034,209,792 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\CHAPMA11_20140505-2014-05-13.QDF-backup
[2014/05/13 10:04:35 | 000,000,000 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Local\{89B78C50-3F1E-4624-B5B6-B21F413891C7}
[2014/05/13 09:04:13 | 000,025,833 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Performance Monitor screen grab.gif
[2014/05/13 08:53:10 | 000,007,605 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Local\resmon.resmoncfg
[2014/05/12 16:39:10 | 000,255,875 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 commitment.pdf
[2014/05/12 16:26:00 | 000,010,295 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 commitment.wpd
[2014/05/12 16:21:54 | 000,002,380 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 DATA FILE.wpd
[2014/05/09 10:58:52 | 000,729,275 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141039 signed docs.pdf
[2014/05/09 10:41:30 | 000,015,330 | ---- | C] () -- C:\Users\Barry Chapman\Documents\WIRE INSTRUCTIONS REAL ESTATE TRUST ACCT.pdf
[2014/05/09 07:41:18 | 000,001,070 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2014/05/09 07:39:32 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2014/05/07 15:51:16 | 000,088,239 | ---- | C] () -- C:\Users\Barry Chapman\Documents\martin aff doc.pdf
[2014/05/07 15:43:46 | 002,744,977 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Gary Martin closing package.pdf
[2014/05/07 11:24:13 | 000,027,554 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141041 revised note.pdf
[2014/05/07 09:47:05 | 000,532,504 | ---- | C] () -- C:\Users\Barry Chapman\Documents\revised note and sd to change dates.pdf
[2014/05/07 09:16:15 | 000,024,895 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Old Republic Synovus letter.pdf
[2014/05/06 16:39:15 | 000,534,254 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Tillman revised note & sd.pdf
[2014/05/06 09:09:30 | 000,063,248 | ---- | C] () -- C:\Windows\SysWow64\picn1120.ssm
[2014/05/05 17:43:05 | 000,005,432 | ---- | C] () -- C:\Windows\pixcache.ini
[2014/05/05 16:54:47 | 000,002,501 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 Standard.lnk
[2014/05/05 16:54:47 | 000,002,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk
[2014/05/05 16:54:47 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Standard.lnk
[2014/05/05 16:15:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2014/05/05 16:12:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2014/05/05 14:53:30 | 000,001,534 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\Landtech XML.lnk
[2014/05/05 14:44:31 | 000,000,519 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2014/05/05 14:44:25 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
[2014/05/05 14:35:58 | 000,013,839 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141000.pdf
[2014/05/05 11:45:19 | 000,037,861 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\Comma Separated Values (Windows).ADR
[2014/05/05 10:49:21 | 000,000,580 | ---- | C] () -- C:\Users\Public\Desktop\Medlin Accounting.lnk
[2014/05/05 10:24:34 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2014.lnk
[2014/05/05 10:24:06 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2014/05/04 03:06:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/05/03 16:21:08 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/05/03 16:21:08 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/03 16:10:33 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2014/05/03 15:41:59 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/05/03 13:38:12 | 000,061,678 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\PFP120JPR.{PB
[2014/05/03 13:38:12 | 000,012,358 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\PFP120JCM.{PB
[2014/05/03 13:30:41 | 000,000,125 | ---- | C] () -- C:\Windows\SetScan.ini
[2014/05/03 13:17:14 | 000,002,607 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\WordPerfect.lnk
[2014/05/02 16:23:30 | 000,002,334 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/02 16:23:30 | 000,002,310 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/02 16:12:54 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/02 16:12:54 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/02 15:31:58 | 000,001,409 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/02 15:25:20 | 000,001,415 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/05/02 15:18:02 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2014/05/02 15:17:44 | 000,000,290 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/05/02 15:17:44 | 000,000,272 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/03/22 04:08:50 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2014/03/22 04:08:50 | 000,241,152 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/03/22 04:08:50 | 000,109,056 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2014/03/21 13:42:49 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/05/11 05:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2014/05/20 18:36:38 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/05/14 15:48:40 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\BitTorrent
[2014/05/03 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\Canon Electronics
[2014/05/16 08:33:26 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/05/20 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\ISIS Drivers
[2014/05/02 15:25:33 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\Leadertech
[2014/05/20 17:26:37 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\Opera Software
[2014/05/06 10:10:41 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\Oracle
[2014/05/04 18:11:07 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\PCDr
[2014/05/23 07:41:53 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\QuickScan
[2014/05/21 11:27:06 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\TuneUp Software
[2014/05/20 17:52:15 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\wi_upd

========== Purity Check ==========

< End of report >

brchapman · May 27, 2014

OTL Extras

Here's the Extras file:

OTL Extras logfile created on: 5/27/2014 9:56:00 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barry Chapman\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.92 Gb Total Physical Memory | 9.16 Gb Available Physical Memory | 76.88% Memory free
23.84 Gb Paging File | 20.92 Gb Available in Paging File | 87.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.06 Gb Total Space | 373.55 Gb Free Space | 84.69% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 445.11 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive Y: | 24.67 Gb Total Space | 14.20 Gb Free Space | 57.59% Space Free | Partition Type: NTFS

Computer Name: BARRYSNEW | User Name: Barry Chapman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-670280924-550259233-2201882432-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C52ADA-F7F9-4C6E-8A8C-B7D757FDE1C8}" = rport=139 | protocol=6 | dir=out | app=system |
"{1436ECE1-A3DD-418E-A644-45CC18276134}" = lport=138 | protocol=17 | dir=in | app=system |
"{17C1B1B9-D25B-4D53-A228-8C866A1D1950}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{1F103D52-7A68-4AFC-A054-736024F3DE01}" = rport=445 | protocol=6 | dir=out | app=system |
"{274EC9CA-17D5-4510-995F-88E1F8308B2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28835DB4-A842-4552-BB1B-C20952B4997C}" = rport=137 | protocol=17 | dir=out | app=system |
"{31ECFF31-BB3D-4F4F-8E2C-8C73729D595D}" = lport=445 | protocol=6 | dir=in | app=system |
"{35F63BE7-3F92-493F-BE2A-B20186805D7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{482EC901-06F0-42F9-8D75-4DB660E27BB8}" = lport=139 | protocol=6 | dir=in | app=system |
"{4BAEB164-45F5-470F-914D-AA854775D325}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{643526CF-0C7D-4415-B8A5-7C542C669EEC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7124136F-21DF-4A45-9B09-0A05B0BD3CD8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{739D16E0-F677-4D00-B6DA-3535CDC53409}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7B6370D6-66BA-48DB-A8C2-3088EDC10B85}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9A683F8C-9887-4778-85D1-B9B8883A0AAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A21435E0-E6D3-48EC-AF04-7C8070EA7EF9}" = rport=138 | protocol=17 | dir=out | app=system |
"{B4CB2CA9-7C40-4CC9-8253-D90D97C8C887}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C48234D7-891A-4D9D-B2E9-4F4DD768DB24}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEB04216-C143-4A2A-A49C-E47BA48E7965}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DDF4B81F-A96B-44E1-BA69-1831B13B3F12}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DEFD6B7B-A25B-40CA-9572-FE88207F3F07}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E989FE69-824C-42F4-9E6C-08FF10736834}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FC292D5D-EEFA-40B5-B321-6535751BAA51}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055617C7-03EE-484A-9A82-D0789938FDA3}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{0D3E3C34-4E49-489B-9837-50DAB01372E4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{0DEFBA21-4454-40F7-BC90-141CC1336E86}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{231B8FAF-4B97-4B50-B1FA-63EBA70C1099}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{2AAFEFB9-7709-40C9-80F9-7C6D63B0A534}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4581E7DF-A984-401A-B3A5-7C7327829A8C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{75E438DD-8712-4F85-877D-0A523FDCF490}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{88DAD500-42FF-4B70-A936-B13D30BE0046}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9753A171-9CAD-43E3-BB7D-0DFB0E8DFD9F}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{9B0FB172-671C-414A-A7B5-541E19590F2B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AC19239E-4510-4EE5-85DB-AE73D8C9B5EE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{AE27E0CE-50D8-43C5-8C57-8C93E6EEDF11}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B5B977D8-6974-4C23-860E-C3FC7BEB3005}" = protocol=6 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
"{B795DAD7-7A2E-4D16-8735-9B738EB44B1C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{D56B5BE7-7A4E-4BE0-A14D-C1CC827EEC1A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E460D64D-919E-4249-8D41-3C6852BFE71D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EDA06360-7C81-46FE-A770-6E9E7CDB145E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{F27AD313-9A3D-4ECF-B55F-19283A2D5D79}" = protocol=17 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
"{F6BC580B-F650-4281-AE30-186F8E6FEEBB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{B2E66777-48E3-4496-9EE4-9C7E14F334DA}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
"UDP Query User{F2DF2244-2D79-4418-9951-E2F3E894BF88}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8B7B39-179F-47F8-A7AC-63D9C433A567}" = Intel(R) Rapid Storage Technology
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{26A24AE4-039D-4CA4-87B4-2F86417055FF}" = Java 7 Update 55 (64-bit)
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A1F2E701-F148-4359-84CF-4CDA51FDF55F}" = VmciSockets
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F7A70D00-F283-45C8-B163-49EC365D7E27}" = DSC/AA Factory Installer
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"PC-Doctor for Windows" = My Dell

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A9F528-A754-460F-B2C1-AC125A147114}" = Dell Digital Delivery
"{0877F595-254F-45F4-991D-3F72E86B17CE}" = Quicken 2014
"{09AAA659-ACF9-47B3-B362-C216693C7A11}" = Canon DR-2580C Driver
"{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 SP3 Workgroup (32-bit)
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1BBE4C53-634B-44B3-8693-314ED6260557}" = Adobe Flash Player 13 ActiveX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{50600275-223D-455E-959E-DCA40A037B7B}" = CapturePerfect 3.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A79B3745-665C-11D6-AF01-0010B5A02D6F}" = Kyocera Address Book for Network FAX
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-1033-F400-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) MUI
"{ADEE751B-09AE-4DA7-9658-DCF90E8F9ED7}" = Adobe Flash Player 13 Plugin
"{AEB719FD-EDB0-43E9-B524-90F97C1E6499}" = System Update kb70007
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AF809A35-F15C-47EC-B21A-E1A62D4FC7DC}" = CapturePerfect 3.0 Help & Manual
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}" = Google+ Auto Backup
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"Adobe Acrobat 7.0 Standard - EFG - V" = Adobe Acrobat 7.1.4 Standard - English, Français, Deutsch
"Adobe Acrobat 7.0 Standard - EFG - V_714" = Adobe Acrobat 7.1.4 - CPSID_50030
"Adobe Acrobat 7.0 Standard - English, Français, Deutsch - V" = Adobe Acrobat 7.1.2 Standard - English, Français, Deutsch
"Backblaze" = Backblaze
"DR-2580C Driver" = Canon DR-2580C Driver
"DR-2580C Job Tool" = DR-2580C Job Tool
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Medlin Accounting Shareware_is1" = Medlin Accounting
"Medlin Payroll_is1" = Medlin Payroll
"Mozilla Firefox 29.0 (x86 en-US)" = Mozilla Firefox 29.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee LiveSafe – Internet Security
"Office14.STANDARD" = Microsoft Office Standard 2010
"Picasa 3" = Picasa 3
"VMware_Player" = VMware Player
"WinRAR archiver" = WinRAR 5.00 (32-bit)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/27/2014 7:46:46 AM | Computer Name = BarrysNew | Source = Chrome | ID = 1
Description =

Error - 5/27/2014 7:47:02 AM | Computer Name = BarrysNew | Source = Chrome | ID = 1
Description =

Error - 5/27/2014 7:47:18 AM | Computer Name = BarrysNew | Source = Chrome | ID = 1
Description =

Error - 5/27/2014 7:59:08 AM | Computer Name = BarrysNew | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.500, time stamp:
0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id:
0x5a4 Faulting application start time: 0x01cf79a3075d351d Faulting application path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 4e692b12-e596-11e3-b064-afc890ab93b6

Error - 5/27/2014 8:00:05 AM | Computer Name = BarrysNew | Source = WinMgmt | ID = 10
Description =

Error - 5/27/2014 8:00:34 AM | Computer Name = BarrysNew | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.500, time stamp:
0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id:
0x78c Faulting application start time: 0x01cf79a33aec636d Faulting application path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 81a76a98-e596-11e3-b064-afc890ab93b6

Error - 5/27/2014 8:53:40 AM | Computer Name = BarrysNew | Source = WinMgmt | ID = 10
Description =

Error - 5/27/2014 8:55:00 AM | Computer Name = BarrysNew | Source = MsiInstaller | ID = 11311
Description =

Error - 5/27/2014 9:05:45 AM | Computer Name = BarrysNew | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id:
0xaa0 Faulting application start time: 0x01cf79ac5d6a265d Faulting application path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 9c92df27-e59f-11e3-848b-142d271ccbca

Error - 5/27/2014 9:22:29 AM | Computer Name = BarrysNew | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id:
0x2a38 Faulting application start time: 0x01cf79aeb489ed46 Faulting application path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: f36c9b59-e5a1-11e3-848b-142d271ccbca

[ Media Center Events ]
Error - 5/25/2014 7:58:00 AM | Computer Name = BarrysNew | Source = MCUpdate | ID = 0
Description = 7:58:00 AM - Error connecting to the internet. 7:58:00 AM - Unable
to contact server..

Error - 5/25/2014 7:58:27 AM | Computer Name = BarrysNew | Source = MCUpdate | ID = 0
Description = 7:58:09 AM - Error connecting to the internet. 7:58:09 AM - Unable
to contact server..

[ System Events ]
Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 8:02:32 AM | Computer Name = BarrysNew | Source = DCOM | ID = 10005
Description =

Error - 5/27/2014 8:02:32 AM | Computer Name = BarrysNew | Source = DCOM | ID = 10005
Description =

< End of report >

ken545 · May 27, 2014

It looks like that proxy is going through China

Are you having problems with Windows Updates ?

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118
IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118
FF - prefs.js..network.proxy.type: 1user_pref("network.proxy.http", "127.0.0.1");user_pref("network.proxy.http_port", 8118);user_pref("network.proxy.ssl", "127.0.0.1");user_pref("network.proxy.ssl_port", 8118);
[2014/05/14 15:56:04 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\IdleCrawler
[2014/05/14 15:48:24 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\BitTorrent
[2014/05/15 12:49:03 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140515-143825.backup



:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA] 
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Then run a new scan with OTL and post the new log please

brchapman · May 27, 2014

Post boot log

Here's the post boot log. On the re-scan do you want to scan as before, i.e. all users, minimum output, etc.?

OTL Extras logfile created on: 5/27/2014 9:56:00 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barry Chapman\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.92 Gb Total Physical Memory | 9.16 Gb Available Physical Memory | 76.88% Memory free
23.84 Gb Paging File | 20.92 Gb Available in Paging File | 87.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.06 Gb Total Space | 373.55 Gb Free Space | 84.69% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 445.11 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive Y: | 24.67 Gb Total Space | 14.20 Gb Free Space | 57.59% Space Free | Partition Type: NTFS

Computer Name: BARRYSNEW | User Name: Barry Chapman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-670280924-550259233-2201882432-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C52ADA-F7F9-4C6E-8A8C-B7D757FDE1C8}" = rport=139 | protocol=6 | dir=out | app=system |
"{1436ECE1-A3DD-418E-A644-45CC18276134}" = lport=138 | protocol=17 | dir=in | app=system |
"{17C1B1B9-D25B-4D53-A228-8C866A1D1950}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{1F103D52-7A68-4AFC-A054-736024F3DE01}" = rport=445 | protocol=6 | dir=out | app=system |
"{274EC9CA-17D5-4510-995F-88E1F8308B2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28835DB4-A842-4552-BB1B-C20952B4997C}" = rport=137 | protocol=17 | dir=out | app=system |
"{31ECFF31-BB3D-4F4F-8E2C-8C73729D595D}" = lport=445 | protocol=6 | dir=in | app=system |
"{35F63BE7-3F92-493F-BE2A-B20186805D7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{482EC901-06F0-42F9-8D75-4DB660E27BB8}" = lport=139 | protocol=6 | dir=in | app=system |
"{4BAEB164-45F5-470F-914D-AA854775D325}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{643526CF-0C7D-4415-B8A5-7C542C669EEC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7124136F-21DF-4A45-9B09-0A05B0BD3CD8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{739D16E0-F677-4D00-B6DA-3535CDC53409}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7B6370D6-66BA-48DB-A8C2-3088EDC10B85}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9A683F8C-9887-4778-85D1-B9B8883A0AAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A21435E0-E6D3-48EC-AF04-7C8070EA7EF9}" = rport=138 | protocol=17 | dir=out | app=system |
"{B4CB2CA9-7C40-4CC9-8253-D90D97C8C887}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C48234D7-891A-4D9D-B2E9-4F4DD768DB24}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEB04216-C143-4A2A-A49C-E47BA48E7965}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DDF4B81F-A96B-44E1-BA69-1831B13B3F12}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DEFD6B7B-A25B-40CA-9572-FE88207F3F07}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E989FE69-824C-42F4-9E6C-08FF10736834}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FC292D5D-EEFA-40B5-B321-6535751BAA51}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055617C7-03EE-484A-9A82-D0789938FDA3}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{0D3E3C34-4E49-489B-9837-50DAB01372E4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{0DEFBA21-4454-40F7-BC90-141CC1336E86}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{231B8FAF-4B97-4B50-B1FA-63EBA70C1099}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{2AAFEFB9-7709-40C9-80F9-7C6D63B0A534}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4581E7DF-A984-401A-B3A5-7C7327829A8C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{75E438DD-8712-4F85-877D-0A523FDCF490}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{88DAD500-42FF-4B70-A936-B13D30BE0046}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9753A171-9CAD-43E3-BB7D-0DFB0E8DFD9F}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{9B0FB172-671C-414A-A7B5-541E19590F2B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AC19239E-4510-4EE5-85DB-AE73D8C9B5EE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{AE27E0CE-50D8-43C5-8C57-8C93E6EEDF11}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B5B977D8-6974-4C23-860E-C3FC7BEB3005}" = protocol=6 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
"{B795DAD7-7A2E-4D16-8735-9B738EB44B1C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{D56B5BE7-7A4E-4BE0-A14D-C1CC827EEC1A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E460D64D-919E-4249-8D41-3C6852BFE71D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EDA06360-7C81-46FE-A770-6E9E7CDB145E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{F27AD313-9A3D-4ECF-B55F-19283A2D5D79}" = protocol=17 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
"{F6BC580B-F650-4281-AE30-186F8E6FEEBB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{B2E66777-48E3-4496-9EE4-9C7E14F334DA}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
"UDP Query User{F2DF2244-2D79-4418-9951-E2F3E894BF88}C:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8B7B39-179F-47F8-A7AC-63D9C433A567}" = Intel(R) Rapid Storage Technology
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{26A24AE4-039D-4CA4-87B4-2F86417055FF}" = Java 7 Update 55 (64-bit)
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A1F2E701-F148-4359-84CF-4CDA51FDF55F}" = VmciSockets
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F7A70D00-F283-45C8-B163-49EC365D7E27}" = DSC/AA Factory Installer
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"PC-Doctor for Windows" = My Dell

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A9F528-A754-460F-B2C1-AC125A147114}" = Dell Digital Delivery
"{0877F595-254F-45F4-991D-3F72E86B17CE}" = Quicken 2014
"{09AAA659-ACF9-47B3-B362-C216693C7A11}" = Canon DR-2580C Driver
"{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 SP3 Workgroup (32-bit)
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1BBE4C53-634B-44B3-8693-314ED6260557}" = Adobe Flash Player 13 ActiveX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{50600275-223D-455E-959E-DCA40A037B7B}" = CapturePerfect 3.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A79B3745-665C-11D6-AF01-0010B5A02D6F}" = Kyocera Address Book for Network FAX
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-1033-F400-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) MUI
"{ADEE751B-09AE-4DA7-9658-DCF90E8F9ED7}" = Adobe Flash Player 13 Plugin
"{AEB719FD-EDB0-43E9-B524-90F97C1E6499}" = System Update kb70007
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AF809A35-F15C-47EC-B21A-E1A62D4FC7DC}" = CapturePerfect 3.0 Help & Manual
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}" = Google+ Auto Backup
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"Adobe Acrobat 7.0 Standard - EFG - V" = Adobe Acrobat 7.1.4 Standard - English, Français, Deutsch
"Adobe Acrobat 7.0 Standard - EFG - V_714" = Adobe Acrobat 7.1.4 - CPSID_50030
"Adobe Acrobat 7.0 Standard - English, Français, Deutsch - V" = Adobe Acrobat 7.1.2 Standard - English, Français, Deutsch
"Backblaze" = Backblaze
"DR-2580C Driver" = Canon DR-2580C Driver
"DR-2580C Job Tool" = DR-2580C Job Tool
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Medlin Accounting Shareware_is1" = Medlin Accounting
"Medlin Payroll_is1" = Medlin Payroll
"Mozilla Firefox 29.0 (x86 en-US)" = Mozilla Firefox 29.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee LiveSafe – Internet Security
"Office14.STANDARD" = Microsoft Office Standard 2010
"Picasa 3" = Picasa 3
"VMware_Player" = VMware Player
"WinRAR archiver" = WinRAR 5.00 (32-bit)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/27/2014 7:46:46 AM | Computer Name = BarrysNew | Source = Chrome | ID = 1
Description =

Error - 5/27/2014 7:47:02 AM | Computer Name = BarrysNew | Source = Chrome | ID = 1
Description =

Error - 5/27/2014 7:47:18 AM | Computer Name = BarrysNew | Source = Chrome | ID = 1
Description =

Error - 5/27/2014 7:59:08 AM | Computer Name = BarrysNew | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.500, time stamp:
0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id:
0x5a4 Faulting application start time: 0x01cf79a3075d351d Faulting application path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 4e692b12-e596-11e3-b064-afc890ab93b6

Error - 5/27/2014 8:00:05 AM | Computer Name = BarrysNew | Source = WinMgmt | ID = 10
Description =

Error - 5/27/2014 8:00:34 AM | Computer Name = BarrysNew | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.500, time stamp:
0x533d8de2 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id:
0x78c Faulting application start time: 0x01cf79a33aec636d Faulting application path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 81a76a98-e596-11e3-b064-afc890ab93b6

Error - 5/27/2014 8:53:40 AM | Computer Name = BarrysNew | Source = WinMgmt | ID = 10
Description =

Error - 5/27/2014 8:55:00 AM | Computer Name = BarrysNew | Source = MsiInstaller | ID = 11311
Description =

Error - 5/27/2014 9:05:45 AM | Computer Name = BarrysNew | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id:
0xaa0 Faulting application start time: 0x01cf79ac5d6a265d Faulting application path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: 9c92df27-e59f-11e3-848b-142d271ccbca

Error - 5/27/2014 9:22:29 AM | Computer Name = BarrysNew | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id:
0x2a38 Faulting application start time: 0x01cf79aeb489ed46 Faulting application path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: f36c9b59-e5a1-11e3-848b-142d271ccbca

[ Media Center Events ]
Error - 5/25/2014 7:58:00 AM | Computer Name = BarrysNew | Source = MCUpdate | ID = 0
Description = 7:58:00 AM - Error connecting to the internet. 7:58:00 AM - Unable
to contact server..

Error - 5/25/2014 7:58:27 AM | Computer Name = BarrysNew | Source = MCUpdate | ID = 0
Description = 7:58:09 AM - Error connecting to the internet. 7:58:09 AM - Unable
to contact server..

[ System Events ]
Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 7:58:43 AM | Computer Name = BarrysNew | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/27/2014 8:02:32 AM | Computer Name = BarrysNew | Source = DCOM | ID = 10005
Description =

Error - 5/27/2014 8:02:32 AM | Computer Name = BarrysNew | Source = DCOM | ID = 10005
Description =

< End of report >

brchapman · May 27, 2014

new scan OTL txt file part 1

Here's the new OTL scan, do you want the extras also?

OTL logfile created on: 5/27/2014 11:46:27 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barry Chapman\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.92 Gb Total Physical Memory | 8.88 Gb Available Physical Memory | 74.49% Memory free
23.84 Gb Paging File | 20.66 Gb Available in Paging File | 86.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.06 Gb Total Space | 374.01 Gb Free Space | 84.80% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 445.11 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive Y: | 24.67 Gb Total Space | 14.20 Gb Free Space | 57.59% Space Free | Partition Type: NTFS

Computer Name: BARRYSNEW | User Name: Barry Chapman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Barry Chapman\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Backblaze\bzbui.exe ()
PRC - C:\Program Files (x86)\Backblaze\bzserv.exe ()
PRC - C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks SAS)
PRC - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe (Pervasive Software Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Backblaze\bzbui.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\d7a1bbd56dc15a29c2450b177f9468d7\System.Net.Http.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\0bedc417d3c5dcb1c9a5f15dd733c556\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll ()
MOD - C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (McAPExe) -- C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (mfecore) -- C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcpltsvc) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv2) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (HomeNetSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (Intel(R) -- c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (Intel(R) -- c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (McAWFwk) -- c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe (McAfee, Inc.)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (bzserv) -- C:\Program Files (x86)\Backblaze\bzserv.exe ()
SRV - (SystemUpdatekb70007) -- C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SftService) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks SAS)
SRV - (DellDigitalDelivery) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Windows (R) Win 7 DDK provider)
SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (mfencrk) -- C:\Windows\SysNative\drivers\mfencrk.sys (McAfee, Inc.)
DRV:64bit: - (mfencbdc) -- C:\Windows\SysNative\drivers\mfencbdc.sys (McAfee, Inc.)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (usbscan) -- C:\Windows\SysWOW64\drivers\usbscan.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D81273E4-7658-47B6-8075-3D404C64D87C}
IE:64bit: - HKLM\..\SearchScopes\{D81273E4-7658-47B6-8075-3D404C64D87C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D81273E4-7658-47B6-8075-3D404C64D87C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-670280924-550259233-2201882432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - prefs.js..network.proxy.type: 1user_pref("network.proxy.http", "127.0.0.1");user_pref("network.proxy.http_port", 8118);user_pref("network.proxy.ssl", "127.0.0.1");user_pref("network.proxy.ssl_port", 8118);
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2014/05/25 10:10:50 | 000,000,000 | ---D | M]

[2014/05/03 16:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barry Chapman\AppData\Roaming\Mozilla\Extensions
[2014/05/03 16:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barry Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\76t9nm76.default\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google

mniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google

ageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_1\
CHR - Extension: Google Drive = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google Wallet = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Barry Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/05/27 11:23:37 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-670280924-550259233-2201882432-1000..\Run: [Backblaze] C:\Program Files (x86)\Backblaze\bzbui.exe ()
O4 - HKU\S-1-5-21-670280924-550259233-2201882432-1000..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 205.152.144.23 205.152.132.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52E3D270-9F67-475E-B16A-1D6443366E50}: DhcpNameServer = 8.8.8.8 8.8.4.4 205.152.144.23 205.152.132.23
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/15 20:52:18 | 000,000,080 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/27 11:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/05/27 11:30:46 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/05/27 11:23:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/27 09:18:51 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2014/05/26 10:19:40 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/25 10:38:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/05/25 10:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/05/25 10:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/05/23 08:25:39 | 000,000,000 | ---D | C] -- C:\New folder
[2014/05/23 07:48:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/05/23 07:41:53 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\QuickScan
[2014/05/22 16:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/22 15:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2014/05/22 15:35:36 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/22 15:35:22 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/22 15:35:22 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/22 15:35:22 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/22 15:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/05/22 10:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot
[2014/05/21 11:27:06 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\TuneUp Software
[2014/05/21 11:16:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/05/21 11:16:29 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\MFAData
[2014/05/21 11:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/05/20 14:53:08 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Norman Malware Cleaner
[2014/05/20 12:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/05/19 16:42:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/19 10:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014/05/19 10:20:13 | 000,000,000 | ---D | C] -- C:\Adobe XI Pro
[2014/05/19 08:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/05/19 07:54:08 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\ProcAlyzer Dumps
[2014/05/16 10:51:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\CrashDumps
[2014/05/16 09:39:50 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\SUPERAntiSpyware.com
[2014/05/16 09:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/05/16 08:33:26 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/05/16 08:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2014/05/16 08:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/05/15 11:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/05/15 11:40:14 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/05/15 11:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/05/15 11:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/05/15 03:25:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Virtual Machines
[2014/05/15 03:06:09 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/15 03:06:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/14 16:16:31 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\PDF24
[2014/05/14 15:56:37 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft
[2014/05/14 15:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSR
[2014/05/14 15:54:30 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\wi_upd
[2014/05/14 11:56:55 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\Outlook Files
[2014/05/14 10:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2014/05/14 10:25:54 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2014/05/14 10:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/05/14 10:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2014/05/14 10:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/05/14 10:20:23 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014/05/14 08:30:28 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Secunia PSI
[2014/05/14 08:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2014/05/14 05:44:33 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/14 05:44:33 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/14 05:44:11 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/14 05:44:11 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/14 05:44:10 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/14 05:44:10 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/14 05:44:10 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/14 05:44:10 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/14 05:44:10 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/14 05:44:10 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/14 05:44:09 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/14 05:44:09 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/14 05:44:09 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/14 05:44:09 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/14 05:44:09 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/14 05:44:09 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/14 05:44:09 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/14 05:44:09 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/14 05:44:09 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/14 05:44:09 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/14 05:44:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/14 05:44:09 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/14 05:44:09 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/14 05:44:08 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/14 05:44:08 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/13 12:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backblaze
[2014/05/13 12:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Backblaze
[2014/05/13 12:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Backblaze
[2014/05/13 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\VMware
[2014/05/13 11:18:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/05/13 11:00:12 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\VMware
[2014/05/12 20:43:13 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\.asdm
[2014/05/12 20:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2014/05/12 13:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\My Lockbox
[2014/05/12 07:16:46 | 000,000,000 | -H-D | C] -- C:\.bzvol
[2014/05/09 11:38:06 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\CCWin
[2014/05/09 07:41:14 | 000,063,568 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2014/05/09 07:40:35 | 000,354,896 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2014/05/09 07:40:33 | 000,434,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2014/05/09 07:40:32 | 000,030,800 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2014/05/09 07:40:26 | 000,943,184 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2014/05/09 07:39:45 | 000,033,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2014/05/09 07:39:43 | 000,039,024 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2014/05/09 07:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2014/05/09 07:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2014/05/09 07:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2014/05/09 07:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2014/05/09 07:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2014/05/07 09:42:51 | 000,231,552 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXDFLT.DLL
[2014/05/07 09:42:51 | 000,102,672 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXTIFFN.DLL
[2014/05/07 09:42:51 | 000,049,424 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXTHK32.DLL
[2014/05/07 09:42:51 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXSLN.DLL
[2014/05/07 09:42:51 | 000,023,152 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXPERM.DLL
[2014/05/07 09:42:51 | 000,016,048 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXLOC.DLL
[2014/05/07 09:42:51 | 000,011,968 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\SysWow64\PIXMDLLC.CPL
[2014/05/07 09:42:51 | 000,006,416 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXTHK16.DLL
[2014/05/07 09:42:50 | 000,209,168 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXNOTEN.DLL
[2014/05/07 09:42:50 | 000,074,000 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXNAMEN.DLL
[2014/05/07 09:42:50 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXRAMN.DLL
[2014/05/07 09:42:50 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXPANN.DLL
[2014/05/07 09:42:50 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXMPN.DLL
[2014/05/07 09:42:50 | 000,045,328 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXMDLGN.DLL
[2014/05/07 09:42:49 | 000,753,936 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXANNOT.DLL
[2014/05/07 09:42:49 | 000,463,120 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXJP2K.DLL
[2014/05/07 09:42:49 | 000,327,680 | ---- | C] (The University of New South Wales) -- C:\Windows\SysWow64\PIXJP2KI.DLL
[2014/05/07 09:42:49 | 000,119,056 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXJBGN.DLL
[2014/05/07 09:42:49 | 000,094,480 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXAPS.DLL
[2014/05/07 09:42:49 | 000,069,904 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXDLGN.DLL
[2014/05/07 09:42:49 | 000,057,616 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXLZWN.DLL
[2014/05/07 09:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon Electronics
[2014/05/07 09:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CapturePerfect 3.1
[2014/05/06 16:16:12 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\ElevatedDiagnostics
[2014/05/06 15:56:54 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\My Documents from old
[2014/05/06 13:18:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/05/06 13:12:58 | 000,152,576 | ---- | C] (Canon Electronics) -- C:\Windows\SysNative\DR25SVC.dll
[2014/05/06 13:12:46 | 000,491,792 | ---- | C] (Captiva Software Corp.) -- C:\Windows\SysWow64\qd1.dll
[2014/05/06 10:10:41 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Oracle
[2014/05/06 10:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/05/06 10:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/05/06 10:05:04 | 000,313,256 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/05/06 10:04:56 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/05/06 10:04:56 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/05/06 10:04:56 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/05/06 10:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/05/06 10:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/05/06 09:31:13 | 000,233,744 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXMDLN.DLL
[2014/05/06 09:09:30 | 000,200,704 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\twpix32.dll
[2014/05/06 09:09:30 | 000,098,304 | ---- | C] (Cornerstone Imaging, Inc.) -- C:\Windows\SysWow64\Wiaext32.dll
[2014/05/06 09:09:30 | 000,023,152 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\System\Pixperm.dll
[2014/05/06 09:09:30 | 000,021,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\Ctl3d.dll
[2014/05/06 09:09:30 | 000,016,064 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\System\Pixloc.dll
[2014/05/06 09:09:29 | 000,231,552 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\System\Pixdflt.dll
[2014/05/06 09:06:37 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\ISIS Drivers
[2014/05/06 09:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ISIS Drivers
[2014/05/06 09:05:28 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Desktop\CapturePerfect 3.0
[2014/05/06 08:51:55 | 000,000,000 | ---D | C] -- C:\DR Scanner
[2014/05/06 08:43:03 | 000,000,000 | ---D | C] -- C:\DR2580C
[2014/05/06 08:37:30 | 000,096,768 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysNative\DR25CPL.dll
[2014/05/06 08:37:30 | 000,083,456 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysNative\CeiUSB64.dll
[2014/05/06 07:52:59 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/06 07:29:31 | 000,000,000 | ---D | C] -- C:\CapturePerfect Upgrade
[2014/05/06 03:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2014/05/05 17:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon DR-2580C
[2014/05/05 16:56:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\AdobeUM
[2014/05/05 16:53:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2014/05/05 16:53:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2014/05/05 16:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/05/05 16:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/05/05 16:24:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/05/05 16:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2014/05/05 16:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2014/05/05 15:50:08 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver
[2014/05/05 14:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landtech XML
[2014/05/05 14:52:53 | 000,204,800 | ---- | C] (Landtech Data Corporation) -- C:\Windows\SysWow64\ltwpvsw.DLL
[2014/05/05 14:52:53 | 000,065,536 | ---- | C] (Landtech Data Corp.) -- C:\Windows\SysWow64\LTWNode.exe
[2014/05/05 14:52:53 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Landtech XML
[2014/05/05 14:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Pervasive Software
[2014/05/05 14:44:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pervasive Software
[2014/05/05 14:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pervasive
[2014/05/05 14:22:07 | 000,000,000 | ---D | C] -- C:\LTAPPS
[2014/05/05 14:18:46 | 000,000,000 | ---D | C] -- C:\Wages
[2014/05/05 14:07:17 | 000,169,600 | ---- | C] (Wintertree Software Inc.) -- C:\Windows\SysWow64\WSpell.ocx
[2014/05/05 12:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WP-64
[2014/05/05 12:22:16 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Help
[2014/05/05 12:22:16 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Help
[2014/05/05 11:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/05/05 10:49:21 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvbvm50.dll
[2014/05/05 10:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medlin Accounting
[2014/05/05 10:49:20 | 000,000,000 | ---D | C] -- C:\MWACCT
[2014/05/05 10:49:04 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Programs
[2014/05/05 10:40:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\QuickenWindow
[2014/05/05 10:36:26 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\IsolatedStorage
[2014/05/05 10:28:28 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\Quicken
[2014/05/05 10:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2014/05/05 10:24:39 | 004,169,728 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll

brchapman · May 27, 2014

New scan OTL tst file part 2

[2014/05/05 10:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2014
[2014/05/05 10:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2014/05/05 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken
[2014/05/05 10:24:08 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Intuit
[2014/05/05 10:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2014/05/05 10:13:09 | 000,000,000 | ---D | C] -- C:\Quicken 2014
[2014/05/05 09:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2014/05/05 08:58:28 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\EmieUserList
[2014/05/05 08:58:28 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\EmieSiteList
[2014/05/05 03:10:48 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/05 03:10:48 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/05 03:10:46 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/05 03:10:43 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/05 03:10:43 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/05 03:10:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/05 03:10:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/05 03:10:42 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/05 03:10:42 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/05 03:10:42 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/05 03:10:42 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/05 03:10:42 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/05 03:10:42 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/05 03:10:41 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/05 03:10:41 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/05 03:10:41 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/05 03:10:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/05 03:10:41 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/05 03:10:41 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/05 03:10:39 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/05/05 03:10:39 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/05 03:10:39 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/05 03:10:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/05 03:10:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/05 03:10:38 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/05 03:10:38 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/05 03:10:37 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/05 03:10:36 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/05 03:10:35 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/04 03:37:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2014/05/04 03:37:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2014/05/04 03:17:29 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/05/04 03:06:18 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2014/05/04 03:06:18 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2014/05/04 03:06:18 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2014/05/04 03:06:18 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2014/05/03 16:58:30 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2014/05/03 16:58:30 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2014/05/03 16:58:24 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/05/03 16:58:24 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/05/03 16:58:23 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/05/03 16:58:23 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/05/03 16:58:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/05/03 16:58:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/05/03 16:55:43 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/05/03 16:55:43 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/05/03 16:55:42 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/05/03 16:55:42 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/05/03 16:55:42 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/05/03 16:55:42 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/05/03 16:55:42 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/05/03 16:55:42 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/05/03 16:55:42 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/05/03 16:55:42 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/05/03 16:55:42 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/05/03 16:55:42 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/05/03 16:55:42 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/05/03 16:55:42 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/05/03 16:55:42 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/05/03 16:55:42 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/05/03 16:55:42 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/05/03 16:55:35 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/05/03 16:55:35 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/05/03 16:55:09 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/05/03 16:55:09 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/05/03 16:53:46 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/05/03 16:53:44 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/05/03 16:53:44 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/05/03 16:53:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/05/03 16:53:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/05/03 16:53:38 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/05/03 16:53:38 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/05/03 16:53:37 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/05/03 16:53:37 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/05/03 16:53:37 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2014/05/03 16:53:37 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2014/05/03 16:53:36 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/05/03 16:53:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/05/03 16:53:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/05/03 16:53:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/05/03 16:53:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/05/03 16:53:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/05/03 16:53:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/05/03 16:53:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/05/03 16:53:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2014/05/03 16:53:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2014/05/03 16:53:30 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/05/03 16:46:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014/05/03 16:40:07 | 000,000,000 | ---D | C] -- C:\Office 2000
[2014/05/03 16:34:04 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Microsoft Help
[2014/05/03 16:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2014/05/03 16:26:05 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\WinRAR
[2014/05/03 16:23:38 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Macromedia
[2014/05/03 16:21:15 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Mozilla
[2014/05/03 16:21:15 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Mozilla
[2014/05/03 16:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/05/03 16:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/05/03 16:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/03 16:10:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/05/03 16:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/05/03 16:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2014/05/03 15:48:38 | 001,098,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wab32res.dll
[2014/05/03 15:48:38 | 000,886,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wab32.dll
[2014/05/03 15:40:56 | 000,000,000 | ---D | C] -- C:\Windows\Msagent
[2014/05/03 15:40:38 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft Web Folders
[2014/05/03 15:33:02 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftsrch.dll
[2014/05/03 15:33:02 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftsrch.dll
[2014/05/03 15:33:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx041e.dll
[2014/05/03 15:33:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx041e.dll
[2014/05/03 15:33:02 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx0411.dll
[2014/05/03 15:33:02 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx0411.dll
[2014/05/03 14:40:10 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Adobe
[2014/05/03 14:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\wp51
[2014/05/03 14:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FAX User Software
[2014/05/03 14:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kyocera
[2014/05/03 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Canon Electronics
[2014/05/03 13:38:36 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\Corel User Files
[2014/05/03 13:38:11 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Corel
[2014/05/03 13:31:52 | 000,021,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CTL3D.DLL
[2014/05/03 13:31:15 | 000,067,888 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysWow64\SuStiUtl.dll
[2014/05/03 13:30:43 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Desktop\Canon DR-2580C
[2014/05/03 13:30:41 | 000,106,496 | ---- | C] (Canon Electronics) -- C:\Windows\SysWow64\DR25SVC.dll
[2014/05/03 13:30:41 | 000,094,208 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysWow64\DR25CPL.dll
[2014/05/03 13:30:41 | 000,036,864 | ---- | C] (Canon Electronics Inc.) -- C:\Windows\SysWow64\CeiUSB2.dll
[2014/05/03 13:30:41 | 000,014,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\usbscan.sys
[2014/05/03 13:30:38 | 000,180,224 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN1120.DLL
[2014/05/03 13:30:38 | 000,176,128 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN1520.DLL
[2014/05/03 13:30:38 | 000,114,688 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN1320.DLL
[2014/05/03 13:30:38 | 000,051,712 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN20.DLL
[2014/05/03 13:30:37 | 000,602,384 | ---- | C] (Pixel Translations Incorporated) -- C:\Windows\SysWow64\pixipdll.dll
[2014/05/03 13:30:37 | 000,155,648 | ---- | C] (Pegasus Imaging Corp.) -- C:\Windows\SysWow64\PIXN1020.DLL
[2014/05/03 13:30:36 | 000,401,484 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msvcrtd.dll
[2014/05/03 13:30:36 | 000,221,456 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXDFLTN.DLL
[2014/05/03 13:30:36 | 000,074,000 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXLOCN.DLL
[2014/05/03 13:30:36 | 000,053,520 | ---- | C] (EMC Corporation) -- C:\Windows\SysWow64\PIXPERMN.DLL
[2014/05/03 13:30:36 | 000,000,000 | ---D | C] -- C:\Windows\PIXTRAN
[2014/05/03 13:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon Electronics
[2014/05/03 13:30:31 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2014/05/03 13:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office 12
[2014/05/03 13:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Borland Shared
[2014/05/03 13:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WordPerfect Office 12
[2014/05/03 13:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2014/05/03 12:01:21 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\PCDr
[2014/05/02 20:32:20 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/05/02 20:32:20 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/05/02 20:32:20 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/05/02 20:32:12 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/05/02 20:32:12 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/05/02 20:32:12 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/05/02 20:32:05 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/05/02 20:32:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/05/02 19:50:51 | 000,197,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2014/05/02 16:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/05/02 16:12:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/05/02 16:12:46 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Google
[2014/05/02 16:10:13 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Diagnostics
[2014/05/02 15:58:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Apps
[2014/05/02 15:58:32 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Deployment
[2014/05/02 15:45:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Opera Software
[2014/05/02 15:45:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Opera Software
[2014/05/02 15:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2014/05/02 15:42:10 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Macromedia
[2014/05/02 15:26:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Intel Corporation
[2014/05/02 15:25:54 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Dell
[2014/05/02 15:25:50 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\BMExplorer
[2014/05/02 15:25:49 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\Documents\Bluetooth Folder
[2014/05/02 15:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2014/05/02 15:25:33 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Leadertech
[2014/05/02 15:25:31 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Atheros
[2014/05/02 15:25:20 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Adobe
[2014/05/02 15:25:19 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/05/02 15:25:19 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Searches
[2014/05/02 15:25:19 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/05/02 15:25:19 | 000,000,000 | -H-D | C] -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/05/02 15:25:10 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Identities
[2014/05/02 15:25:08 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Contacts
[2014/05/02 15:25:07 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\VirtualStore
[2014/05/02 15:23:34 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\softthinks
[2014/05/02 15:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\softthinks
[2014/05/02 15:17:44 | 000,000,000 | --SD | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Videos
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Saved Games
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Pictures
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Music
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Links
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Favorites
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Downloads
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Documents
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\Desktop
[2014/05/02 15:17:44 | 000,000,000 | R--D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\Temporary Internet Files
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Templates
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Start Menu
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\SendTo
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Recent
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\PrintHood
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\NetHood
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Documents\My Videos
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Documents\My Pictures
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Documents\My Music
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\My Documents
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Local Settings
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\History
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Cookies
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\Application Data
[2014/05/02 15:17:44 | 000,000,000 | -HSD | C] -- C:\Users\Barry Chapman\AppData\Local\Application Data
[2014/05/02 15:17:44 | 000,000,000 | -H-D | C] -- C:\Users\Barry Chapman\AppData
[2014/05/02 15:17:44 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Temp
[2014/05/02 15:17:44 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Local\Microsoft
[2014/05/02 15:17:44 | 000,000,000 | ---D | C] -- C:\Users\Barry Chapman\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2014/05/27 11:37:50 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/27 11:37:50 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/27 11:36:12 | 000,791,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/27 11:36:12 | 000,670,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/27 11:36:12 | 000,125,196 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/27 11:29:31 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/27 11:29:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/27 11:29:10 | 1008,427,006 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/27 11:23:37 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/05/27 11:07:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/27 10:55:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/27 10:44:00 | 000,219,894 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141042 revised hud 5-26.pdf
[2014/05/27 09:13:14 | 001,440,846 | ---- | M] () -- C:\Program Files (x86)\mbam-chameleon-1.62.1.1000.zip
[2014/05/25 11:49:58 | 000,004,447 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\attach.zip
[2014/05/25 11:38:01 | 000,000,512 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\MBR.dat
[2014/05/25 10:52:48 | 000,004,315 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\attach.rar
[2014/05/25 10:37:03 | 000,001,159 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/05/25 10:36:53 | 000,000,960 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\ERUNT.lnk
[2014/05/23 09:52:06 | 000,201,978 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 PRELIMINARY HUD.pdf
[2014/05/23 07:52:39 | 000,033,334 | ---- | M] () -- C:\ProgramData\1400845954.bdinstall.bin
[2014/05/23 07:52:28 | 000,000,189 | ---- | M] () -- C:\ProgramData\1400845920.2208.bin
[2014/05/23 07:52:24 | 000,002,061 | ---- | M] () -- C:\ProgramData\1400845920.2284.bin
[2014/05/23 07:52:14 | 000,039,641 | ---- | M] () -- C:\ProgramData\1400845920.2200.bin
[2014/05/23 07:48:44 | 624,028,561 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/05/23 07:44:29 | 000,000,965 | ---- | M] () -- C:\ProgramData\1400845426.13472.bin
[2014/05/23 07:44:27 | 000,043,785 | ---- | M] () -- C:\ProgramData\1400845426.14224.bin
[2014/05/23 07:44:03 | 000,002,062 | ---- | M] () -- C:\ProgramData\1400845426.13672.bin
[2014/05/23 07:42:32 | 000,044,557 | ---- | M] () -- C:\ProgramData\1400845313.bdinstall.bin
[2014/05/22 15:48:56 | 000,042,188 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141050 revised contract.pdf
[2014/05/22 15:35:06 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/22 15:35:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/22 15:35:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/22 15:35:06 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/22 15:20:40 | 000,103,981 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141050 signed contract.pdf
[2014/05/22 13:23:30 | 000,051,706 | ---- | M] () -- C:\Windows\SysWow64\bddel.dat
[2014/05/22 13:12:59 | 000,202,050 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141042 REVISED HUD.pdf
[2014/05/22 10:49:21 | 000,001,434 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/05/21 16:21:32 | 000,037,861 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Roaming\Comma Separated Values (Windows).ADR
[2014/05/21 15:00:00 | 000,017,064 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Martinez legal description.pdf
[2014/05/21 09:17:50 | 000,002,334 | ---- | M] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/21 09:17:50 | 000,002,310 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/20 11:11:14 | 000,024,389 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141042 preliminary HUD.pdf
[2014/05/20 09:17:06 | 000,166,076 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141049 HICKMAN ucc1.pdf
[2014/05/19 14:46:28 | 000,126,434 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141049 REVISED HUD.pdf
[2014/05/19 14:25:33 | 000,148,676 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141049 HUD & LEGAL DESCR.pdf
[2014/05/19 14:11:04 | 000,129,944 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141051 HUD.pdf
[2014/05/19 09:55:20 | 000,009,944 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Clayton Homes Invoice-Turbide.pdf
[2014/05/16 11:13:50 | 000,111,023 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Bunche Stree contract.pdf
[2014/05/15 11:40:19 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/05/15 11:40:19 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/05/15 11:40:19 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/05/15 11:36:53 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2014/05/14 15:27:56 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2014/05/14 15:14:45 | 000,494,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/14 15:08:15 | 000,001,520 | ---- | M] () -- C:\Users\Public\Documents\AcStd7_1_0.ini
[2014/05/14 14:39:51 | 000,129,908 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Wiggins hud.pdf
[2014/05/14 11:41:08 | 000,001,186 | ---- | M] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/05/14 08:36:30 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/14 08:36:30 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/13 15:37:53 | 000,125,914 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141044 PREL HUD.pdf
[2014/05/13 12:25:15 | 000,144,192 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 tax cert and plat.pdf
[2014/05/13 11:38:10 | 034,209,792 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\CHAPMA11_20140505-2014-05-13.QDF-backup
[2014/05/13 11:13:54 | 000,007,605 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Local\resmon.resmoncfg
[2014/05/13 10:04:35 | 000,000,000 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Local\{89B78C50-3F1E-4624-B5B6-B21F413891C7}
[2014/05/13 09:04:13 | 000,025,833 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Performance Monitor screen grab.gif
[2014/05/12 16:37:27 | 000,255,875 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 commitment.pdf
[2014/05/12 16:26:00 | 000,010,295 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 commitment.wpd
[2014/05/12 16:21:54 | 000,002,380 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141046 DATA FILE.wpd
[2014/05/09 10:58:52 | 000,729,275 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141039 signed docs.pdf
[2014/05/09 10:41:30 | 000,015,330 | ---- | M] () -- C:\Users\Barry Chapman\Documents\WIRE INSTRUCTIONS REAL ESTATE TRUST ACCT.pdf
[2014/05/09 07:41:18 | 000,001,070 | ---- | M] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2014/05/09 07:39:33 | 000,807,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/09 07:39:32 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2014/05/09 02:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/09 02:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/07 15:51:16 | 000,088,239 | ---- | M] () -- C:\Users\Barry Chapman\Documents\martin aff doc.pdf
[2014/05/07 15:43:47 | 002,744,977 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Gary Martin closing package.pdf
[2014/05/07 11:24:18 | 000,027,554 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141041 revised note.pdf
[2014/05/07 09:44:56 | 000,532,504 | ---- | M] () -- C:\Users\Barry Chapman\Documents\revised note and sd to change dates.pdf
[2014/05/07 09:16:15 | 000,024,895 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Old Republic Synovus letter.pdf
[2014/05/06 16:39:15 | 000,534,254 | ---- | M] () -- C:\Users\Barry Chapman\Documents\Tillman revised note & sd.pdf
[2014/05/06 13:22:33 | 000,000,125 | ---- | M] () -- C:\Windows\SetScan.ini
[2014/05/06 10:04:49 | 000,313,256 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/05/06 10:04:49 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/05/06 10:04:49 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/05/06 10:04:49 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/05/06 09:06:37 | 000,005,432 | ---- | M] () -- C:\Windows\pixcache.ini
[2014/05/05 23:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/05 22:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/05 16:54:47 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Standard.lnk
[2014/05/05 16:15:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2014/05/05 16:12:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2014/05/05 15:02:39 | 000,013,839 | ---- | M] () -- C:\Users\Barry Chapman\Documents\141000.pdf
[2014/05/05 14:53:30 | 000,001,534 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\Landtech XML.lnk
[2014/05/05 14:52:53 | 000,204,800 | ---- | M] (Landtech Data Corporation) -- C:\Windows\SysWow64\ltwpvsw.DLL
[2014/05/05 14:52:53 | 000,065,536 | ---- | M] (Landtech Data Corp.) -- C:\Windows\SysWow64\LTWNode.exe
[2014/05/05 14:44:31 | 000,000,519 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2014/05/05 14:44:25 | 000,002,781 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
[2014/05/05 11:17:49 | 000,000,580 | ---- | M] () -- C:\Users\Public\Desktop\Medlin Accounting.lnk
[2014/05/05 10:24:34 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Deluxe 2014.lnk
[2014/05/05 10:24:31 | 000,000,126 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2014/05/03 16:21:08 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/03 16:10:33 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2014/05/03 15:41:59 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/05/03 13:38:12 | 000,061,678 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Roaming\PFP120JPR.{PB
[2014/05/03 13:38:12 | 000,012,358 | ---- | M] () -- C:\Users\Barry Chapman\AppData\Roaming\PFP120JCM.{PB
[2014/05/03 13:17:14 | 000,002,607 | ---- | M] () -- C:\Users\Barry Chapman\Desktop\WordPerfect.lnk
[2014/05/02 15:31:58 | 000,001,409 | ---- | M] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/02 15:15:22 | 000,041,450 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/05/02 15:15:22 | 000,041,450 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2014/05/27 10:44:00 | 000,219,894 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141042 revised hud 5-26.pdf
[2014/05/27 09:25:05 | 001,440,846 | ---- | C] () -- C:\Program Files (x86)\mbam-chameleon-1.62.1.1000.zip
[2014/05/25 11:49:58 | 000,004,447 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\attach.zip
[2014/05/25 11:38:01 | 000,000,512 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\MBR.dat
[2014/05/25 10:52:48 | 000,004,315 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\attach.rar
[2014/05/25 10:37:03 | 000,001,159 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/05/25 10:36:53 | 000,000,960 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\ERUNT.lnk
[2014/05/23 09:46:30 | 000,201,978 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 PRELIMINARY HUD.pdf
[2014/05/23 07:52:39 | 000,033,334 | ---- | C] () -- C:\ProgramData\1400845954.bdinstall.bin
[2014/05/23 07:52:03 | 000,000,189 | ---- | C] () -- C:\ProgramData\1400845920.2208.bin
[2014/05/23 07:52:02 | 000,002,061 | ---- | C] () -- C:\ProgramData\1400845920.2284.bin
[2014/05/23 07:52:00 | 000,039,641 | ---- | C] () -- C:\ProgramData\1400845920.2200.bin
[2014/05/23 07:48:44 | 624,028,561 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/05/23 07:43:56 | 000,000,965 | ---- | C] () -- C:\ProgramData\1400845426.13472.bin
[2014/05/23 07:43:55 | 000,002,062 | ---- | C] () -- C:\ProgramData\1400845426.13672.bin
[2014/05/23 07:43:46 | 000,043,785 | ---- | C] () -- C:\ProgramData\1400845426.14224.bin
[2014/05/23 07:42:32 | 000,044,557 | ---- | C] () -- C:\ProgramData\1400845313.bdinstall.bin
[2014/05/22 15:48:57 | 000,042,188 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141050 revised contract.pdf
[2014/05/22 15:20:41 | 000,103,981 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141050 signed contract.pdf
[2014/05/22 13:22:39 | 000,051,706 | ---- | C] () -- C:\Windows\SysWow64\bddel.dat
[2014/05/22 13:12:59 | 000,202,050 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141042 REVISED HUD.pdf
[2014/05/21 15:00:00 | 000,017,064 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Martinez legal description.pdf
[2014/05/20 11:11:14 | 000,024,389 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141042 preliminary HUD.pdf
[2014/05/20 09:17:02 | 000,166,076 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141049 HICKMAN ucc1.pdf
[2014/05/19 14:46:28 | 000,126,434 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141049 REVISED HUD.pdf
[2014/05/19 14:25:34 | 000,148,676 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141049 HUD & LEGAL DESCR.pdf
[2014/05/19 14:11:05 | 000,129,944 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141051 HUD.pdf
[2014/05/19 09:55:21 | 000,009,944 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Clayton Homes Invoice-Turbide.pdf
[2014/05/16 11:15:34 | 000,111,023 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Bunche Stree contract.pdf
[2014/05/15 11:40:19 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/05/15 11:40:19 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/05/15 11:40:19 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/05/15 11:40:16 | 000,001,446 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/05/15 11:40:16 | 000,001,434 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/05/15 11:36:51 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/05/14 14:43:14 | 000,129,908 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Wiggins hud.pdf
[2014/05/14 14:40:55 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2014/05/14 14:34:35 | 000,001,520 | ---- | C] () -- C:\Users\Public\Documents\AcStd7_1_0.ini
[2014/05/14 11:41:08 | 000,001,186 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/05/13 15:37:54 | 000,125,914 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141044 PREL HUD.pdf
[2014/05/13 12:25:15 | 000,144,192 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 tax cert and plat.pdf
[2014/05/13 11:38:10 | 034,209,792 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\CHAPMA11_20140505-2014-05-13.QDF-backup
[2014/05/13 10:04:35 | 000,000,000 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Local\{89B78C50-3F1E-4624-B5B6-B21F413891C7}
[2014/05/13 09:04:13 | 000,025,833 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Performance Monitor screen grab.gif
[2014/05/13 08:53:10 | 000,007,605 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Local\resmon.resmoncfg
[2014/05/12 16:39:10 | 000,255,875 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 commitment.pdf
[2014/05/12 16:26:00 | 000,010,295 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 commitment.wpd
[2014/05/12 16:21:54 | 000,002,380 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141046 DATA FILE.wpd
[2014/05/09 10:58:52 | 000,729,275 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141039 signed docs.pdf
[2014/05/09 10:41:30 | 000,015,330 | ---- | C] () -- C:\Users\Barry Chapman\Documents\WIRE INSTRUCTIONS REAL ESTATE TRUST ACCT.pdf
[2014/05/09 07:41:18 | 000,001,070 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2014/05/09 07:39:32 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2014/05/07 15:51:16 | 000,088,239 | ---- | C] () -- C:\Users\Barry Chapman\Documents\martin aff doc.pdf
[2014/05/07 15:43:46 | 002,744,977 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Gary Martin closing package.pdf
[2014/05/07 11:24:13 | 000,027,554 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141041 revised note.pdf
[2014/05/07 09:47:05 | 000,532,504 | ---- | C] () -- C:\Users\Barry Chapman\Documents\revised note and sd to change dates.pdf
[2014/05/07 09:16:15 | 000,024,895 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Old Republic Synovus letter.pdf
[2014/05/06 16:39:15 | 000,534,254 | ---- | C] () -- C:\Users\Barry Chapman\Documents\Tillman revised note & sd.pdf
[2014/05/06 09:09:30 | 000,063,248 | ---- | C] () -- C:\Windows\SysWow64\picn1120.ssm
[2014/05/05 17:43:05 | 000,005,432 | ---- | C] () -- C:\Windows\pixcache.ini
[2014/05/05 16:54:47 | 000,002,501 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 Standard.lnk
[2014/05/05 16:54:47 | 000,002,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk
[2014/05/05 16:54:47 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Standard.lnk
[2014/05/05 16:15:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2014/05/05 16:12:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2014/05/05 14:53:30 | 000,001,534 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\Landtech XML.lnk
[2014/05/05 14:44:31 | 000,000,519 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2014/05/05 14:44:25 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
[2014/05/05 14:35:58 | 000,013,839 | ---- | C] () -- C:\Users\Barry Chapman\Documents\141000.pdf
[2014/05/05 11:45:19 | 000,037,861 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\Comma Separated Values (Windows).ADR
[2014/05/05 10:49:21 | 000,000,580 | ---- | C] () -- C:\Users\Public\Desktop\Medlin Accounting.lnk
[2014/05/05 10:24:34 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2014.lnk
[2014/05/05 10:24:06 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2014/05/04 03:06:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/05/03 16:21:08 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/05/03 16:21:08 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/03 16:10:33 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2014/05/03 15:41:59 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/05/03 13:38:12 | 000,061,678 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\PFP120JPR.{PB
[2014/05/03 13:38:12 | 000,012,358 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\PFP120JCM.{PB
[2014/05/03 13:30:41 | 000,000,125 | ---- | C] () -- C:\Windows\SetScan.ini
[2014/05/03 13:17:14 | 000,002,607 | ---- | C] () -- C:\Users\Barry Chapman\Desktop\WordPerfect.lnk
[2014/05/02 16:23:30 | 000,002,334 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/02 16:23:30 | 000,002,310 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/02 16:12:54 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/02 16:12:54 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/02 15:31:58 | 000,001,409 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/02 15:25:20 | 000,001,415 | ---- | C] () -- C:\Users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/05/02 15:18:02 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2014/05/02 15:17:44 | 000,000,290 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/05/02 15:17:44 | 000,000,272 | ---- | C] () -- C:\Users\Barry Chapman\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/03/22 04:08:50 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2014/03/22 04:08:50 | 000,241,152 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/03/22 04:08:50 | 000,109,056 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2014/03/21 13:42:49 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/05/11 05:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2014/05/20 18:36:38 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/05/03 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\Canon Electronics
[2014/05/16 08:33:26 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/05/20 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\ISIS Drivers
[2014/05/02 15:25:33 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\Leadertech
[2014/05/20 17:26:37 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\Opera Software
[2014/05/06 10:10:41 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\Oracle
[2014/05/04 18:11:07 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\PCDr
[2014/05/23 07:41:53 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\QuickScan
[2014/05/21 11:27:06 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\TuneUp Software
[2014/05/20 17:52:15 | 000,000,000 | ---D | M] -- C:\Users\Barry Chapman\AppData\Roaming\wi_upd

========== Purity Check ==========

< End of report >

ken545 · May 27, 2014

I really wanted to see the log from the fix . It looks like the proxy problem has not be resolved.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

brchapman · May 27, 2014

Combofix log

Here's the Combofix log:

ComboFix 14-05-27.02 - Barry Chapman 05/27/2014 12:59:46.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12205.8695 [GMT -4:00]
Running from: c:\users\Barry Chapman\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1400845313.bdinstall.bin
c:\programdata\1400845426.13472.bin
c:\programdata\1400845426.13672.bin
c:\programdata\1400845426.14224.bin
c:\programdata\1400845920.2200.bin
c:\programdata\1400845920.2208.bin
c:\programdata\1400845920.2284.bin
c:\programdata\1400845954.bdinstall.bin
c:\windows\MICROSOFT
c:\windows\MICROSOFT\SystemUpdatekb70007\Installer.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\InstallerLibrary.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\Newtonsoft.Json.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\SQLite.Interop.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\System.Data.SQLite.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\win32.reg
c:\windows\MICROSOFT\SystemUpdatekb70007\WindowsUpdater.exe
c:\windows\SysWow64\setup.ini
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SystemUpdatekb70007
-------\Service_SystemUpdatekb70007
.
.
((((((((((((((((((((((((( Files Created from 2014-04-27 to 2014-05-27 )))))))))))))))))))))))))))))))
.
.
2014-05-27 17:04 . 2014-05-27 17:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-27 15:23 . 2014-05-27 15:23 -------- d-----w- C:\_OTL
2014-05-27 13:18 . 2014-05-27 13:18 -------- d-----w- C:\Malwarebytes' Anti-Malware
2014-05-26 14:19 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-25 14:36 . 2014-05-25 14:37 -------- d-----w- c:\program files (x86)\ERUNT
2014-05-25 13:09 . 2014-05-25 13:09 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-05-25 12:59 . 2014-05-25 12:59 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-05-25 12:59 . 2014-05-25 12:59 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-05-25 12:59 . 2014-05-25 12:59 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-05-23 13:20 . 2014-05-20 05:26 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3456136A-31BD-44AD-AC9F-CC6C03C478DA}\mpengine.dll
2014-05-23 12:25 . 2014-05-23 12:25 -------- d-----w- C:\New folder
2014-05-22 19:35 . 2014-05-22 19:35 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-22 19:35 . 2014-05-22 19:35 -------- d-----w- c:\program files (x86)\Java
2014-05-22 14:47 . 2014-05-22 14:47 -------- d-----w- c:\program files (x86)\Spybot
2014-05-21 15:16 . 2014-05-21 15:16 -------- d--h--w- c:\programdata\Common Files
2014-05-21 15:16 . 2014-05-23 11:03 -------- d-----w- c:\programdata\MFAData
2014-05-20 16:44 . 2014-05-20 17:35 -------- d-----w- c:\programdata\HitmanPro
2014-05-19 20:42 . 2014-05-26 14:25 -------- d-----w- C:\AdwCleaner
2014-05-19 14:55 . 2014-05-19 14:55 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-05-19 14:20 . 2014-05-19 14:20 -------- d-----w- C:\Adobe XI Pro
2014-05-19 12:08 . 2014-05-20 22:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-05-16 13:39 . 2014-05-16 13:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-05-16 12:33 . 2014-05-20 21:34 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2014-05-16 12:32 . 2014-05-19 14:19 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2014-05-15 15:40 . 2013-09-20 14:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-05-15 15:21 . 2014-05-22 14:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-05-15 15:21 . 2014-05-22 14:51 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-05-15 07:06 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 07:06 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 07:06 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 07:06 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 19:56 . 2014-05-26 14:24 -------- d-----w- c:\program files (x86)\MSR
2014-05-14 14:25 . 2014-05-14 14:25 -------- d-----w- c:\windows\PCHEALTH
2014-05-14 14:22 . 2014-05-14 14:22 -------- d-----w- c:\program files\Microsoft Office
2014-05-14 14:22 . 2014-05-14 14:22 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2014-05-14 14:20 . 2014-05-14 14:20 -------- d-----r- C:\MSOCache
2014-05-14 12:30 . 2014-05-20 20:20 -------- d-----w- c:\program files (x86)\Secunia
2014-05-13 16:16 . 2014-05-20 21:44 -------- d-----w- c:\program files (x86)\Backblaze
2014-05-13 16:16 . 2014-05-13 16:16 -------- d-----w- c:\programdata\Backblaze
2014-05-13 00:43 . 2014-05-13 00:43 -------- d-----w- c:\program files (x86)\Cisco Systems
2014-05-12 17:51 . 2014-05-13 15:07 -------- d-----w- c:\program files\My Lockbox
2014-05-12 11:16 . 2014-05-13 16:17 -------- d-----w- C:\.bzvol
2014-05-09 11:41 . 2013-03-01 06:27 63568 ----a-w- c:\windows\system32\drivers\vmx86.sys
2014-05-09 11:40 . 2013-03-01 06:27 354896 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2014-05-09 11:40 . 2013-03-01 06:26 434256 ----a-w- c:\windows\SysWow64\vmnat.exe
2014-05-09 11:40 . 2013-03-01 06:26 30800 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2014-05-09 11:40 . 2013-03-01 06:27 943184 ----a-w- c:\windows\system32\vnetlib64.dll
2014-05-09 11:39 . 2013-03-01 06:26 33360 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2014-05-09 11:39 . 2011-08-30 02:11 39024 ----a-w- c:\windows\system32\drivers\hcmon.sys
2014-05-09 11:39 . 2014-05-27 17:24 -------- d-----w- c:\programdata\VMware
2014-05-09 11:39 . 2014-05-09 11:39 -------- d-----w- c:\program files (x86)\VMware
2014-05-09 11:39 . 2014-05-09 11:39 -------- d-----w- c:\program files (x86)\Common Files\VMware
2014-05-09 11:38 . 2014-05-09 11:38 -------- d-----w- c:\program files\Common Files\VMware
2014-05-07 13:29 . 2014-05-07 13:29 -------- d-----w- c:\programdata\Canon Electronics
2014-05-06 17:18 . 2014-05-18 07:05 -------- d-----w- c:\windows\system32\MRT
2014-05-06 17:12 . 2012-12-17 12:56 152576 ----a-w- c:\windows\system32\DR25SVC.dll
2014-05-06 17:12 . 2009-05-13 20:08 491792 ----a-w- c:\windows\SysWow64\qd1.dll
2014-05-06 14:09 . 2014-05-06 14:09 -------- d-----w- c:\programdata\Oracle
2014-05-06 14:05 . 2014-05-06 14:04 313256 ----a-w- c:\windows\system32\javaws.exe
2014-05-06 14:04 . 2014-05-06 14:04 189352 ----a-w- c:\windows\system32\javaw.exe
2014-05-06 14:04 . 2014-05-06 14:04 189352 ----a-w- c:\windows\system32\java.exe
2014-05-06 14:04 . 2014-05-06 14:04 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-05-06 14:04 . 2014-05-06 14:04 -------- d-----w- c:\program files\Java
2014-05-06 13:31 . 2006-05-17 01:40 233744 ----a-w- c:\windows\SysWow64\PIXMDLN.DLL
2014-05-06 13:09 . 2009-05-13 20:16 200704 ----a-w- c:\windows\SysWow64\twpix32.dll
2014-05-06 13:09 . 2009-05-13 20:05 21008 ----a-w- c:\windows\system\Ctl3d.dll
2014-05-06 13:09 . 2003-12-18 22:09 23152 ----a-w- c:\windows\system\Pixperm.dll
2014-05-06 13:09 . 2003-12-18 22:09 16064 ----a-w- c:\windows\system\Pixloc.dll
2014-05-06 13:09 . 1998-04-13 17:13 98304 ----a-w- c:\windows\SysWow64\Wiaext32.dll
2014-05-06 13:09 . 2003-12-18 22:09 231552 ----a-w- c:\windows\system\Pixdflt.dll
2014-05-06 13:06 . 2014-05-20 21:51 -------- d-----w- c:\programdata\ISIS Drivers
2014-05-06 12:51 . 2014-05-06 12:51 -------- d-----w- C:\DR Scanner
2014-05-06 12:43 . 2014-05-06 12:43 -------- d-----w- C:\DR2580C
2014-05-06 12:37 . 2008-11-11 23:00 96768 ----a-w- c:\windows\system32\DR25CPL.dll
2014-05-06 12:37 . 2007-04-24 11:53 83456 ----a-w- c:\windows\system32\CeiUSB64.dll
2014-05-06 11:52 . 2014-05-20 22:19 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-06 11:29 . 2014-05-07 13:22 -------- d-----w- C:\CapturePerfect Upgrade
2014-05-06 07:02 . 2014-05-06 07:02 -------- d-----w- c:\program files (x86)\MSXML 4.0
2014-05-05 20:53 . 2014-05-20 22:03 -------- d-----w- c:\windows\SysWow64\spool
2014-05-05 20:24 . 2014-05-20 21:51 -------- d-----w- c:\program files\Microsoft Silverlight
2014-05-05 20:24 . 2014-05-20 21:45 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-05-05 20:15 . 2014-05-20 21:51 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2014-05-05 19:50 . 2014-05-05 19:53 -------- d-----w- C:\HP Universal Print Driver
2014-05-05 18:52 . 2014-05-05 18:52 65536 ----a-w- c:\windows\SysWow64\LTWNode.exe
2014-05-05 18:52 . 2014-05-05 18:52 204800 ----a-w- c:\windows\SysWow64\ltwpvsw.DLL
2014-05-05 18:44 . 2014-05-05 18:44 -------- d-----w- c:\programdata\Pervasive Software
2014-05-05 18:44 . 2014-05-05 18:44 -------- d-----w- c:\program files (x86)\Pervasive Software
2014-05-05 18:22 . 2014-05-20 21:44 -------- d-----w- C:\LTAPPS
2014-05-05 18:18 . 2014-05-05 18:18 -------- d-----w- C:\Wages
2014-05-05 18:07 . 2001-06-01 18:17 169600 ----a-w- c:\windows\SysWow64\WSpell.ocx
2014-05-05 15:26 . 2014-05-05 15:26 -------- d-----w- c:\programdata\Malwarebytes
2014-05-05 14:49 . 1998-05-12 00:01 1355776 ----a-w- c:\windows\SysWow64\msvbvm50.dll
2014-05-05 14:49 . 2014-05-25 16:10 -------- d-----w- C:\MWACCT
2014-05-05 14:24 . 2014-05-20 21:44 -------- d-----w- c:\program files (x86)\Common Files\AnswerWorks 5.0
2014-05-05 14:24 . 2009-05-12 19:14 4169728 ----a-w- c:\windows\SysWow64\cdintf400.dll
2014-05-05 14:24 . 2014-05-05 14:24 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2014-05-05 14:24 . 2014-05-20 21:46 -------- d-----w- c:\program files (x86)\Quicken
2014-05-05 14:23 . 2014-05-05 14:23 -------- d-----w- c:\programdata\Intuit
2014-05-05 14:13 . 2014-05-20 21:52 -------- d-----w- C:\Quicken 2014
2014-05-05 13:54 . 2008-05-07 23:59 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL
2014-05-05 13:43 . 2014-05-05 13:43 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2014-05-05 07:06 . 2014-05-05 07:06 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-05-04 07:37 . 2014-05-20 22:03 -------- d-----w- c:\windows\SysWow64\Wat
2014-05-04 07:37 . 2014-05-20 22:02 -------- d-----w- c:\windows\system32\Wat
2014-05-04 07:17 . 2014-05-04 07:17 -------- d-----w- c:\windows\Migration
2014-05-04 07:06 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-05-04 07:06 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-05-04 07:06 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-05-04 07:06 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-05-04 07:06 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-05-04 07:06 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-05-04 07:06 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-05-03 20:55 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-05-03 20:53 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-05-03 20:46 . 2014-05-03 20:46 -------- d-----w- c:\windows\system32\appmgmt
2014-05-03 20:40 . 2014-05-14 15:55 -------- d-----w- C:\Office 2000
2014-05-03 20:34 . 2014-05-22 20:23 -------- d-----w- c:\programdata\Microsoft Help
2014-05-03 20:21 . 2014-05-20 21:45 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-05-03 19:48 . 2009-07-14 01:41 886784 ----a-w- c:\windows\system32\wab32.dll
2014-05-03 19:48 . 2009-07-14 01:33 1098752 ----a-w- c:\windows\system32\wab32res.dll
2014-05-03 19:40 . 2014-05-20 21:55 -------- d-----w- c:\windows\Msagent
2014-05-03 19:33 . 2009-08-04 17:56 296960 ----a-w- c:\windows\winhlp32.exe
2014-05-03 19:33 . 2009-08-04 17:55 195072 ----a-w- c:\windows\SysWow64\ftsrch.dll
2014-05-03 19:33 . 2009-08-04 17:55 195072 ----a-w- c:\windows\system32\ftsrch.dll
2014-05-03 19:33 . 2009-08-04 17:55 9216 ----a-w- c:\windows\SysWow64\ftlx0411.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 12:36 . 2014-03-21 17:36 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 12:36 . 2014-03-21 17:36 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-15 06:34 . 2014-04-15 06:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-03 21:23 . 2012-11-08 22:40 70592 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-04-03 21:16 . 2012-11-08 22:37 346760 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-04-03 21:15 . 2014-03-21 17:52 189912 ----a-w- c:\windows\system32\mfevtps.exe
2014-04-03 21:10 . 2012-11-08 22:35 784760 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-04-03 21:08 . 2012-11-08 22:34 522360 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-04-03 21:06 . 2012-11-08 22:34 311856 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-04-03 21:03 . 2012-11-08 22:33 177544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-03-31 13:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-22 08:21 . 2014-03-22 08:21 360832 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2014-03-22 08:21 . 2014-03-22 08:21 936448 ----a-w- c:\windows\system32\vmsal.exe
2014-03-22 08:21 . 2014-03-22 08:21 793600 ----a-w- c:\windows\SysWow64\vmsal.exe
2014-03-22 08:21 . 2014-03-22 08:21 59392 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2014-03-22 08:21 . 2014-03-22 08:21 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2014-03-22 08:21 . 2014-03-22 08:21 4514816 ----a-w- c:\windows\system32\vpc.exe
2014-03-22 08:21 . 2014-03-22 08:21 2264064 ----a-w- c:\windows\system32\VPCWizard.exe
2014-03-22 08:21 . 2014-03-22 08:21 1369600 ----a-w- c:\windows\system32\VPCSettings.exe
2014-03-22 08:21 . 2014-03-22 08:21 1210368 ----a-w- c:\windows\system32\VMWindow.exe
2014-03-22 08:21 . 2014-03-22 08:21 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2014-03-22 08:21 . 2014-03-22 08:21 194944 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2014-03-22 08:21 . 2014-03-22 08:21 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll
2014-03-22 08:21 . 2014-03-22 08:21 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2014-03-22 08:21 . 2014-03-22 08:21 778752 ----a-w- c:\windows\system32\mssvp.dll
2014-03-22 08:21 . 2014-03-22 08:21 75264 ----a-w- c:\windows\system32\msscntrs.dll
2014-03-22 08:21 . 2014-03-22 08:21 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2014-03-22 08:21 . 2014-03-22 08:21 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2014-03-22 08:21 . 2014-03-22 08:21 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2014-03-22 08:21 . 2014-03-22 08:21 491520 ----a-w- c:\windows\system32\mssph.dll
2014-03-22 08:21 . 2014-03-22 08:21 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2014-03-22 08:21 . 2014-03-22 08:21 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2014-03-22 08:21 . 2014-03-22 08:21 288256 ----a-w- c:\windows\system32\mssphtb.dll
2014-03-22 08:21 . 2014-03-22 08:21 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2014-03-22 08:21 . 2014-03-22 08:21 2315776 ----a-w- c:\windows\system32\tquery.dll
2014-03-22 08:21 . 2014-03-22 08:21 2223616 ----a-w- c:\windows\system32\mssrch.dll
2014-03-22 08:21 . 2014-03-22 08:21 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2014-03-22 08:21 . 2014-03-22 08:21 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2014-03-22 08:21 . 2014-03-22 08:21 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2014-03-22 08:21 . 2014-03-22 08:21 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2014-03-22 08:21 . 2014-03-22 08:21 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2014-03-22 08:21 . 2014-03-22 08:21 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-03-22 08:21 . 2014-03-22 08:21 830464 ----a-w- c:\windows\system32\nshwfp.dll
2014-03-22 08:21 . 2014-03-22 08:21 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2014-03-22 08:21 . 2014-03-22 08:21 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2014-03-22 08:21 . 2014-03-22 08:21 46080 ----a-w- c:\windows\system32\atmlib.dll
2014-03-22 08:21 . 2014-03-22 08:21 41472 ----a-w- c:\windows\system32\lpk.dll
2014-03-22 08:21 . 2014-03-22 08:21 368128 ----a-w- c:\windows\system32\atmfd.dll
2014-03-22 08:21 . 2014-03-22 08:21 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2014-03-22 08:21 . 2014-03-22 08:21 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-03-22 08:21 . 2014-03-22 08:21 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2014-03-22 08:21 . 2014-03-22 08:21 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2014-03-22 08:21 . 2014-03-22 08:21 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2014-03-22 08:21 . 2014-03-22 08:21 197120 ----a-w- c:\windows\system32\credui.dll
2014-03-22 08:21 . 2014-03-22 08:21 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-03-22 08:21 . 2014-03-22 08:21 168960 ----a-w- c:\windows\SysWow64\credui.dll
2014-03-22 08:21 . 2014-03-22 08:21 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2014-03-22 08:21 . 2014-03-22 08:21 1474048 ----a-w- c:\windows\system32\crypt32.dll
2014-03-22 08:21 . 2014-03-22 08:21 14336 ----a-w- c:\windows\system32\dciman32.dll
2014-03-22 08:21 . 2014-03-22 08:21 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2014-03-22 08:21 . 2014-03-22 08:21 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2014-03-22 08:21 . 2014-03-22 08:21 100864 ----a-w- c:\windows\system32\fontsub.dll
2014-03-22 08:21 . 2014-03-22 08:21 81920 ----a-w- c:\windows\SysWow64\davclnt.dll
2014-03-22 08:21 . 2014-03-22 08:21 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2014-03-22 08:21 . 2014-03-22 08:21 6656 ----a-w- c:\windows\system32\apisetschema.dll
2014-03-22 08:21 . 2014-03-22 08:21 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2014-03-22 08:21 . 2014-03-22 08:21 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 338432 ----a-w- c:\windows\system32\conhost.exe
2014-03-22 08:21 . 2014-03-22 08:21 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2014-03-22 08:21 . 2014-03-22 08:21 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"Backblaze"="c:\program files (x86)\Backblaze\bzbui.exe" [2014-05-13 492136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-04-25 4101584]
"mcpltui_exe"="c:\program files\Common Files\McAfee\Platform\mcuicnt.exe" [2013-09-11 645168]
.
c:\users\Barry Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe [2014-5-5 25214]
Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe -SRDE [2014-5-5 92854]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe\0bddel.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S1 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 bzserv;Backblaze Service;c:\program files (x86)\Backblaze\bzserv.exe;c:\program files (x86)\Backblaze\bzserv.exe [x]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 McOobeSv2;McAfee OOBE Service2;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\sftservice.exe;c:\program files (x86)\Dell Backup and Recovery\sftservice.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-21 13:17 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-21 12:36]
.
2014-05-15 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-05-15 18:14]
.
2014-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-02 20:12]
.
2014-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-02 20:12]
.
2014-05-15 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-05-15 18:13]
.
2014-05-15 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-05-15 18:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileBackuped]
@="{831cebdd-6baf-4432-be76-9e0989c14aef}"
[HKEY_CLASSES_ROOT\CLSID\{831cebdd-6baf-4432-be76-9e0989c14aef}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileNotBackuped]
@="{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}"
[HKEY_CLASSES_ROOT\CLSID\{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-08-11 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-08-11 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-08-11 444400]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-07-27 7194840]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-07-29 1321688]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-07-30 36352]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 205.152.144.23 205.152.132.23
FF - ProfilePath - c:\users\Barry Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\76t9nm76.default\
FF - prefs.js: network.proxy.ssl_port - 8118
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-05-27 13:29:23 - machine was rebooted
ComboFix-quarantined-files.txt 2014-05-27 17:29
.
Pre-Run: 401,124,175,872 bytes free
Post-Run: 400,572,882,944 bytes free
.
- - End Of File - - 5B6B3561063F4A3860330BE71BB71871
5C616939100B85E558DA92B899A0FC36

Nasty malware not detected by any removal software!

New member

Emeritus-Security Expert

New member

Attachments

Emeritus-Security Expert

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

New member

New member

New member

Emeritus-Security Expert

New member

New member

New member

Emeritus-Security Expert

New member