Grazie, askey127, for translating the logs for me, and for sticking with me through this. I have no clue what could be messing up Live Mail, but it must be something in the steps we're doing since it has happened the same way twice. Needless to say, I won't be taking HP's advice of using a restore point. I'll try to get MS updates, and see if there's a way of reloading Live Mail or something.
By the way, after I ran the OTL fix and pasted its log below, I got a pop-up window asking if I wanted to run jucheck.exe from Oracle America, Inc. (and showing the Java cup logo). Not knowing what that was or if it were legit, I clicked NO.
I presume the files named Yahoo! and Yahoo! Companion are bogus and have nothing to do with Yahoo! but deviously are given those names as a decoy so people think they are harmless or actually from Yahoo?
Here's the OTL runfix log, followed by the QuickScan log. Oh, before running Quick Scan, I checked Scan All Users, LOP Check and Purity Check, but left the Extra Registry checked as None. If that was incorrect, please let me know and I'll uncheck them and re-run.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{361E80BE-388B-4270-BF54-A10C2B756504}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361E80BE-388B-4270-BF54-A10C2B756504}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\0\win32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\HELPDIR\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}\InprocServer32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}\InprocServer32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\HELPDIR\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Yahoo\Companion\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\HELPDIR\ not found.
Registry key HKEY_USERS\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\65e6b425_0\ deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\65e6b425_0\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\65e6b425_0\\@|"" /E : value set successfully!
========== FILES ==========
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion\Modules folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion\Media folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion\Icons\skins folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion\Icons\e folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion\Icons folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion\Download folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion\Data\default folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion\Data folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion\Buttons\Cache folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion\Buttons folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! folder moved successfully.
C:\Users\MEACB Fam Desktop\AppData\LocalLow\Yahoo!\Companion\Buttons\Cache folder moved successfully.
C:\Users\MEACB Fam Desktop\AppData\LocalLow\Yahoo!\Companion\Buttons folder moved successfully.
C:\Users\MEACB Fam Desktop\AppData\LocalLow\Yahoo!\Companion folder moved successfully.
C:\Users\MEACB Fam Desktop\AppData\LocalLow\Yahoo! folder moved successfully.
C:\Users\All Users\Yahoo! folder moved successfully.
File\Folder C:\ProgramData\Yahoo! not found.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0 folder moved successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs folder moved successfully.
C:\Program Files (x86)\Yahoo!\Companion\Data folder moved successfully.
C:\Program Files (x86)\Yahoo!\Companion folder moved successfully.
C:\Program Files (x86)\Yahoo!\Common folder moved successfully.
C:\Program Files (x86)\Yahoo! folder moved successfully.
< ipconfig /flushdns /c >Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\_OTL\MovedFiles\cmd.bat deleted successfully.
C:\_OTL\MovedFiles\cmd.txt deleted successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.69.0 log created on 10182012_213842
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Quick Scan Log:OTL logfile created on: 10/18/2012 10:02:56 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\_OTL\MovedFiles
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.98 Gb Total Physical Memory | 4.26 Gb Available Physical Memory | 71.23% Memory free
11.96 Gb Paging File | 10.20 Gb Available in Paging File | 85.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.31 Gb Total Space | 848.02 Gb Free Space | 92.25% Space Free | Partition Type: NTFS
Drive D: | 12.11 Gb Total Space | 1.48 Gb Free Space | 12.25% Space Free | Partition Type: NTFS
Computer Name: MEACBFAMDESKTOP | User Name: MEACB Fam Desktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/10/17 13:16:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\_OTL\MovedFiles\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/05 14:59:56 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/07 01:08:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/17 12:24:24 | 000,445,232 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
PRC - [2011/06/17 12:24:14 | 000,129,840 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2011/06/09 07:37:18 | 000,264,008 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/06/09 07:37:00 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/06/09 07:36:34 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/23 11:16:38 | 000,136,488 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
PRC - [2011/03/09 16:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/01 15:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 15:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
========== Modules (No Company Name) ========== MOD - [2011/02/15 13:59:00 | 000,015,624 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP My Display\ACPIDll.dll
========== Services (SafeList) ========== SRV:
64bit: - [2011/10/23 14:50:28 | 000,309,760 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:
64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:
64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:
64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/07 01:08:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/17 12:24:14 | 000,129,840 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2011/06/09 07:37:18 | 000,264,008 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/09 16:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/03/07 17:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/01 15:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 15:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:
64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2012/02/15 10:50:16 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:
64bit: - [2011/12/07 05:31:02 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:
64bit: - [2011/12/07 05:07:06 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/12/07 05:07:06 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2011/10/23 14:50:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:
64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:
64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:
64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:
64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:
64bit: - [2011/05/04 18:44:00 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:
64bit: - [2011/04/22 04:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:
64bit: - [2011/04/21 19:46:54 | 001,360,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:
64bit: - [2011/04/21 06:07:22 | 000,399,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:
64bit: - [2011/04/21 06:07:22 | 000,131,656 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:
64bit: - [2011/04/20 19:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:
64bit: - [2011/03/30 21:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:
64bit: - [2011/03/30 21:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:
64bit: - [2011/03/23 11:17:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:
64bit: - [2011/03/14 20:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:
64bit: - [2011/01/27 00:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:
64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:
64bit: - [2010/11/15 19:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:
64bit: - [2010/11/06 02:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:
64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:
64bit: - [2010/07/13 06:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:
64bit: - [2010/01/18 17:40:26 | 000,004,608 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:
64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:
64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:
64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:
64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/10/17 13:03:48 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121017.019\ex64.sys -- (NAVEX15)
DRV - [2012/10/17 13:03:48 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/10/17 13:03:48 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121017.019\eng64.sys -- (NAVENG)
DRV - [2012/10/16 15:30:32 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121017.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/31 16:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/10 20:58:50 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/HPDSK/1IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://g.msn.com/HPDSK/1IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:
64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:
64bit: - HKLM\..\SearchScopes\{6C1FCA4D-F277-41F1-8E37-B6A2DC20C973}: "URL" =
http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE:
64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" =
http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:
64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" =
http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:
64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" =
http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/HPDSK/1IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://g.msn.com/HPDSK/1IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6C1FCA4D-F277-41F1-8E37-B6A2DC20C973}: "URL" =
http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" =
http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" =
http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" =
http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/HPDSK/1IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" =
http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" =
http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/HPDSK/1IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page =
http://g.msn.com/HPDSK/1IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://g.msn.com/HPDSK/1IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1003\..\SearchScopes\{6C1FCA4D-F277-41F1-8E37-B6A2DC20C973}: "URL" =
http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1003\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" =
http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1003\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" =
http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2241471103-1476502067-508736179-1003\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" =
http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
========== FireFox ========== FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/10/17 13:00:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/10/18 21:41:31 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:
64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:
64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:
64bit: - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2241471103-1476502067-508736179-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4:
64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:
64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:
64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2241471103-1476502067-508736179-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2241471103-1476502067-508736179-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:
64bit: - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A}
https://h50203.www5.hp.com/CSMWeb/Custo ... anager.CAB (Hewlett-Packard Online Support Services)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B4FA6AB-AAEC-4DAB-9708-67B1E14BAEF8}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ========== [2012/10/18 15:08:58 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{20838693-2FBE-4AC1-8DCF-48D8403B4C91}
[2012/10/17 20:27:16 | 000,000,000 | ---D | C] -- C:\2bb62fecf984874382aa8dc1
[2012/10/17 14:06:31 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\Roxio Log Files
[2012/10/17 13:22:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/17 13:02:50 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{B6349ED2-3BED-4CB0-AFD2-6549489530F0}
[2012/10/17 12:04:36 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{2E621614-3817-4A43-AC9F-811EB136D6ED}
[2012/10/16 14:48:44 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{23A4C51B-6A16-4496-A9B1-60C4919FC2F5}
[2012/10/15 23:41:06 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{1034BE7F-EA50-4575-B569-0C2757556D23}
[2012/10/15 11:15:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/15 08:07:05 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{08669D63-1A8B-4BB4-B424-695C89C3DB84}
[2012/10/14 10:54:24 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{792061C5-E1CB-47A9-97F2-35FDD37EB362}
[2012/10/14 00:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/10/14 00:10:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/14 00:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/10/14 00:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/10/13 23:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\Anti-Malware
[2012/10/13 21:49:29 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\Malwarebytes
[2012/10/13 21:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/13 21:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/13 21:49:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/13 21:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/13 14:45:08 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{63AA384D-553B-4472-BF60-9A70DF3EDBE7}
[2012/10/13 01:56:19 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\Kobo
[2012/10/13 01:51:02 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\ZinioReader4
[2012/10/13 01:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2012/10/13 01:21:26 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\VS Revo Group
[2012/10/13 01:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/10/13 00:29:38 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{31883C3D-FB5A-467B-8AF3-8288EB9C0192}
[2012/10/12 21:36:44 | 000,000,000 | ---D | C] -- C:\ID Vault
[2012/10/12 21:32:59 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\NPE
[2012/10/12 07:37:18 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{92AFC30E-490D-47F8-A34B-662B1FB5361F}
[2012/10/11 12:53:38 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{21D83205-9715-46B0-921E-971BF4974DCF}
[2012/10/11 12:49:48 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\Documents\OneNote Notebooks
[2012/10/10 20:01:04 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{0E008CF5-7F29-4429-9671-A608607FBEC0}
[2012/10/10 06:54:34 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{726B5BC4-21D0-4481-B20B-625E37C724F2}
[2012/10/09 14:58:06 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{52078DA1-A0D0-40D6-AA11-A388BB0E4507}
[2012/10/08 19:54:53 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{0FC9DBB8-7336-4418-8275-6286A39D1416}
[2012/10/08 07:54:30 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{A4BFB3DE-DB14-44CD-AAA0-6418EA2A1AE6}
[2012/10/07 19:37:24 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{35D6BD80-AAF1-497B-8BB7-4CC6699718FC}
[2012/10/06 09:21:58 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{3B819532-50AE-4940-94D0-ED23149C126B}
[2012/10/05 09:06:14 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{9CD3C714-06ED-4A67-8B98-A328D02DD67A}
[2012/10/04 16:36:59 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{51A1563E-80BD-43A5-9941-7317A4D2FE32}
[2012/10/03 20:06:57 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{07CD33FE-379E-4E64-818F-1CD4C884F0FA}
[2012/10/03 08:06:34 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{11FD3448-0873-4D2F-BB75-E181EC7E6E11}
[2012/10/02 18:40:47 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{B7D81391-FEAA-430F-98AA-F8F9F04FF4C3}
[2012/10/02 06:28:04 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{F7369093-D213-4B08-AE47-B748E55842E3}
[2012/10/01 16:21:40 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{5080F52E-1A1F-4F73-B8D5-551B5FCB26A8}
[2012/09/30 22:30:40 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{CAD513A3-ADEB-4B8A-AE73-820F2FC2A144}
[2012/09/30 09:09:19 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{D9A77CCE-8062-4196-A668-E8E9BA94F744}
[2012/09/29 18:20:39 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{32578E33-2483-4379-A6EA-9199AD0A97B0}
[2012/09/28 12:31:46 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{23384781-F390-4ACC-8195-14D9185C7272}
[2012/09/27 21:43:19 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{9C4A0F26-7E15-450D-8387-07E2DFD7B7A2}
[2012/09/27 09:42:56 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{73AD0A44-CB2F-4549-BDA8-9C0FDA1C0EC7}
[2012/09/25 18:50:47 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{3C0F2F73-6425-40BB-98A9-ABCC1ED2432C}
[2012/09/25 06:47:05 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{DCA2DE73-CDF8-4D29-9C85-5B5A2D9663FB}
[2012/09/24 09:33:52 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{CAA36B3A-27BE-42BF-A67F-7FFFFB3AAFE5}
[2012/09/23 10:01:21 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{01F34754-535B-4939-91A2-FF7A461425EA}
[2012/09/23 09:58:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/09/22 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{FEC5BD43-AD28-4CE9-A7FB-5A192B387C90}
[2012/09/22 07:16:14 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{B8C59C5E-4E13-4740-B7F6-149FB3D9CA30}
[2012/09/21 15:08:25 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{52E5FE43-8C32-4CBB-A8C8-AD82FB9B1E71}
[2012/09/20 19:10:18 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{DD5EDDF5-A423-49B8-B2D2-71430E5ACB5C}
[2012/09/20 17:15:47 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\Microsoft Help
[2012/09/20 17:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/09/20 06:44:07 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{69C7D921-4CD7-44AC-BF14-854F4D3D5E3B}
[2012/09/19 16:39:29 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{A96D65E8-B3B7-4F67-8F01-6D25A7023C78}
[2012/09/19 15:38:19 | 000,000,000 | ---D | C] -- C:\Users\MEACB Fam Desktop\AppData\Local\{72656B01-D0FF-4FC1-9506-6CD8080610E0}
========== Files - Modified Within 30 Days ========== [2012/10/18 21:48:48 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/18 21:48:48 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/18 21:43:35 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/18 21:41:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/18 21:41:12 | 521,396,223 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/18 21:40:21 | 000,161,214 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Documents\DBD Movie2.wlmp
[2012/10/18 21:31:10 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/18 00:00:07 | 000,165,376 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\SystemLook_x64.exe
[2012/10/17 22:20:19 | 000,001,513 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\dds - Shortcut.lnk
[2012/10/17 21:01:43 | 000,001,747 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\RevoUninPro - Shortcut.lnk
[2012/10/17 13:48:02 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMEACB Fam Desktop.job
[2012/10/17 13:47:53 | 000,307,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/17 13:23:08 | 000,000,971 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\OTL - Shortcut.lnk
[2012/10/17 13:22:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/17 13:07:50 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/17 13:07:50 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/17 13:07:50 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/17 13:04:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\file.ext
[2012/10/11 17:50:44 | 001,533,240 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 020.jpg
[2012/10/11 17:49:53 | 000,000,945 | ---- | M] () -- C:\Users\MEACB Fam Desktop\Desktop\Picture 037 - Shortcut.lnk
[2012/09/23 09:58:37 | 2126,888,244 | ---- | M] () -- C:\Windows\MEMORY.DMP
========== Files Created - No Company Name ========== [2012/10/18 15:57:35 | 001,755,122 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\002.JPG
[2012/10/18 15:45:30 | 001,528,958 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\DSCN1377.JPG
[2012/10/18 15:41:59 | 001,839,800 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Cristina TSA 2012 065.JPG
[2012/10/18 15:37:01 | 001,776,312 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Cristina TSA 2012 003.JPG
[2012/10/18 15:36:02 | 001,184,483 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\IMG_8506.JPG
[2012/10/18 15:34:27 | 022,730,328 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\124.AVI
[2012/10/18 15:30:56 | 001,352,288 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\047.JPG
[2012/10/18 15:30:51 | 001,781,130 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\037.JPG
[2012/10/18 15:29:03 | 001,750,969 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\112.JPG
[2012/10/18 15:28:43 | 001,999,311 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\158.JPG
[2012/10/18 15:28:08 | 001,844,599 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\069.JPG
[2012/10/18 15:19:07 | 001,632,881 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\539.JPG
[2012/10/18 15:17:42 | 002,008,097 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\478.JPG
[2012/10/18 15:16:59 | 002,068,651 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\463.JPG
[2012/10/18 15:15:44 | 002,111,730 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\420.JPG
[2012/10/18 15:14:38 | 002,024,335 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\331.JPG
[2012/10/17 23:59:34 | 000,165,376 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\SystemLook_x64.exe
[2012/10/17 22:20:19 | 000,001,513 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\dds - Shortcut.lnk
[2012/10/17 21:01:43 | 000,001,747 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\RevoUninPro - Shortcut.lnk
[2012/10/17 13:23:08 | 000,000,971 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\OTL - Shortcut.lnk
[2012/10/12 21:59:20 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/10/11 18:19:40 | 122,882,498 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 154.avi
[2012/10/11 18:19:34 | 036,580,968 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 152.avi
[2012/10/11 18:19:23 | 002,089,281 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 128.jpg
[2012/10/11 18:19:07 | 002,208,060 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 114.jpg
[2012/10/11 18:19:03 | 002,320,199 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 111.jpg
[2012/10/11 18:17:02 | 001,872,253 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 059.jpg
[2012/10/11 18:16:57 | 000,885,101 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 055.jpg
[2012/10/11 18:16:49 | 001,141,104 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 036.jpg
[2012/10/11 18:16:19 | 000,939,057 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 028.jpg
[2012/10/11 18:16:04 | 000,972,686 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 014.jpg
[2012/10/11 18:15:50 | 001,949,389 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\GSCamp 2011 164.jpg
[2012/10/11 18:04:09 | 001,561,828 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 557.jpg
[2012/10/11 18:04:00 | 001,547,854 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 487.jpg
[2012/10/11 18:03:41 | 004,541,742 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 430.MOV
[2012/10/11 18:03:27 | 001,423,044 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 411.jpg
[2012/10/11 18:03:10 | 001,506,615 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 358.jpg
[2012/10/11 18:02:51 | 001,533,682 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 328.jpg
[2012/10/11 18:02:44 | 001,543,713 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 298.jpg
[2012/10/11 17:57:49 | 001,545,214 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 262.jpg
[2012/10/11 17:57:45 | 001,512,136 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 267.jpg
[2012/10/11 17:57:33 | 001,471,182 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 233.jpg
[2012/10/11 17:57:29 | 001,557,870 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 225.jpg
[2012/10/11 17:57:25 | 001,534,319 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 224.jpg
[2012/10/11 17:57:18 | 001,543,210 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 180.jpg
[2012/10/11 17:57:07 | 001,499,299 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 179.jpg
[2012/10/11 17:57:01 | 014,050,336 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 175.MOV
[2012/10/11 17:56:55 | 010,965,992 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 174.MOV
[2012/10/11 17:56:22 | 001,544,011 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 146.jpg
[2012/10/11 17:56:12 | 001,523,183 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 142.jpg
[2012/10/11 17:51:17 | 001,495,507 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 039.jpg
[2012/10/11 17:51:00 | 001,564,827 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 032.jpg
[2012/10/11 17:50:43 | 001,533,240 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 020.jpg
[2012/10/11 17:50:25 | 001,525,391 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 015.jpg
[2012/10/11 17:50:17 | 001,512,477 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 010.jpg
[2012/10/11 17:50:09 | 002,169,412 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 115.MOV
[2012/10/11 17:49:59 | 003,644,872 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 037.MOV
[2012/10/11 17:49:53 | 000,000,945 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Desktop\Picture 037 - Shortcut.lnk
[2012/10/11 17:44:03 | 002,104,812 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\Picture 072.MOV
[2012/10/11 15:41:08 | 000,161,214 | ---- | C] () -- C:\Users\MEACB Fam Desktop\Documents\DBD Movie2.wlmp
[2012/09/23 09:58:37 | 2126,888,244 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/29 11:05:04 | 000,100,344 | ---- | C] () -- C:\Windows\HPBroker.dll
[2011/12/31 13:05:25 | 000,000,089 | ---- | C] () -- C:\Users\MEACB Fam Desktop\AppData\Local\msmathematics.qat.MEACB Fam Desktop
[2011/12/07 05:31:53 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011
[2011/07/24 15:50:36 | 000,305,256 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/06/21 02:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/06/07 11:08:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
[2011/06/07 11:08:58 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2011/02/11 11:15:43 | 000,773,448 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ========== [2011/12/31 12:46:46 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\Blio
[2012/10/17 13:53:11 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\ID Vault
[2012/10/13 19:42:43 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\SoftGrid Client
[2012/01/04 22:28:32 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\TP
[2012/02/21 10:00:46 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\WinBatch
[2012/01/04 16:35:07 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\Windows Live Writer
[2012/10/13 01:51:02 | 000,000,000 | ---D | M] -- C:\Users\MEACB Fam Desktop\AppData\Roaming\ZinioReader4
========== Purity Check ========== < End of report >