WIN64/Patched.B.Gen virus

Solved
By Harvey Pierce
Jun 28, 2012
  1. I have been reading a couple of threads that have had the same problem. I have run FRST64 and will paste FRST.TXT after this message. I have also run the FRST64 Search "services.exe" and will paste in the next post the Search.txt. My problems show up with IE9 slow downs and lock ups.
  2. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    Scan result of Farbar Recovery Scan Tool Version: 17-06-2012 04
    Ran by SYSTEM at 28-06-2012 12:09:20
    Running from L:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet002
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-06-16] (Adobe Systems Incorporated)
    HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [403112 2012-04-27] (Acronis)
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12459112 2012-03-27] (Realtek Semiconductor)
    HKLM\...\Run: [dyaaserv.exe] "C:\Program Files (x86)\DYMO DiscPainter\Drivers\Amd64\DYAASERV.exe" [228864 2010-02-03] (DYMO, Inc.)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4081008 2012-03-07] (ESET)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKLM-x32\...\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" [938680 2012-04-17] (iolo technologies, LLC)
    HKLM-x32\...\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [24216 2011-04-22] (PC Pitstop LLC)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation)
    HKLM-x32\...\Run: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\" [30264 2009-10-06] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" [55808 2010-05-10] (Sanford, L.P.)
    HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
    HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe" [506352 2011-06-12] ()
    HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
    HKLM-x32\...\Run: [CPMonitor] "C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe" [84464 2011-07-08] ()
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" [30568 2011-07-22] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1466760 2012-05-23] (Garmin)
    HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [144616 2011-03-01] (CyberLink Corp.)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [5955000 2012-04-27] (Acronis)
    HKLM-x32\...\Run: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler [2068856 2011-10-12] (Flexera Software LLC.)
    HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" [46952 2011-07-22] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171304 2012-04-27] (Acronis)
    HKLM-x32\...\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1061520 2012-05-08] (Carbonite, Inc.)
    HKLM-x32\...\Run: [PDF8 Registry Controller] "C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe" [173968 2012-05-25] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PDFProHook] "C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe" [1828752 2012-05-25] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [Nuance PDF Converter Professional 8-reminder] "C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 8\Ereg\Ereg.ini" [391 2012-06-26] ()
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
    HKU\Administrator\...\Run: [StartUp This] "C:\Program Files (x86)\Laplink\PCmover\LaunchSt.exe" [x]
    HKU\Administrator\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [2068856 2011-10-12] (Flexera Software LLC.)
    HKU\Administrator\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-05-30] (Google Inc.)
    HKU\Administrator\...\Run: [PlaxoUpdate] C:\Users\Administrator\AppData\Local\Plaxo\3.24.0.119\PlaxoHelper_en.exe -a [x]
    HKU\Administrator\...\Run: [PlaxoSysTray] C:\Users\Administrator\AppData\Local\Plaxo\3.24.0.119\PlaxoSysTray.exe [x]
    HKU\Administrator\...\Run: [GoToAssist Express Expert] "C:\Users\harvey.HARVEYPIERCE0\AppData\Local\Citrix\GoToAssist Express Expert\258\g2ax_start.exe" "/Trigger RunAtLogon" [149368 2010-11-01] (Citrix Online, a division of Citrix Systems, Inc.)
    HKU\Administrator\...\Run: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup [1825360 2011-01-28] (Sanford, L.P.)
    HKU\Administrator\...\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe [x]
    HKU\Administrator\...\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [1261472 2012-04-04] (Adobe Systems Incorporated)
    HKU\Administrator\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [109336 2012-06-18] (Siber Systems)
    HKU\Administrator\...\Run: [SolidCapture] C:\Program Files (x86)\SolidDocuments\SolidCapture\solidcapture.exe [5644288 2007-04-17] (Solid Documents, LLC)
    HKU\Administrator\...\Run: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart [839680 2010-06-16] ()
    HKU\Administrator\...\Run: [Download Nitro] "C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe" -autorun [x]
    HKU\Administrator\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Administrator\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1466760 2012-05-23] (Garmin)
    HKU\Administrator\...\Run: [ASO3SPCDone] "C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSS.exe" -startedafteroptimizationPartial [3455888 2012-03-22] (WinZip Computing, S.L. (WinZip Computing))
    HKU\Administrator\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Harvey\...\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe [x]
    HKU\Harvey\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-05-30] (Google Inc.)
    HKU\Harvey\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [109336 2012-06-18] (Siber Systems)
    HKU\Harvey\...\Run: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup [1825360 2011-01-28] (Sanford, L.P.)
    HKU\Harvey\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [2068856 2011-10-12] (Flexera Software LLC.)
    HKU\Harvey\...\Run: [PlaxoUpdate] C:\Users\Harvey\AppData\Local\Plaxo\3.24.0.119\PlaxoHelper_en.exe -a [x]
    HKU\Harvey\...\Run: [PlaxoSysTray] C:\Users\Harvey\AppData\Local\Plaxo\3.24.0.119\PlaxoSysTray.exe [x]
    HKU\Harvey\...\Run: [GoToAssist Express Expert] "C:\Users\harvey.HARVEYPIERCE0\AppData\Local\Citrix\GoToAssist Express Expert\258\g2ax_start.exe" "/Trigger RunAtLogon" [149368 2010-11-01] (Citrix Online, a division of Citrix Systems, Inc.)
    HKU\Harvey\...\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [1261472 2012-04-04] (Adobe Systems Incorporated)
    HKU\Harvey\...\Run: [SolidCapture] C:\Program Files (x86)\SolidDocuments\SolidCapture\solidcapture.exe [5644288 2007-04-17] (Solid Documents, LLC)
    HKU\Harvey\...\Run: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart [839680 2010-06-16] ()
    HKU\Harvey\...\Run: [Download Nitro] "C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe" -autorun [x]
    HKU\Harvey\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Harvey\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1466760 2012-05-23] (Garmin)
    HKU\Harvey\...\Run: [ASO3SPCDone] "C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSS.exe" -startedafteroptimizationPartial [3455888 2012-03-22] (WinZip Computing, S.L. (WinZip Computing))
    HKU\Harvey\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59240 2012-02-23] (Apple Inc.)
    HKU\harvey.HARVEYPIERCE0\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-05-30] (Google Inc.)
    HKU\harvey.HARVEYPIERCE0\...\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [213936 2006-05-16] (Macrovision Corporation)
    HKU\harvey.HARVEYPIERCE0\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
    HKU\harvey.HARVEYPIERCE0\...\Run: [GoToAssist Express Expert] "C:\Program Files (x86)\Citrix\GoToAssist Express Expert\403\g2ax_start.exe" "/Trigger RunAtLogon" [609144 2012-06-02] (Citrix Online, a division of Citrix Systems, Inc.)
    HKU\harvey.HARVEYPIERCE0\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1466760 2012-05-23] (Garmin)
    HKU\harvey.HARVEYPIERCE0\...\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [1261472 2012-04-04] (Adobe Systems Incorporated)
    HKU\harvey.HARVEYPIERCE0\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59240 2012-02-23] (Apple Inc.)
    HKU\harvey.HARVEYPIERCE0\...\Run: [PlaxoUpdate] C:\Users\harvey.HARVEYPIERCE0\AppData\Local\Plaxo\3.34.0.3\PlaxoHelper_en.exe -a [2074512 2012-03-21] (Plaxo, Inc.)
    HKU\harvey.HARVEYPIERCE0\...\Run: [PlaxoSysTray] C:\Users\harvey.HARVEYPIERCE0\AppData\Local\Plaxo\3.34.0.3\PlaxoSysTray.exe [16272 2012-03-21] (Plaxo, Inc.)
    HKU\harvey.HARVEYPIERCE0\...\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true [9786488 2012-06-11] (SugarSync, Inc.)
    HKU\harvey.HARVEYPIERCE0\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\harvey.HARVEYPIERCE0\...\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-01] (Adobe Systems Incorporated)
    HKU\harvey.HARVEYPIERCE0\...\Run: [PCShowServer] "C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [351888 2012-04-02] (NDS Technologies)
    HKU\harvey.HARVEYPIERCE0\...\Run: [UpdateFlow.Comcast] C:\Program Files (x86)\Comcast\pcBrowser.exe -AppKey=Comcast -URL=file://C:\Program Files (x86)\Comcast\OfflineUpdate\redirector.htm [x]
    HKU\harvey.HARVEYPIERCE0\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [109336 2012-06-18] (Siber Systems)
    HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2012-01-15] (Dell)
    HKLM-x32\...\Runonce: [SMRequiresRestart] [x]
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\759\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.12 208.67.220.220 208.67.222.222
    Tcpip\..\Interfaces\{A0221956-CA4F-4CAC-90E3-53A2EC034921}: [NameServer]192.168.0.12,208.67.222.222,208.67.220.220,192.168.0.1
    Lsa: [Notification Packages] scecli
    FAPassSync
    Startup: C:\Users\Administrator\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Gaaiho Collaboration.lnk
    ShortcutTarget: Gaaiho Collaboration.lnk -> C:\Program Files (x86)\Zeon\Gaaiho\Gaaiho Go Lite 3\bin\GaaihoGo3.exe (Zeon Corporation)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Nuance Cloud Connector.lnk
    ShortcutTarget: Nuance Cloud Connector.lnk -> C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladLauncher.exe ()
    Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Harvey\Start Menu\Programs\Startup\Comcast Universal Caller ID.lnk
    ShortcutTarget: Comcast Universal Caller ID.lnk -> C:\Program Files (x86)\Comcast Universal Caller ID\Comcast Universal Caller ID.exe (No File)
    Startup: C:\Users\Harvey\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\harvey.HARVEYPIERCE0\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\harvey.HARVEYPIERCE0\Start Menu\Programs\Startup\FedEx Desktop.lnk
    ShortcutTarget: FedEx Desktop.lnk -> C:\Program Files (x86)\FedEx\FedEx Desktop\FedEx Desktop.exe ()
    ==================== Services (Whitelisted) ======
    2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2011-02-09] ()
    4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2010-05-25] (ArcSoft Inc.)
    2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1132824 2012-04-27] (Acronis)
    3 Adobe Version Cue CS3; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service [153792 2007-03-20] (Adobe Systems Incorporated)
    3 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
    2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3459024 2012-06-06] (Acronis)
    3 Agent; C:\Windows\agent_x64.exe [102912 2011-08-24] ()
    3 APCPBEAgent; C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe [34168 2011-01-26] (APC)
    3 APCPBEServer; C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE [54728 2011-01-26] (APC)
    3 ASO3DiskOptimizer; C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [263480 2010-10-05] (Systweak Inc., (www.systweak.com))
    2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [193816 2012-02-10] (Microsoft Corporation.)
    3 BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [240408 2012-02-10] (Microsoft Corporation.)
    3 BOT4Service; "C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe" [21488 2011-07-15] ()
    4 BOTService; "C:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe" [211440 2011-07-14] (Rovi Corporation)
    2 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [6715024 2012-05-08] (Carbonite, Inc. (www.carbonite.com))
    3 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [127352 2009-06-23] (CinemaNow, Inc.)
    2 CLDTVHNService; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [75048 2009-09-17] ()
    3 CLKMSVC10_1628BCEA; "C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe" /svc [240360 2011-03-01] (CyberLink)
    2 Diskeeper; "C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe" [2646864 2012-01-04] (Diskeeper Corporation)
    2 DragonSvc; C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [296808 2010-07-23] (Nuance Communications, Inc.)
    2 DymoPnpService; "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe" [32336 2011-01-28] (Sanford, L.P.)
    2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [913144 2012-03-07] (ESET)
    2 GladFileMonSvc; "C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe" [29592 2012-05-18] (Gladinet, INC)
    3 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe /service [4986032 2012-02-28] ()
    2 gupdate1c999ea5dd8cfe4; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [136176 2010-05-30] (Google Inc.)
    3 HDRExpressService; C:\Program Files\UCT\HDR Express\HDRExpressService.exe [28432 2011-04-04] ()
    4 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
    4 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.)
    2 ioloFileInfoList; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1047336 2012-04-17] (iolo technologies, LLC)
    2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1047336 2012-04-17] (iolo technologies, LLC)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
    3 MemeoBackgroundService; C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [25824 2009-11-12] (Memeo)
    2 MSSQL$COMPASS20; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sCOMPASS20 [29293408 2010-12-10] (Microsoft Corporation)
    4 MSSQLServerADHelper; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [44384 2010-12-10] (Microsoft Corporation)
    2 OneTouch 4.0 Monitor; "C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe" [221184 2010-10-15] (Visioneer Inc.)
    4 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [91304 2011-04-22] (PC Pitstop LLC)
    2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-05-25] (Nuance Communications, Inc.)
    3 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [138600 2011-07-22] (Nuance Communications, Inc.)
    3 RoxMediaDB13; "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe" [1095664 2011-07-13] (Rovi Corporation)
    3 RoxMediaDBVHS; "C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe" [1116656 2010-02-19] (Sonic Solutions)
    2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe" [340976 2011-07-13] (Rovi Corporation)
    2 SQLWriter; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [153440 2010-12-10] (Microsoft Corporation)
    2 syncagentsrv; "C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe" [5914912 2012-04-27] (Acronis)
    3 WINZIPSSDiskOptimizer; C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [628624 2012-03-22] (WinZip Computing, S.L. (WinZip Computing))
    3 pcCMService64; "C:\Program Files\Common Files\Motive\pcCMService.exe" [x]
    3 pcServiceHost; "C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe" [x]
    ========================== Drivers (Whitelisted) =============
    3 afcdp; C:\Windows\System32\Drivers\afcdp.sys [367200 2012-03-11] (Acronis)
    3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
    3 athrusb6; C:\Windows\System32\DRIVERS\athrxu6.sys [1041920 2007-07-05] (Atheros Communications, Inc.)
    3 CAXHWBS2; C:\Windows\System32\Drivers\CAXHWBS2.sys [411136 2009-06-30] (Conexant Systems, Inc.)
    3 DigiartyVirtualCDBus; C:\Windows\System32\Drivers\DigiartyVirtualCDBus.sys [276256 2012-01-06] (Digiarty Software, Inc.)
    3 DKRtWrt; C:\Windows\System32\Drivers\DKRtWrt.sys [44624 2011-02-14] (Diskeeper Corporation)
    3 DrvAgent64; C:\Windows\SysWow64\Drivers\DrvAgent64.sys [21712 2011-05-01] (Phoenix Technologies)
    3 DYUSB; C:\Windows\System32\Drivers\DYUSB.sys [47104 2009-12-02] (Cypress Semiconductor)
    3 DYUSB; C:\Windows\SysWow64\Drivers\DYUSB.sys [39936 2009-12-02] (Cypress Semiconductor)
    1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209768 2012-03-14] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-14] (ESET)
    1 ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [23464 2009-09-08] (EldoS Corporation)
    2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2012-03-14] (ESET)
    1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2012-03-14] (ESET)
    0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2012-03-14] (ESET)
    1 FileDisk; C:\Windows\SysWow64\Drivers\FileDisk.sys [9341 2006-07-24] (iolo technologies, LLC (based on original work by Bo Brantén))
    0 fltsrv; C:\Windows\System32\Drivers\fltsrv.sys [137312 2012-06-06] (Acronis)
    3 FTDIBUS; C:\Windows\System32\Drivers\FTDIBUS.sys [72648 2010-07-12] (FTDI Ltd.)
    3 FTSER2K; C:\Windows\System32\Drivers\FTSER2K.sys [85384 2011-03-18] (FTDI Ltd.)
    3 grmnusb; C:\Windows\System32\Drivers\grmnusb.sys [20520 2009-05-08] (GARMIN Corp.)
    3 ICDUSB3; C:\Windows\System32\Drivers\ICDUSB3.sys [13312 2008-08-18] (Sony Corporation)
    1 kl1; C:\Windows\System32\Drivers\kl1.sys [460888 2010-08-09] (Kaspersky Lab ZAO)
    1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [354320 2010-05-28] (Kaspersky Lab)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
    3 MODEMCSA; C:\Windows\System32\Drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
    2 ntk_dtv; \??\C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [82416 2009-09-17] (Cyberlink Corp.)
    3 NW1950; C:\Windows\System32\Drivers\NW1950.sys [24568 2009-07-29] ()
    3 pmxdrv; C:\Windows\System32\Drivers\pmxdrv.sys [38536 2010-11-19] ()
    3 RemoteControl-USBLAN; C:\Windows\System32\DRIVERS\rcblan.sys [46616 2007-01-24] (Belcarra Technologies)
    3 Revoflt; C:\Windows\System32\Drivers\Revoflt.sys [31800 2009-12-30] (VS Revo Group)
    3 ser2at; C:\Windows\System32\DRIVERS\ser2at64.sys [96256 2009-10-15] (ATEN)
    0 snapman; C:\Windows\System32\Drivers\snapman.sys [320096 2012-06-06] (Acronis)
    0 SysCow; C:\Windows\System32\drivers\syscowad64v.sys [164848 2010-05-23] (Sonic Solutions)
    0 tdrpman; C:\Windows\System32\Drivers\tdrpman.sys [1294432 2012-06-06] (Acronis)
    0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [994912 2012-06-06] (Acronis)
    0 vididr; C:\Windows\System32\Drivers\vididr.sys [211552 2012-06-06] (Acronis)
    0 vidsflt67; C:\Windows\System32\DRIVERS\vsflt67.sys [146528 2012-06-06] (Acronis)
    2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; \??\C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-12-29] (CyberLink Corp.)
    3 DfSdkS; [x]
    3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [x]
    3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
    3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
    3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
    3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [x]
    3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
    3 Ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [x]
    3 PcdrNdisuio; C:\Windows\SysWow64\drivers\pcdrndisuio.sys [x]
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-06-26 06:40 - 2012-06-26 06:40 - 00152233 ____A C:\Windows\System32\Drivers\klin.dat
    2012-06-26 06:40 - 2012-06-26 06:40 - 00107177 ____A C:\Windows\System32\Drivers\klick.dat
    2012-06-26 06:32 - 2012-06-26 07:06 - 00000000 ____D C:\Users\All Users\PLAV
    2012-06-26 06:32 - 2012-06-26 07:06 - 00000000 ____D C:\Users\All Users\Application Data\PLAV
    2012-06-26 06:32 - 2012-06-26 06:32 - 00000000 ____D C:\Users\All Users\ParetoLogic Anti-Virus PLUS
    2012-06-26 06:32 - 2012-06-26 06:32 - 00000000 ____D C:\Users\All Users\Application Data\ParetoLogic Anti-Virus PLUS
    2012-06-26 06:30 - 2012-06-26 06:30 - 08871304 ____A (ParetoLogic Inc.) C:\Users\harvey.HARVEYPIERCE0\Desktop\Pareto_AV_Setup_RW.exe
    2012-06-23 08:12 - 2012-06-28 12:09 - 00000000 ____D C:\FRST
    2012-06-22 19:50 - 2012-06-22 19:50 - 00001152 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-22 19:50 - 2012-06-22 19:50 - 00001152 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-22 19:50 - 2012-06-22 19:50 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Application Data\Malwarebytes
    2012-06-22 19:50 - 2012-06-22 19:50 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Malwarebytes
    2012-06-22 19:50 - 2012-06-22 19:50 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-22 19:50 - 2012-06-22 19:50 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-06-22 19:50 - 2012-06-22 19:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-22 19:50 - 2012-04-04 14:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-20 19:59 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-20 19:59 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-20 19:59 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-20 19:59 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-20 19:59 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-20 19:59 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-20 19:59 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-20 19:59 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-20 19:59 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-19 19:32 - 2012-06-19 19:32 - 00000000 ____D C:\Users\All Users\Gaaiho
    2012-06-19 19:32 - 2012-06-19 19:32 - 00000000 ____D C:\Users\All Users\Application Data\Gaaiho
    2012-06-19 09:05 - 2012-06-19 09:05 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\My Documents\PDF Favorites
    2012-06-19 09:05 - 2012-06-19 09:05 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Documents\PDF Favorites
    2012-06-19 08:13 - 2012-06-26 07:02 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\gladinet
    2012-06-19 08:13 - 2012-06-26 07:02 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Application Data\gladinet
    2012-06-19 08:13 - 2012-06-26 07:02 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Local\gladinet
    2012-06-19 08:05 - 2012-06-19 08:05 - 00000000 ____D C:\Program Files (x86)\Zeon
    2012-06-19 08:04 - 2012-06-19 08:04 - 00002187 ____A C:\Users\Public\Desktop\Nuance Cloud Connector.lnk
    2012-06-19 08:04 - 2012-06-19 08:04 - 00002187 ____A C:\Users\All Users\Desktop\Nuance Cloud Connector.lnk
    2012-06-19 08:04 - 2012-06-19 08:04 - 00000000 ___HD C:\Gladinet
    2012-06-19 04:57 - 2012-06-20 07:42 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Downloads\Utilities
    2012-06-18 11:19 - 2012-06-18 11:19 - 00038912 ____A C:\Users\harvey.HARVEYPIERCE0\My Documents\Davis Spline.zdl
    2012-06-18 11:19 - 2012-06-18 11:19 - 00038912 ____A C:\Users\harvey.HARVEYPIERCE0\Documents\Davis Spline.zdl
    2012-06-18 10:12 - 2012-06-18 10:19 - 00020992 ____A C:\Users\harvey.HARVEYPIERCE0\My Documents\RJ Spline 4 in.zdl
    2012-06-18 10:12 - 2012-06-18 10:19 - 00020992 ____A C:\Users\harvey.HARVEYPIERCE0\Documents\RJ Spline 4 in.zdl
    2012-06-18 10:00 - 2012-06-18 10:21 - 00014848 ____A C:\Users\harvey.HARVEYPIERCE0\My Documents\RJ Spline 3 in.zdl
    2012-06-18 10:00 - 2012-06-18 10:21 - 00014848 ____A C:\Users\harvey.HARVEYPIERCE0\Documents\RJ Spline 3 in.zdl
    2012-06-17 10:03 - 2012-06-17 10:03 - 03507776 ____A ( ) C:\Users\harvey.HARVEYPIERCE0\My Documents\DIRECTV.v5618_CyberLink_DMS090512-03.exe
    2012-06-17 10:03 - 2012-06-17 10:03 - 03507776 ____A ( ) C:\Users\harvey.HARVEYPIERCE0\Documents\DIRECTV.v5618_CyberLink_DMS090512-03.exe
    2012-06-17 10:01 - 2012-06-17 10:01 - 00002097 ____A C:\Users\Public\Desktop\DIRECTV2PC(TM).lnk
    2012-06-17 10:01 - 2012-06-17 10:01 - 00002097 ____A C:\Users\All Users\Desktop\DIRECTV2PC(TM).lnk
    2012-06-14 19:41 - 2011-12-15 12:16 - 07163744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
    2012-06-14 19:41 - 2011-12-15 12:16 - 00433504 ____A (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
    2012-06-14 19:41 - 2011-12-15 12:16 - 00137056 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
    2012-06-14 19:41 - 2011-12-15 12:16 - 00120160 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
    2012-06-14 19:41 - 2011-12-15 12:16 - 00075104 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
    2012-06-14 19:40 - 2012-03-27 18:16 - 00272629 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT
    2012-06-14 19:40 - 2012-03-27 16:03 - 04015592 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
    2012-06-14 19:40 - 2012-03-21 14:55 - 02886656 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
    2012-06-14 19:40 - 2012-03-20 09:47 - 03608680 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
    2012-06-14 19:40 - 2012-03-19 18:01 - 00102504 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
    2012-06-14 19:40 - 2012-03-16 15:25 - 02670696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
    2012-06-14 19:40 - 2012-03-13 10:21 - 01251432 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
    2012-06-14 19:40 - 2012-03-08 10:47 - 00202336 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
    2012-06-14 19:40 - 2012-03-08 10:47 - 00108640 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
    2012-06-14 19:40 - 2012-03-07 10:09 - 00824424 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
    2012-06-14 19:40 - 2012-02-21 18:45 - 02605400 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
    2012-06-14 19:40 - 2012-02-21 13:26 - 02528832 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
    2012-06-14 19:40 - 2012-02-17 14:54 - 00396632 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll
    2012-06-14 19:40 - 2012-02-13 23:05 - 08363864 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll
    2012-06-14 19:40 - 2012-02-13 21:35 - 00978776 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll
    2012-06-14 19:40 - 2012-01-30 10:43 - 00836544 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo264.dll
    2012-06-14 19:40 - 2012-01-23 21:30 - 00537456 ____A (DTS) C:\Windows\System32\DTSU2PLFX64.dll
    2012-06-14 19:40 - 2012-01-23 21:30 - 00524656 ____A (DTS) C:\Windows\System32\DTSU2PGFX64.dll
    2012-06-14 19:40 - 2012-01-23 21:30 - 00449392 ____A (DTS) C:\Windows\System32\DTSU2PREC64.dll
    2012-06-14 19:40 - 2012-01-10 09:20 - 00065944 ____A (TOSHIBA CORPORATION.) C:\Windows\System32\tepeqapo64.dll
    2012-06-14 19:40 - 2011-12-20 14:32 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
    2012-06-14 19:40 - 2011-12-20 04:43 - 00220776 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
    2012-06-14 19:40 - 2011-12-18 16:58 - 02131288 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
    2012-06-14 19:40 - 2011-12-18 16:58 - 01247576 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek264.dll
    2012-06-13 12:24 - 2012-06-13 12:24 - 00000000 ____D C:\Users\All Users\ESET
    2012-06-13 12:24 - 2012-06-13 12:24 - 00000000 ____D C:\Users\All Users\Application Data\ESET
    2012-06-12 18:10 - 2012-05-17 21:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-12 18:10 - 2012-05-17 20:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-12 18:10 - 2012-05-17 20:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-12 18:10 - 2012-05-17 20:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-12 18:10 - 2012-05-17 20:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-12 18:10 - 2012-05-17 20:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-12 18:10 - 2012-05-17 20:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-12 18:10 - 2012-05-17 20:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-12 18:10 - 2012-05-17 20:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-12 18:10 - 2012-05-17 20:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-12 18:10 - 2012-05-17 20:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-12 18:10 - 2012-05-17 20:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-12 18:10 - 2012-05-17 18:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-12 18:10 - 2012-05-17 17:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-12 18:10 - 2012-05-17 17:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-12 18:10 - 2012-05-17 17:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-12 18:10 - 2012-05-17 17:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-12 18:10 - 2012-05-17 17:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-12 18:10 - 2012-05-17 17:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-12 18:10 - 2012-05-17 17:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-12 18:10 - 2012-05-17 17:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-12 18:10 - 2012-05-17 17:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-12 18:10 - 2012-05-17 17:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-12 18:10 - 2012-05-17 17:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-12 18:10 - 2012-05-17 17:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-12 18:09 - 2012-05-17 21:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-12 18:09 - 2012-05-17 21:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-12 18:09 - 2012-05-17 17:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-12 18:09 - 2012-05-04 06:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-12 18:09 - 2012-04-24 00:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-12 18:09 - 2012-04-24 00:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-12 18:09 - 2012-04-24 00:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-12 18:09 - 2012-04-23 23:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-12 18:09 - 2012-04-23 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-12 18:09 - 2012-04-23 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-12 18:08 - 2012-05-14 20:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-12 18:08 - 2012-05-04 06:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-06-12 18:08 - 2012-05-04 05:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-12 18:08 - 2012-05-04 05:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-12 18:08 - 2012-05-04 04:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-06-12 18:08 - 2012-05-01 00:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-12 18:08 - 2012-04-28 00:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-06-12 18:08 - 2012-04-27 22:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-12 18:08 - 2012-04-26 00:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-12 18:08 - 2012-04-26 00:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-12 18:08 - 2012-04-26 00:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-12 18:08 - 2012-04-07 07:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-12 18:08 - 2012-04-07 06:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-11 04:53 - 2012-06-26 06:57 - 00000000 ___RD C:\Users\harvey.HARVEYPIERCE0\Dropbox
    2012-06-11 04:53 - 2012-06-11 04:53 - 00001059 ____A C:\Users\harvey.HARVEYPIERCE0\Desktop\Dropbox.lnk
    2012-06-11 04:51 - 2012-06-27 20:42 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Application Data\Dropbox
    2012-06-11 04:51 - 2012-06-27 20:42 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Dropbox
    2012-06-10 14:29 - 2012-06-24 14:28 - 00000512 ____A C:\Windows\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
    2012-06-10 05:35 - 2012-06-10 05:35 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\WinZip
    2012-06-10 05:35 - 2012-06-10 05:35 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Application Data\WinZip
    2012-06-10 05:35 - 2012-06-10 05:35 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Local\WinZip
    2012-06-10 05:35 - 2012-06-10 05:35 - 00000000 ____D C:\Program Files\WinZip
    2012-06-06 05:11 - 2012-06-06 05:11 - 00994912 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
    2012-06-06 05:11 - 2012-06-06 05:11 - 00211552 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys
    2012-06-06 05:11 - 2012-06-06 05:11 - 00146528 ____A (Acronis) C:\Windows\System32\Drivers\vsflt67.sys
    2012-06-06 05:11 - 2012-06-06 05:11 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Application Data\B00A48D3-CC36-41AE-82E6-66DCDBDEC287
    2012-06-06 05:11 - 2012-06-06 05:11 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\B00A48D3-CC36-41AE-82E6-66DCDBDEC287
    2012-06-05 06:18 - 2012-06-05 06:18 - 00000000 ____D C:\Program Files\Recover Keys
    2012-06-05 06:13 - 2012-06-05 06:13 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Downloads\Recover Keys
    2012-06-04 04:54 - 2012-06-04 04:54 - 00001888 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-06-04 04:54 - 2012-06-04 04:54 - 00001888 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
    2012-06-03 12:23 - 2012-06-03 12:23 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\DIRECTV Player
    2012-06-03 12:23 - 2012-06-03 12:23 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Application Data\DIRECTV Player
    2012-06-03 12:23 - 2012-06-03 12:23 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player
    2012-05-31 18:01 - 2012-05-31 18:01 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Application Data\Motive
    2012-05-31 18:01 - 2012-05-31 18:01 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Motive
    2012-05-31 18:00 - 2012-06-23 12:32 - 00000000 ____D C:\Program Files\Common Files\Motive
    2012-05-31 17:59 - 2012-05-31 18:06 - 00000000 ____D C:\Users\All Users\Motive
    2012-05-31 17:59 - 2012-05-31 18:06 - 00000000 ____D C:\Users\All Users\Application Data\Motive
    2012-05-31 11:28 - 2012-05-31 11:28 - 00001049 ____A C:\Users\Public\Desktop\Stamps.com.lnk
    2012-05-31 11:28 - 2012-05-31 11:28 - 00001049 ____A C:\Users\All Users\Desktop\Stamps.com.lnk
    2012-05-31 11:28 - 2012-05-31 11:28 - 00000000 ____D C:\Users\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
    2012-05-31 11:28 - 2012-05-31 11:28 - 00000000 ____D C:\Users\All Users\Application Data\{C243CCC8-5474-45FC-A546-7FBC284A692E}
    2012-05-31 11:28 - 2012-05-31 11:28 - 00000000 ____D C:\Users\All Users\Application Data\{80E49840-FEC9-4009-B2F2-83DD9B68A990}
    2012-05-31 11:28 - 2012-05-31 11:28 - 00000000 ____D C:\Users\All Users\Application Data\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
    2012-05-31 11:28 - 2012-05-31 11:28 - 00000000 ____D C:\Users\All Users\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
    2012-05-31 11:28 - 2012-05-31 11:28 - 00000000 ____D C:\Users\All Users\{C243CCC8-5474-45FC-A546-7FBC284A692E}
    2012-05-31 11:28 - 2012-05-31 11:28 - 00000000 ____D C:\Users\All Users\{80E49840-FEC9-4009-B2F2-83DD9B68A990}
    2012-05-31 11:28 - 2012-05-31 11:28 - 00000000 ____D C:\Users\All Users\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
    2012-05-30 08:54 - 2012-06-11 19:38 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\My Documents\Neat Data
    2012-05-30 08:54 - 2012-06-11 19:38 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Documents\Neat Data
    2012-05-30 07:23 - 2012-05-30 07:23 - 00001899 ____A C:\Users\Public\Desktop\Neat.lnk
    2012-05-30 07:23 - 2012-05-30 07:23 - 00001899 ____A C:\Users\All Users\Desktop\Neat.lnk
    2012-05-30 07:23 - 2012-05-30 07:23 - 00000000 ____D C:\Program Files\Send To Neat
    2012-05-30 07:22 - 2011-08-24 13:01 - 00052224 ____A C:\Windows\System32\sdtnpm.dll
    2012-05-30 07:19 - 2012-05-30 07:23 - 00000000 ____D C:\Program Files (x86)\Neat
    2012-05-30 07:05 - 2012-05-30 07:05 - 00001237 ____A C:\Windows\NeatUninstall.LOG
  3. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    ============ 3 Months Modified Files and Folders =============
    2012-06-28 12:09 - 2012-06-23 08:12 - 00000000 ____D C:\FRST
    2012-06-28 11:07 - 2010-12-14 14:53 - 00000000 ____A C:\Windows\System32\AdmList.txt
    2012-06-28 11:07 - 2010-05-25 20:36 - 00000000 __SHD C:\System Volume Information
    2012-06-28 11:07 - 2009-07-14 00:10 - 01546592 ____A C:\Windows\WindowsUpdate.log
    2012-06-28 11:06 - 2010-05-30 08:04 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\My Documents\Outlook Files
    2012-06-28 11:06 - 2010-05-30 08:04 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Documents\Outlook Files
    2012-06-28 10:58 - 2010-12-28 20:20 - 00001796 ____A C:\Users\Public\Desktop\Delta Flight Schedules.lnk
    2012-06-28 10:58 - 2010-12-28 20:20 - 00001796 ____A C:\Users\All Users\Desktop\Delta Flight Schedules.lnk
    2012-06-28 10:58 - 2010-12-28 20:20 - 00000000 ____D C:\Program Files\DeltaFlights
    2012-06-28 10:58 - 2010-05-30 13:25 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Application Data\FedEx
    2012-06-28 10:58 - 2010-05-30 13:25 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\FedEx
    2012-06-28 10:20 - 2012-04-02 19:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-28 10:15 - 2010-05-29 17:33 - 00000144 ____A C:\Windows\System32\config\netlogon.ftl
    2012-06-28 10:09 - 2010-05-30 05:14 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-28 10:03 - 2012-06-28 10:03 - 00000000 __ASH C:\DkHyperbootSync
    2012-06-28 09:51 - 2011-10-19 09:20 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Application Data\5062B67F-2A07-4F0F-B0F8-0EAC69BFB8FF.aplzod
    2012-06-28 09:51 - 2011-10-19 09:20 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\5062B67F-2A07-4F0F-B0F8-0EAC69BFB8FF.aplzod
    2012-06-28 09:51 - 2011-10-19 09:20 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Local\5062B67F-2A07-4F0F-B0F8-0EAC69BFB8FF.aplzod
    2012-06-28 09:38 - 2011-09-12 11:55 - 00002159 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
    2012-06-28 09:38 - 2011-09-12 11:55 - 00002159 ____A C:\Users\All Users\Desktop\DivX Plus Converter.lnk
    2012-06-28 09:38 - 2011-09-12 11:55 - 00001629 ____A C:\Users\harvey.HARVEYPIERCE0\Desktop\DivX Movies.lnk
    2012-06-28 09:38 - 2011-09-12 11:54 - 00000000 ____D C:\Users\All Users\DivX
    2012-06-28 09:38 - 2011-09-12 11:54 - 00000000 ____D C:\Users\All Users\Application Data\DivX
    2012-06-28 09:38 - 2011-09-12 11:54 - 00000000 ____D C:\Program Files (x86)\DivX
    2012-06-28 09:37 - 2011-09-12 11:55 - 00001155 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
    2012-06-28 09:37 - 2011-09-12 11:55 - 00001155 ____A C:\Users\All Users\Desktop\DivX Plus Player.lnk
    2012-06-28 09:00 - 2012-04-20 07:35 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    2012-06-28 08:28 - 2011-06-07 18:55 - 00000000 ____D C:\Users\Public\Documents\Neat ADF Scanner
    2012-06-28 08:28 - 2011-06-07 18:55 - 00000000 ____D C:\Users\All Users\Documents\Neat ADF Scanner
    2012-06-28 07:55 - 2010-06-08 08:22 - 00000000 ____D C:\Program Files (x86)\Coupons
    2012-06-28 07:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
    2012-06-27 23:09 - 2010-05-30 05:14 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-27 20:42 - 2012-06-11 04:51 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Application Data\Dropbox
    2012-06-27 20:42 - 2012-06-11 04:51 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Dropbox
    2012-06-27 20:25 - 2010-05-30 12:00 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\My Documents\Acrobat Documents
    2012-06-27 20:25 - 2010-05-30 12:00 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Documents\Acrobat Documents
    2012-06-27 14:00 - 2012-04-20 07:35 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
    2012-06-26 13:51 - 2010-05-30 16:48 - 00000036 ___AH C:\Windows\SysWOW64\f9t.dat
    2012-06-26 07:08 - 2009-07-13 23:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-26 07:08 - 2009-07-13 23:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-26 07:06 - 2012-06-26 06:32 - 00000000 ____D C:\Users\All Users\PLAV
    2012-06-26 07:06 - 2012-06-26 06:32 - 00000000 ____D C:\Users\All Users\Application Data\PLAV
    2012-06-26 07:06 - 2009-07-13 22:20 - 00000000 ___HD C:\ProgramData
    2012-06-26 07:02 - 2012-06-19 08:13 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\gladinet
    2012-06-26 07:02 - 2012-06-19 08:13 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Application Data\gladinet
    2012-06-26 07:02 - 2012-06-19 08:13 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Local\gladinet
    2012-06-26 07:02 - 2009-07-13 22:20 - 00000000 ___RD C:\Program Files (x86)
    2012-06-26 06:57 - 2012-06-11 04:53 - 00000000 ___RD C:\Users\harvey.HARVEYPIERCE0\Dropbox
    2012-06-26 06:57 - 2011-06-10 08:49 - 00000000 ____D C:\Users\All Users\PCPitstop
    2012-06-26 06:57 - 2011-06-10 08:49 - 00000000 ____D C:\Users\All Users\Application Data\PCPitstop
    2012-06-26 06:55 - 2010-06-03 06:14 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Plaxo
    2012-06-26 06:55 - 2010-06-03 06:14 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Application Data\Plaxo
    2012-06-26 06:55 - 2010-06-03 06:14 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Local\Plaxo
    2012-06-26 06:51 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-26 06:50 - 2010-05-25 21:15 - 4252057600 __ASH C:\pagefile.sys
    2012-06-26 06:50 - 2009-07-13 23:51 - 00065240 ____A C:\Windows\setupact.log
    2012-06-26 06:49 - 2010-05-25 20:36 - 2115301376 __ASH C:\hiberfil.sys
    2012-06-26 06:40 - 2012-06-26 06:40 - 00152233 ____A C:\Windows\System32\Drivers\klin.dat
    2012-06-26 06:40 - 2012-06-26 06:40 - 00107177 ____A C:\Windows\System32\Drivers\klick.dat
    2012-06-26 06:32 - 2012-06-26 06:32 - 00000000 ____D C:\Users\All Users\ParetoLogic Anti-Virus PLUS
    2012-06-26 06:32 - 2012-06-26 06:32 - 00000000 ____D C:\Users\All Users\Application Data\ParetoLogic Anti-Virus PLUS
    2012-06-26 06:30 - 2012-06-26 06:30 - 08871304 ____A (ParetoLogic Inc.) C:\Users\harvey.HARVEYPIERCE0\Desktop\Pareto_AV_Setup_RW.exe
    2012-06-25 12:27 - 2012-02-12 09:23 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\SugarSync
    2012-06-25 12:27 - 2012-02-12 09:23 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Application Data\SugarSync
    2012-06-25 12:27 - 2012-02-12 09:23 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Local\SugarSync
    2012-06-24 14:28 - 2012-06-10 14:29 - 00000512 ____A C:\Windows\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
    2012-06-23 12:32 - 2012-05-31 18:00 - 00000000 ____D C:\Program Files\Common Files\Motive
    2012-06-23 12:32 - 2009-07-13 22:20 - 00000000 ___RD C:\Program Files
    2012-06-23 12:27 - 2010-05-25 20:36 - 02393702 ____A C:\Windows\PFRO.log
    2012-06-23 09:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
    2012-06-23 08:13 - 2009-07-14 00:13 - 00863736 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-23 04:26 - 2012-05-10 02:28 - 00000336 ____A C:\Windows\System32\RW_{46BFBE89-140B-11E0-8937-002564F2904F}.dat
    2012-06-23 04:26 - 2012-05-10 02:28 - 00000016 ____A C:\Windows\System32\EvGr_Data{46BFBE89-140B-11E0-8937-002564F2904F}.dat
    2012-06-23 04:26 - 2011-06-12 06:28 - 00001848 ____A C:\Windows\System32\RW_{82CB13F4-6E52-11DF-872D-002564F2904F}.dat
    2012-06-23 04:26 - 2011-06-12 06:28 - 00000016 ____A C:\Windows\System32\EvGr_Data{82CB13F4-6E52-11DF-872D-002564F2904F}.dat
    2012-06-23 04:26 - 2011-06-12 06:28 - 00000016 ____A C:\Windows\System32\EvGr_Data{19946527-6867-11DF-8646-806E6F6E6963}.dat
    2012-06-23 04:26 - 2011-06-12 06:28 - 00000016 ____A C:\Windows\System32\EvGr_Data{19946526-6867-11DF-8646-806E6F6E6963}.dat
    2012-06-23 04:26 - 2010-12-14 14:53 - 00273450 ____A C:\Windows\System32\RW_AppData.dat
    2012-06-23 04:26 - 2010-12-14 14:53 - 00120816 ____A C:\Windows\System32\RW_FileType.dat
    2012-06-23 04:26 - 2010-12-14 14:53 - 00002240 ____A C:\Windows\System32\RW_{19946526-6867-11DF-8646-806E6F6E6963}.dat
    2012-06-23 04:26 - 2010-12-14 14:53 - 00000720 ____A C:\Windows\System32\RW_FileFlag.dat
    2012-06-23 04:26 - 2010-12-14 14:53 - 00000616 ____A C:\Windows\System32\RW_{19946527-6867-11DF-8646-806E6F6E6963}.dat
    2012-06-22 21:04 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
    2012-06-22 19:50 - 2012-06-22 19:50 - 00001152 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-22 19:50 - 2012-06-22 19:50 - 00001152 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-22 19:50 - 2012-06-22 19:50 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Application Data\Malwarebytes
    2012-06-22 19:50 - 2012-06-22 19:50 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Malwarebytes
    2012-06-22 19:50 - 2012-06-22 19:50 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-22 19:50 - 2012-06-22 19:50 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-06-22 19:50 - 2012-06-22 19:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-20 07:42 - 2012-06-19 04:57 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Downloads\Utilities
    2012-06-20 04:02 - 2010-05-30 08:08 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\My Documents\Quicken
    2012-06-20 04:02 - 2010-05-30 08:08 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Documents\Quicken
    2012-06-19 19:32 - 2012-06-19 19:32 - 00000000 ____D C:\Users\All Users\Gaaiho
    2012-06-19 19:32 - 2012-06-19 19:32 - 00000000 ____D C:\Users\All Users\Application Data\Gaaiho
    2012-06-19 09:05 - 2012-06-19 09:05 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\My Documents\PDF Favorites
    2012-06-19 09:05 - 2012-06-19 09:05 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Documents\PDF Favorites
    2012-06-19 08:57 - 2011-05-16 10:43 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Downloads\RoboForm 7
    2012-06-19 08:19 - 2010-05-31 18:56 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Application Data\Nuance
    2012-06-19 08:19 - 2010-05-31 18:56 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Nuance
    2012-06-19 08:16 - 2010-05-31 18:55 - 00000000 ____D C:\Users\All Users\Nuance
    2012-06-19 08:16 - 2010-05-31 18:55 - 00000000 ____D C:\Users\All Users\Application Data\Nuance
    2012-06-19 08:11 - 2009-07-13 23:45 - 02702576 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-19 08:10 - 2010-05-29 20:00 - 00000000 ___HD C:\Config.Msi
    2012-06-19 08:07 - 2010-06-02 13:05 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Application Data\Zeon
    2012-06-19 08:07 - 2010-06-02 13:05 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Zeon
    2012-06-19 08:05 - 2012-06-19 08:05 - 00000000 ____D C:\Program Files (x86)\Zeon
    2012-06-19 08:05 - 2010-06-02 09:13 - 00000000 ____D C:\Users\All Users\Downloaded Installations
    2012-06-19 08:05 - 2010-06-02 09:13 - 00000000 ____D C:\Users\All Users\Application Data\Downloaded Installations
    2012-06-19 08:04 - 2012-06-19 08:04 - 00002187 ____A C:\Users\Public\Desktop\Nuance Cloud Connector.lnk
    2012-06-19 08:04 - 2012-06-19 08:04 - 00002187 ____A C:\Users\All Users\Desktop\Nuance Cloud Connector.lnk
    2012-06-19 08:04 - 2012-06-19 08:04 - 00000000 ___HD C:\Gladinet
    2012-06-19 08:04 - 2010-05-31 18:55 - 00000000 ____D C:\Program Files (x86)\Nuance
    2012-06-19 08:00 - 2010-05-31 18:57 - 00000000 ____D C:\Users\All Users\zeon
    2012-06-19 08:00 - 2010-05-31 18:57 - 00000000 ____D C:\Users\All Users\Application Data\zeon
    2012-06-18 11:19 - 2012-06-18 11:19 - 00038912 ____A C:\Users\harvey.HARVEYPIERCE0\My Documents\Davis Spline.zdl
    2012-06-18 11:19 - 2012-06-18 11:19 - 00038912 ____A C:\Users\harvey.HARVEYPIERCE0\Documents\Davis Spline.zdl
    2012-06-18 10:21 - 2012-06-18 10:00 - 00014848 ____A C:\Users\harvey.HARVEYPIERCE0\My Documents\RJ Spline 3 in.zdl
    2012-06-18 10:21 - 2012-06-18 10:00 - 00014848 ____A C:\Users\harvey.HARVEYPIERCE0\Documents\RJ Spline 3 in.zdl
    2012-06-18 10:19 - 2012-06-18 10:12 - 00020992 ____A C:\Users\harvey.HARVEYPIERCE0\My Documents\RJ Spline 4 in.zdl
    2012-06-18 10:19 - 2012-06-18 10:12 - 00020992 ____A C:\Users\harvey.HARVEYPIERCE0\Documents\RJ Spline 4 in.zdl
    2012-06-17 14:01 - 2010-05-30 07:32 - 00224296 ____A C:\Users\harvey.HARVEYPIERCE0\Local Settings\GDIPFONTCACHEV1.DAT
    2012-06-17 14:01 - 2010-05-30 07:32 - 00224296 ____A C:\Users\harvey.HARVEYPIERCE0\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2012-06-17 14:01 - 2010-05-30 07:32 - 00224296 ____A C:\Users\harvey.HARVEYPIERCE0\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-17 11:19 - 2011-08-24 16:32 - 00224296 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
    2012-06-17 10:03 - 2012-06-17 10:03 - 03507776 ____A ( ) C:\Users\harvey.HARVEYPIERCE0\My Documents\DIRECTV.v5618_CyberLink_DMS090512-03.exe
    2012-06-17 10:03 - 2012-06-17 10:03 - 03507776 ____A ( ) C:\Users\harvey.HARVEYPIERCE0\Documents\DIRECTV.v5618_CyberLink_DMS090512-03.exe
    2012-06-17 10:03 - 2010-06-06 06:25 - 00000602 ____A C:\CLDTCPIPLib.log
    2012-06-17 10:01 - 2012-06-17 10:01 - 00002097 ____A C:\Users\Public\Desktop\DIRECTV2PC(TM).lnk
    2012-06-17 10:01 - 2012-06-17 10:01 - 00002097 ____A C:\Users\All Users\Desktop\DIRECTV2PC(TM).lnk
    2012-06-17 10:01 - 2010-06-21 12:13 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\DIRECTV2PC(TM)
    2012-06-17 10:01 - 2010-06-21 12:13 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Application Data\DIRECTV2PC(TM)
    2012-06-17 10:01 - 2010-06-21 12:13 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV2PC(TM)
    2012-06-17 10:01 - 2010-05-25 18:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-06-17 09:52 - 2010-06-07 10:39 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Desktop\Utilities
    2012-06-17 09:40 - 2010-06-06 06:15 - 00000000 ____D C:\Program Files (x86)\DirecTV
    2012-06-17 08:45 - 2011-04-21 05:15 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Downloads\Directv
    2012-06-16 13:49 - 2011-11-18 15:29 - 00002175 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
    2012-06-16 13:49 - 2011-11-18 15:29 - 00002175 ____A C:\Users\All Users\Desktop\Carbonite InfoCenter.lnk
    2012-06-15 18:08 - 2010-06-12 07:10 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Deployment
    2012-06-15 18:08 - 2010-06-12 07:10 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Application Data\Deployment
    2012-06-15 18:08 - 2010-06-12 07:10 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Local\Deployment
    2012-06-14 19:44 - 2012-02-12 09:23 - 00000000 ____D C:\Program Files (x86)\SugarSync
    2012-06-14 19:41 - 2010-05-29 11:01 - 00005024 ____A C:\Windows\DPINST.LOG
    2012-06-14 19:41 - 2010-05-25 20:38 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
    2012-06-13 12:29 - 2010-11-15 05:26 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Downloads\Eset
    2012-06-13 12:24 - 2012-06-13 12:24 - 00000000 ____D C:\Users\All Users\ESET
    2012-06-13 12:24 - 2012-06-13 12:24 - 00000000 ____D C:\Users\All Users\Application Data\ESET
    2012-06-13 10:31 - 2010-08-31 20:45 - 00004758 ____A C:\Users\harvey.HARVEYPIERCE0\Application Data\SAS7_000.DAT
    2012-06-13 10:31 - 2010-08-31 20:45 - 00004758 ____A C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\SAS7_000.DAT
    2012-06-13 10:13 - 2010-12-18 04:41 - 00001826 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-06-13 10:13 - 2010-12-18 04:41 - 00001826 ____A C:\Users\All Users\Desktop\iTunes.lnk
    2012-06-13 10:13 - 2010-12-18 04:41 - 00000000 ____D C:\Program Files\iTunes
    2012-06-13 10:13 - 2010-11-13 02:41 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-06-12 18:22 - 2010-05-29 17:43 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-06-12 18:22 - 2010-05-29 17:43 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
    2012-06-12 18:15 - 2010-05-30 03:42 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-12 15:38 - 2011-07-28 10:24 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Downloads\Rain Bird Info
    2012-06-11 19:45 - 2011-06-08 05:35 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\My Documents\Neat Desk Backup
    2012-06-11 19:45 - 2011-06-08 05:35 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Documents\Neat Desk Backup
    2012-06-11 19:38 - 2012-05-30 08:54 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\My Documents\Neat Data
    2012-06-11 19:38 - 2012-05-30 08:54 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Documents\Neat Data
    2012-06-11 19:35 - 2011-06-02 08:04 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Downloads\Neat Desk
    2012-06-11 04:53 - 2012-06-11 04:53 - 00001059 ____A C:\Users\harvey.HARVEYPIERCE0\Desktop\Dropbox.lnk
    2012-06-11 04:53 - 2010-05-30 07:31 - 00000000 ____D C:\users\harvey.HARVEYPIERCE0
    2012-06-10 14:29 - 2011-09-18 07:07 - 00000000 ____D C:\Program Files (x86)\WinZip System Utilities Suite
    2012-06-10 14:28 - 2010-06-02 09:14 - 00000000 ____D C:\Users\All Users\WinZip
    2012-06-10 14:28 - 2010-06-02 09:14 - 00000000 ____D C:\Users\All Users\Application Data\WinZip
    2012-06-10 14:21 - 2011-09-12 11:55 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Application Data\DivX
    2012-06-10 14:21 - 2011-09-12 11:55 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\DivX
    2012-06-10 05:39 - 2012-04-02 19:07 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-10 05:39 - 2011-05-29 10:12 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-10 05:35 - 2012-06-10 05:35 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\WinZip
    2012-06-10 05:35 - 2012-06-10 05:35 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Application Data\WinZip
    2012-06-10 05:35 - 2012-06-10 05:35 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Local\WinZip
    2012-06-10 05:35 - 2012-06-10 05:35 - 00000000 ____D C:\Program Files\WinZip
    2012-06-10 05:32 - 2010-12-11 08:04 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Downloads\WinZip
    2012-06-06 05:11 - 2012-06-06 05:11 - 00994912 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
    2012-06-06 05:11 - 2012-06-06 05:11 - 00211552 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys
    2012-06-06 05:11 - 2012-06-06 05:11 - 00146528 ____A (Acronis) C:\Windows\System32\Drivers\vsflt67.sys
    2012-06-06 05:11 - 2012-06-06 05:11 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Application Data\B00A48D3-CC36-41AE-82E6-66DCDBDEC287
    2012-06-06 05:11 - 2012-06-06 05:11 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\B00A48D3-CC36-41AE-82E6-66DCDBDEC287
    2012-06-06 05:11 - 2011-10-29 07:17 - 01294432 ____A (Acronis) C:\Windows\System32\Drivers\tdrpman.sys
    2012-06-06 05:11 - 2011-10-29 07:17 - 00137312 ____A (Acronis) C:\Windows\System32\Drivers\fltsrv.sys
    2012-06-06 05:11 - 2011-10-29 07:17 - 00001182 ____A C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
    2012-06-06 05:11 - 2011-10-29 07:17 - 00001182 ____A C:\Users\All Users\Desktop\Acronis True Image Home 2012.lnk
    2012-06-06 05:11 - 2011-02-09 09:30 - 00320096 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
    2012-06-06 05:09 - 2011-02-09 09:29 - 00000000 ____D C:\Users\All Users\Application Data\Acronis
    2012-06-06 05:09 - 2011-02-09 09:29 - 00000000 ____D C:\Users\All Users\Acronis
    2012-06-05 06:18 - 2012-06-05 06:18 - 00000000 ____D C:\Program Files\Recover Keys
    2012-06-05 06:13 - 2012-06-05 06:13 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Downloads\Recover Keys
    2012-06-04 04:54 - 2012-06-04 04:54 - 00001888 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-06-04 04:54 - 2012-06-04 04:54 - 00001888 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
    2012-06-04 04:54 - 2010-05-29 20:23 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-06-03 12:23 - 2012-06-03 12:23 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\DIRECTV Player
    2012-06-03 12:23 - 2012-06-03 12:23 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Application Data\DIRECTV Player
    2012-06-03 12:23 - 2012-06-03 12:23 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player
    2012-06-02 17:19 - 2012-06-20 19:59 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 17:19 - 2012-06-20 19:59 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 17:19 - 2012-06-20 19:59 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 17:19 - 2012-06-20 19:59 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 17:19 - 2012-06-20 19:59 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 17:15 - 2012-06-20 19:59 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 17:15 - 2012-06-20 19:59 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:19 - 2012-06-20 19:59 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:15 - 2012-06-20 19:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 05:30 - 2010-05-31 20:15 - 00001464 ____A C:\Users\harvey.HARVEYPIERCE0\Desktop\GoToAssist Expert.lnk
    2012-06-01 18:34 - 2010-06-01 14:44 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\ElevatedDiagnostics
    2012-06-01 18:34 - 2010-06-01 14:44 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Application Data\ElevatedDiagnostics
    2012-06-01 18:34 - 2010-06-01 14:44 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Local\ElevatedDiagnostics
    2012-06-01 18:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-05-31 18:06 - 2012-05-31 17:59 - 00000000 ____D C:\Users\All Users\Motive
    2012-05-31 18:06 - 2012-05-31 17:59 - 00000000 ____D C:\Users\All Users\Application Data\Motive
    2012-05-31 18:01 - 2012-05-31 18:01 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Application Data\Motive
    2012-05-31 18:01 - 2012-05-31 18:01 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Motive
    2012-05-31 14:41 - 2010-06-30 16:17 - 00000000 ____D C:\Program Files (x86)\Garmin
    2012-05-31 13:16 - 2011-11-11 04:51 - 00002015 ____A C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk
    2012-05-31 13:16 - 2011-11-11 04:51 - 00002015 ____A C:\Users\All Users\Desktop\Garmin Lifetime Updater.lnk
    2012-05-31 11:29 - 2010-06-10 11:38 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Application Data\Stamps.com Internet Postage
    2012-05-31 11:29 - 2010-06-10 11:38 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Stamps.com Internet Postage
    2012-05-31 11:28 - 2012-05-31 11:28 - 00001049 ____A C:\Users\Public\Desktop\Stamps.com.lnk
    2012-05-31 11:28 - 2012-05-31 11:28 - 00001049 ____A C:\Users\All Users\Desktop\Stamps.com.lnk
    2012-05-31 11:28 - 2012-05-31 11:28 - 00000000 ____D C:\Users\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
    2012-05-31 11:28 - 2012-05-31 11:28 - 00000000 ____D C:\Users\All Users\Application Data\{C243CCC8-5474-45FC-A546-7FBC284A692E}
    2012-05-31 11:28 - 2012-05-31 11:28 - 00000000 ____D C:\Users\All Users\Application Data\{80E49840-FEC9-4009-B2F2-83DD9B68A990}
    2012-05-31 11:28 - 2012-05-31 11:28 - 00000000 ____D C:\Users\All Users\Application Data\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
    2012-05-31 11:28 - 2012-05-31 11:28 - 00000000 ____D C:\Users\All Users\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
    2012-05-31 11:28 - 2012-05-31 11:28 - 00000000 ____D C:\Users\All Users\{C243CCC8-5474-45FC-A546-7FBC284A692E}
    2012-05-31 11:28 - 2012-05-31 11:28 - 00000000 ____D C:\Users\All Users\{80E49840-FEC9-4009-B2F2-83DD9B68A990}
    2012-05-31 11:28 - 2012-05-31 11:28 - 00000000 ____D C:\Users\All Users\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
    2012-05-31 11:28 - 2010-06-10 11:36 - 00000000 ____D C:\Program Files (x86)\Stamps.com Internet Postage
    2012-05-31 06:28 - 2011-06-07 19:19 - 00000000 ____D C:\Windows\twain_64
    2012-05-30 07:23 - 2012-05-30 07:23 - 00001899 ____A C:\Users\Public\Desktop\Neat.lnk
    2012-05-30 07:23 - 2012-05-30 07:23 - 00001899 ____A C:\Users\All Users\Desktop\Neat.lnk
    2012-05-30 07:23 - 2012-05-30 07:23 - 00000000 ____D C:\Program Files\Send To Neat
    2012-05-30 07:23 - 2012-05-30 07:19 - 00000000 ____D C:\Program Files (x86)\Neat
    2012-05-30 07:22 - 2011-06-07 18:55 - 00000000 ____D C:\Program Files\Common Files\The Neat Company
    2012-05-30 07:20 - 2011-06-07 18:54 - 00000000 ____D C:\Program Files\Common Files\NeatReceipts
    2012-05-30 07:05 - 2012-05-30 07:05 - 00001237 ____A C:\Windows\NeatUninstall.LOG
    2012-05-25 01:22 - 2012-05-25 01:22 - 00032768 ____A (Nuance Communications, Inc.) C:\Windows\SysWOW64\GZnMacroUIRes.ENU
    2012-05-17 21:47 - 2012-06-12 18:09 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 21:16 - 2012-06-12 18:09 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 21:06 - 2012-06-12 18:10 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 20:59 - 2012-06-12 18:10 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 20:59 - 2012-06-12 18:10 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 20:58 - 2012-06-12 18:10 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 20:58 - 2012-06-12 18:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 20:56 - 2012-06-12 18:10 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 20:55 - 2012-06-12 18:10 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 20:55 - 2012-06-12 18:10 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 20:54 - 2012-06-12 18:10 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 20:51 - 2012-06-12 18:10 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 20:51 - 2012-06-12 18:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 20:47 - 2012-06-12 18:10 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 18:11 - 2012-06-12 18:10 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 17:48 - 2012-06-12 18:09 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 17:45 - 2012-06-12 18:10 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 17:36 - 2012-06-12 18:10 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 17:35 - 2012-06-12 18:10 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 17:35 - 2012-06-12 18:10 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 17:33 - 2012-06-12 18:10 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 17:31 - 2012-06-12 18:10 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 17:29 - 2012-06-12 18:10 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 17:29 - 2012-06-12 18:10 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 17:27 - 2012-06-12 18:10 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 17:25 - 2012-06-12 18:10 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 17:24 - 2012-06-12 18:10 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 17:20 - 2012-06-12 18:10 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-14 20:32 - 2012-06-12 18:08 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-14 17:47 - 2012-05-14 17:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-05-14 17:47 - 2010-05-25 19:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-10 02:01 - 2009-07-14 02:46 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-04 23:20 - 2012-04-14 04:20 - 08769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-05-04 06:06 - 2012-06-12 18:09 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 06:00 - 2012-06-12 18:08 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-05-04 05:03 - 2012-06-12 18:08 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 05:03 - 2012-06-12 18:08 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-04 04:59 - 2012-06-12 18:08 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-05-03 05:08 - 2012-04-04 13:26 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2012-05-01 00:40 - 2012-06-12 18:08 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-28 00:32 - 2012-06-12 18:08 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-04-27 22:55 - 2012-06-12 18:08 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-26 11:51 - 2012-04-26 11:51 - 00023040 ____A C:\Users\harvey.HARVEYPIERCE0\My Documents\Oxford House Job..doc
    2012-04-26 11:51 - 2012-04-26 11:51 - 00023040 ____A C:\Users\harvey.HARVEYPIERCE0\Documents\Oxford House Job..doc
    2012-04-26 11:49 - 2012-04-26 11:49 - 00009216 ___AT C:\Users\harvey.HARVEYPIERCE0\My Documents\Harvery Pierce.wps
    2012-04-26 11:49 - 2012-04-26 11:49 - 00009216 ___AT C:\Users\harvey.HARVEYPIERCE0\Documents\Harvery Pierce.wps
    2012-04-26 00:41 - 2012-06-12 18:08 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 00:41 - 2012-06-12 18:08 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-26 00:34 - 2012-06-12 18:08 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-25 13:39 - 2012-04-25 13:39 - 00438272 ____A (Zeon Corporation) C:\Windows\SysWOW64\GZnMacroUI.dll
    2012-04-24 18:26 - 2011-04-19 14:52 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Downloads\Omron
    2012-04-24 00:37 - 2012-06-12 18:09 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-24 00:37 - 2012-06-12 18:09 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-24 00:37 - 2012-06-12 18:09 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 23:36 - 2012-06-12 18:09 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 23:36 - 2012-06-12 18:09 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 23:36 - 2012-06-12 18:09 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-23 11:13 - 2011-04-14 16:47 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Downloads\Linksys
    2012-04-23 09:05 - 2011-03-29 11:02 - 00000000 ____D C:\Program Files (x86)\Ashampoo
    2012-04-21 11:52 - 2012-04-19 10:44 - 00002242 ____A C:\Users\harvey.HARVEYPIERCE0\My Documents\Gables Ladies.dbf
    2012-04-21 11:52 - 2012-04-19 10:44 - 00002242 ____A C:\Users\harvey.HARVEYPIERCE0\Documents\Gables Ladies.dbf
    2012-04-20 08:16 - 2011-11-28 08:44 - 00000616 ____A C:\Windows\System32\RW_{F9B19779-17ED-11E0-AB3E-002564F2904F}.dat
    2012-04-20 08:16 - 2011-11-28 08:44 - 00000016 ____A C:\Windows\System32\EvGr_Data{F9B19779-17ED-11E0-AB3E-002564F2904F}.dat
    2012-04-20 08:07 - 2012-04-20 08:07 - 00000406 ____A C:\Windows\System32\ioloBootDefrag.cfg
    2012-04-20 08:02 - 2012-04-16 10:12 - 00000000 ____D C:\Program Files (x86)\The Sea App (Internet Explorer)
    2012-04-20 08:02 - 2010-06-04 11:26 - 00000000 ____D C:\Users\All Users\iolo
    2012-04-20 08:02 - 2010-06-04 11:26 - 00000000 ____D C:\Users\All Users\Application Data\iolo
    2012-04-20 07:36 - 2010-05-25 19:02 - 00000000 ____D C:\Users\All Users\PCDr
    2012-04-20 07:36 - 2010-05-25 19:02 - 00000000 ____D C:\Users\All Users\Application Data\PCDr
    2012-04-20 07:35 - 2010-11-19 16:47 - 00000000 ____D C:\Program Files\Dell Support Center
    2012-04-20 05:15 - 2011-10-05 14:02 - 00000000 ____D C:\Program Files (x86)\Quicken
    2012-04-19 12:35 - 2012-04-19 12:35 - 00006656 ____A C:\Users\harvey.HARVEYPIERCE0\My Documents\Gables Ladies.zdl
    2012-04-19 12:35 - 2012-04-19 12:35 - 00006656 ____A C:\Users\harvey.HARVEYPIERCE0\Documents\Gables Ladies.zdl
    2012-04-18 19:56 - 2012-04-18 19:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
    2012-04-18 19:56 - 2012-04-18 19:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
    2012-04-17 09:11 - 2010-06-04 11:29 - 00049152 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe
    2012-04-17 09:11 - 2010-06-04 11:29 - 00017920 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe
    2012-04-17 08:37 - 2012-04-20 07:28 - 02154032 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll
    2012-04-17 08:37 - 2011-06-27 18:31 - 02095816 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
    2012-04-16 11:52 - 2012-04-16 11:42 - 00000232 ____A C:\Windows\reimage.ini
    2012-04-16 11:28 - 2012-04-16 11:28 - 00275896 ____A (Reimage®) C:\Users\harvey.HARVEYPIERCE0\Downloads\ReimageRepair.exe
    2012-04-16 10:54 - 2012-04-16 10:54 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Application Data\PC Cleaners
    2012-04-16 10:54 - 2012-04-16 10:54 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\PC Cleaners
    2012-04-16 10:54 - 2012-04-16 10:53 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Application Data\PCPro
    2012-04-16 10:54 - 2012-04-16 10:53 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\PCPro
    2012-04-16 10:53 - 2012-04-16 10:53 - 04099344 ____A (PC Cleaners) C:\Windows\uninst.exe
    2012-04-16 10:53 - 2012-04-16 10:53 - 00000000 ____D C:\Users\All Users\PC1Data
    2012-04-16 10:53 - 2012-04-16 10:53 - 00000000 ____D C:\Users\All Users\Application Data\PC1Data
    2012-04-16 10:28 - 2012-04-16 10:12 - 00000000 ____D C:\Users\All Users\Yahoo!
    2012-04-16 10:28 - 2012-04-16 10:12 - 00000000 ____D C:\Users\All Users\Application Data\Yahoo!
    2012-04-16 10:28 - 2010-05-29 20:04 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2012-04-16 10:14 - 2012-04-16 10:14 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\visi_coupon
    2012-04-16 10:14 - 2012-04-16 10:14 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Application Data\visi_coupon
    2012-04-16 10:14 - 2012-04-16 10:14 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Local\visi_coupon
    2012-04-16 10:12 - 2010-05-30 07:38 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Google
    2012-04-16 10:12 - 2010-05-30 07:38 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Application Data\Google
    2012-04-16 10:12 - 2010-05-30 07:38 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Local\Google
    2012-04-16 09:18 - 2010-06-25 17:10 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Downloads\Davis
    2012-04-15 12:48 - 2008-04-03 15:10 - 00000108 ____A C:\Windows\ScanLoader.INI
    2012-04-15 12:36 - 2012-04-15 11:51 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Downloads\Actron
    2012-04-15 12:36 - 2010-06-30 16:17 - 00000000 ____D C:\Program Files\DIFX
    2012-04-15 12:24 - 2012-04-15 12:22 - 00000000 ____D C:\Windows\1956e9f56f4b4fc3b6f45869d06d95e9.TMP
    2012-04-15 12:23 - 2012-04-15 12:23 - 00001663 ____A C:\Users\Public\Desktop\Actron LaunchPad.lnk
    2012-04-15 12:23 - 2012-04-15 12:23 - 00001663 ____A C:\Users\All Users\Desktop\Actron LaunchPad.lnk
    2012-04-15 12:23 - 2012-04-15 12:23 - 00000000 ____D C:\Windows\Crystal
    2012-04-15 12:23 - 2012-04-15 12:23 - 00000000 ____D C:\Users\All Users\Scanning Suite
    2012-04-15 12:23 - 2012-04-15 12:23 - 00000000 ____D C:\Users\All Users\Application Data\Scanning Suite
    2012-04-15 12:23 - 2012-04-15 12:23 - 00000000 ____D C:\Program Files (x86)\Scanning Suite
    2012-04-15 10:46 - 2011-06-14 06:16 - 00361716 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-04-11 02:06 - 2009-07-13 21:34 - 00000771 ____A C:\Windows\win.ini
    2012-04-11 02:05 - 2012-04-11 02:05 - 00000000 ____D C:\Users\Default\Local Settings\Microsoft Help
    2012-04-11 02:05 - 2012-04-11 02:05 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\Microsoft Help
    2012-04-11 02:05 - 2012-04-11 02:05 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2012-04-11 02:05 - 2012-04-11 02:05 - 00000000 ____D C:\Users\Default User\Local Settings\Microsoft Help
    2012-04-11 02:05 - 2012-04-11 02:05 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\Microsoft Help
    2012-04-11 02:05 - 2012-04-11 02:05 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2012-04-10 18:58 - 2011-03-12 16:02 - 00002069 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    2012-04-10 18:58 - 2011-03-12 16:02 - 00002069 ____A C:\Users\All Users\Desktop\Adobe Acrobat X Pro.lnk
    2012-04-10 04:45 - 2010-08-22 18:44 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Application Data\AIM
    2012-04-10 04:45 - 2010-08-22 18:44 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\AIM
    2012-04-10 04:45 - 2010-08-22 18:44 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Local\AIM
    2012-04-10 04:45 - 2007-06-12 17:56 - 00001630 ___AH C:\IPH.PH
    2012-04-10 04:44 - 2010-08-22 18:44 - 00001954 ____A C:\Users\Public\Desktop\AIM.lnk
    2012-04-10 04:44 - 2010-08-22 18:44 - 00001954 ____A C:\Users\All Users\Desktop\AIM.lnk
    2012-04-10 04:44 - 2010-08-22 18:44 - 00000000 ____D C:\Program Files (x86)\AIM
    2012-04-09 13:09 - 2010-07-16 16:26 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\ApplicationHistory
    2012-04-09 13:09 - 2010-07-16 16:26 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Local Settings\Application Data\ApplicationHistory
    2012-04-09 13:09 - 2010-07-16 16:26 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Local\ApplicationHistory
    2012-04-07 13:05 - 2011-09-30 05:35 - 00002115 ____A C:\Users\Public\Desktop\PaperPort.lnk
    2012-04-07 13:05 - 2011-09-30 05:35 - 00002115 ____A C:\Users\All Users\Desktop\PaperPort.lnk
    2012-04-07 07:31 - 2012-06-12 18:08 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-07 06:26 - 2012-06-12 18:08 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-04-06 15:03 - 2010-06-21 07:41 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Downloads\HP
    2012-04-04 15:23 - 2010-06-01 05:25 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Desktop\Graphics
    2012-04-04 15:09 - 2010-11-30 15:54 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
    2012-04-04 15:09 - 2010-11-30 15:54 - 00000000 ____D C:\Users\All Users\Application Data\regid.1986-12.com.adobe
    2012-04-04 14:56 - 2012-06-22 19:50 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-04-04 14:15 - 2012-04-04 14:15 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\My Documents\NewBlueFX
    2012-04-04 14:15 - 2012-04-04 14:15 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Documents\NewBlueFX
    2012-04-04 14:15 - 2010-05-25 18:55 - 00000000 ____D C:\Users\All Users\Application Data\Adobe
    2012-04-04 14:15 - 2010-05-25 18:55 - 00000000 ____D C:\Users\All Users\Adobe
    2012-04-04 14:13 - 2010-05-30 07:32 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\Application Data\Adobe
    2012-04-04 14:13 - 2010-05-30 07:32 - 00000000 ____D C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Adobe
    2012-04-04 13:31 - 2012-04-04 13:31 - 00000000 ____D C:\Program Files\Adobe
    2012-04-04 13:23 - 2010-05-29 11:50 - 00000000 ____D C:\Program Files (x86)\Adobe
    2012-04-02 19:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\config\TxR
    2012-04-02 18:23 - 2012-04-02 10:40 - 00000000 ____D C:\Windows\SysWOW64\syncdb
    2012-04-02 06:48 - 2010-06-04 08:19 - 00002012 ___AH C:\Users\harvey.HARVEYPIERCE0\My Documents\Default.rdp
    2012-04-02 06:48 - 2010-06-04 08:19 - 00002012 ___AH C:\Users\harvey.HARVEYPIERCE0\Documents\Default.rdp
    ZeroAccess:
    C:\Users\harvey.HARVEYPIERCE0\AppData\Local\{cf2f50cc-63e2-36c6-5e39-6f720c9c30e2}
    C:\Users\harvey.HARVEYPIERCE0\AppData\Local\{cf2f50cc-63e2-36c6-5e39-6f720c9c30e2}\@
    C:\Users\harvey.HARVEYPIERCE0\AppData\Local\{cf2f50cc-63e2-36c6-5e39-6f720c9c30e2}\L
    C:\Users\harvey.HARVEYPIERCE0\AppData\Local\{cf2f50cc-63e2-36c6-5e39-6f720c9c30e2}\U
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 11%
    Total physical RAM: 8151.08 MB
    Available physical RAM: 7251.36 MB
    Total Pagefile: 8149.23 MB
    Available Pagefile: 7248.71 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ======================= Partitions =========================
    1 Drive c: (OS) (Fixed) (Total:587.01 GB) (Free:205.62 GB) NTFS
    8 Drive j: (FLASH DRIVE) (Removable) (Total:14.9 GB) (Free:9.62 GB) FAT32
    9 Drive k: (RECOVERY) (Fixed) (Total:9.12 GB) (Free:3.65 GB) NTFS
    10 Drive l: () (Removable) (Total:30.25 GB) (Free:30.24 GB) FAT32
    12 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 Online 14 GB 0 B
    Disk 6 Online 30 GB 0 B
    Disk 7 Online 1520 KB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 9 GB 40 MB
    Partition 3 Primary 587 GB 9 GB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 11 FAT Partition 39 MB Healthy Hidden
    ======================================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 K RECOVERY NTFS Partition 9 GB Healthy
    ======================================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C OS NTFS Partition 587 GB Healthy
    ======================================================================================================
    Partitions of Disk 5:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 14 GB 4032 KB
    ======================================================================================================
    Disk: 5
    Partition 1
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 J FLASH DRIVE FAT32 Removable 14 GB Healthy
    ======================================================================================================
    Partitions of Disk 6:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 30 GB 17 MB
    ======================================================================================================
    Disk: 6
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 9 L FAT32 Removable 30 GB Healthy
    ======================================================================================================
    Partitions of Disk 7:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1520 KB 16 KB
    ======================================================================================================
    Disk: 7
    Partition 1
    Type : 0E
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 10 M P-TOUCH FAT Removable 1520 KB Healthy
    ======================================================================================================
    ==========================================================
    Last Boot: 2012-06-27 23:39
    ======================= End Of Log ==========================
  4. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    Farbar Recovery Scan Tool Version: 17-06-2012 04
    Ran by SYSTEM at 2012-06-28 12:11:51
    Running from L:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
    ====== End Of Search ======

    Any help would be very helpful. Thanks
  5. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

  6. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 17-06-2012 04
    Ran by SYSTEM at 2012-06-29 06:17:12 Run:1
    Running from L:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    HKLM-x32\\\.\.\.\\RunOnce\\SMRequiresRestart Value deleted successfully.
    C:\Users\harvey.HARVEYPIERCE0\AppData\Local\{cf2f50cc-63e2-36c6-5e39-6f720c9c30e2} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
  7. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    Here is the Combofix log... Part 1

    ComboFix 12-06-28.03 - harvey 06/29/2012 6:36.1.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8151.5208 [GMT -4:00]
    Running from: c:\users\harvey.HARVEYPIERCE0\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\SelectRebates
    c:\program files (x86)\SelectRebates\FFToolbar\chrome.manifest
    c:\program files (x86)\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
    c:\program files (x86)\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
    c:\program files (x86)\SelectRebates\FFToolbar\install.rdf
    c:\program files (x86)\SelectRebates\SahImages\alert.png
    c:\program files (x86)\SelectRebates\SahImages\check.png
    c:\program files (x86)\SelectRebates\SahImages\close.png
    c:\program files (x86)\SelectRebates\SelectAlerts.dat
    c:\program files (x86)\SelectRebates\SelectRebates.exe
    c:\program files (x86)\SelectRebates\SelectRebates.ini
    c:\program files (x86)\SelectRebates\SelectRebatesA.dat
    c:\program files (x86)\SelectRebates\SelectRebatesApi.exe
    c:\program files (x86)\SelectRebates\SelectRebatesB.dat
    c:\program files (x86)\SelectRebates\SelectRebatesBT.dat
    c:\program files (x86)\SelectRebates\SelectRebatesDownload.exe
    c:\program files (x86)\SelectRebates\SelectRebatesH.dat
    c:\program files (x86)\SelectRebates\SelectRebatesUninstall.exe
    c:\program files (x86)\SelectRebates\SRebates.dll
    c:\program files (x86)\SelectRebates\SRFF3.dll
    c:\program files (x86)\SelectRebates\Toolbar\AddtoList.bmp
    c:\program files (x86)\SelectRebates\Toolbar\basis.xml
    c:\program files (x86)\SelectRebates\Toolbar\Basis.xml.dym
    c:\program files (x86)\SelectRebates\Toolbar\Blank.bmp
    c:\program files (x86)\SelectRebates\Toolbar\CashBack.bmp
    c:\program files (x86)\SelectRebates\Toolbar\Coupons.bmp
    c:\program files (x86)\SelectRebates\Toolbar\GroceryCoupon.bmp
    c:\program files (x86)\SelectRebates\Toolbar\i_magnifying.bmp
    c:\program files (x86)\SelectRebates\Toolbar\icons.bmp
    c:\program files (x86)\SelectRebates\Toolbar\logo.bmp
    c:\program files (x86)\SelectRebates\Toolbar\logo_24.bmp
    c:\program files (x86)\SelectRebates\Toolbar\logo_HotSpots.bmp
    c:\program files (x86)\SelectRebates\Toolbar\ReviewSite.bmp
    c:\program files (x86)\SelectRebates\Toolbar\RightControls.dym
    c:\program files (x86)\SelectRebates\Toolbar\sahtb-alert.bmp
    c:\program files (x86)\SelectRebates\Toolbar\sahtb-go.bmp
    c:\program files (x86)\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
    c:\program files (x86)\SelectRebates\Toolbar\sahtb-icons.bmp
    c:\program files (x86)\SelectRebates\Toolbar\sahtb-restaurant.bmp
    c:\program files (x86)\SelectRebates\Toolbar\sahtb-wishlist.bmp
    c:\program files (x86)\SelectRebates\Toolbar\Scissors.bmp
    c:\program files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    c:\users\harvey.HARVEYPIERCE0\AppData\Local\assembly\tmp
    c:\users\harvey.HARVEYPIERCE0\AppData\Local\Microsoft\Windows\Temporary Internet Files\index.dat
    c:\users\harvey.HARVEYPIERCE0\AppData\Local\Plaxo\3.34.0.3\PlaxoSysTray.exe
    c:\users\harvey.HARVEYPIERCE0\Documents\Readiris.DUS
    c:\users\harvey.HARVEYPIERCE0\GoToAssistDownloadHelper.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-29 10:47 . 2012-06-29 10:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-26 11:32 . 2012-06-26 12:06 -------- d-----w- c:\programdata\PLAV
    2012-06-26 11:32 . 2012-06-26 11:32 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
    2012-06-23 13:12 . 2012-06-28 17:10 -------- d-----w- C:\FRST
    2012-06-23 00:50 . 2012-06-23 00:50 -------- d-----w- c:\users\harvey.HARVEYPIERCE0\AppData\Roaming\Malwarebytes
    2012-06-23 00:50 . 2012-06-23 00:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-23 00:50 . 2012-06-23 00:50 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-23 00:50 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-21 00:59 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 00:59 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 00:59 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 00:59 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 00:59 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 00:59 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 00:59 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 00:59 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 00:59 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-20 00:32 . 2012-06-20 00:32 -------- d-----w- c:\programdata\Gaaiho
    2012-06-19 13:13 . 2012-06-29 10:52 -------- d-----w- c:\users\harvey.HARVEYPIERCE0\AppData\Local\gladinet
    2012-06-19 13:05 . 2012-06-19 13:05 -------- d-----w- c:\program files (x86)\Zeon
    2012-06-19 13:04 . 2012-06-19 13:04 -------- d--h--w- C:\Gladinet
    2012-06-15 00:41 . 2011-12-15 17:16 7163744 ----a-w- c:\windows\system32\R4EEP64A.dll
    2012-06-15 00:41 . 2011-12-15 17:16 75104 ----a-w- c:\windows\system32\R4EEG64A.dll
    2012-06-15 00:41 . 2011-12-15 17:16 433504 ----a-w- c:\windows\system32\R4EED64A.dll
    2012-06-15 00:41 . 2011-12-15 17:16 137056 ----a-w- c:\windows\system32\R4EEL64A.dll
    2012-06-15 00:41 . 2011-12-15 17:16 120160 ----a-w- c:\windows\system32\R4EEA64A.dll
    2012-06-12 23:09 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-12 23:09 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-12 23:09 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-12 23:09 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-12 23:09 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-12 23:09 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-12 23:09 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-11 09:53 . 2012-06-29 10:21 -------- d-----r- c:\users\harvey.HARVEYPIERCE0\Dropbox
    2012-06-11 09:51 . 2012-06-29 10:52 -------- d-----w- c:\users\harvey.HARVEYPIERCE0\AppData\Roaming\Dropbox
    2012-06-10 10:35 . 2012-06-10 10:35 -------- d-----w- c:\users\harvey.HARVEYPIERCE0\AppData\Local\WinZip
    2012-06-06 10:11 . 2012-06-06 10:11 -------- d-----w- c:\users\harvey.HARVEYPIERCE0\AppData\Roaming\B00A48D3-CC36-41AE-82E6-66DCDBDEC287
    2012-06-06 10:11 . 2012-06-06 10:11 994912 ----a-w- c:\windows\system32\drivers\timntr.sys
    2012-06-06 10:11 . 2012-06-06 10:11 211552 ----a-w- c:\windows\system32\drivers\vididr.sys
    2012-06-06 10:11 . 2012-06-06 10:11 146528 ----a-w- c:\windows\system32\drivers\vsflt67.sys
    2012-06-05 11:18 . 2012-06-05 11:18 -------- d-----w- c:\program files\Recover Keys
    2012-06-03 17:23 . 2012-06-03 17:23 63080 ----a-r- c:\users\harvey.HARVEYPIERCE0\AppData\Roaming\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe
    2012-06-03 17:23 . 2012-06-03 17:23 -------- d-----w- c:\users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player
    2012-05-31 23:01 . 2012-05-31 23:01 -------- d-----w- c:\users\harvey.HARVEYPIERCE0\AppData\Roaming\Motive
    2012-05-31 23:00 . 2012-06-26 11:51 -------- d-----w- c:\program files (x86)\Common Files\Motive
    2012-05-31 23:00 . 2012-06-23 17:32 -------- d-----w- c:\program files\Common Files\Motive
    2012-05-31 22:59 . 2012-05-31 23:06 -------- d-----w- c:\programdata\Motive
    2012-05-31 16:28 . 2012-05-31 16:28 -------- d-----w- c:\programdata\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
    2012-05-31 16:28 . 2012-05-31 16:28 -------- d-----w- c:\programdata\{C243CCC8-5474-45FC-A546-7FBC284A692E}
    2012-05-31 16:28 . 2012-05-31 16:28 -------- d-----w- c:\programdata\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
    2012-05-31 16:28 . 2012-05-31 16:28 -------- d-----w- c:\programdata\{80E49840-FEC9-4009-B2F2-83DD9B68A990}
    2012-05-30 12:23 . 2012-05-30 12:23 -------- d-----w- c:\program files\Send To Neat
    2012-05-30 12:22 . 2011-08-24 18:01 52224 ----a-w- c:\windows\system32\sdtnpm.dll
    2012-05-30 12:19 . 2012-05-30 12:23 -------- d-----w- c:\program files (x86)\Neat
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-10 10:39 . 2012-04-03 00:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-10 10:39 . 2011-05-29 15:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-06 10:11 . 2011-10-29 12:17 1294432 ----a-w- c:\windows\system32\drivers\tdrpman.sys
    2012-06-06 10:11 . 2011-02-09 14:30 320096 ----a-w- c:\windows\system32\drivers\snapman.sys
    2012-06-06 10:11 . 2011-10-29 12:17 137312 ----a-w- c:\windows\system32\drivers\fltsrv.sys
    2012-05-25 06:22 . 2012-05-25 06:22 32768 ----a-w- c:\windows\SysWow64\GZnMacroUIRes.ENU
    2012-05-08 17:02 . 2012-06-15 07:11 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58849670-8027-4D6F-AA86-FCF60438EB64}\mpengine.dll
    2012-05-05 04:20 . 2012-04-14 09:20 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-25 18:39 . 2012-04-25 18:39 438272 ----a-w- c:\windows\SysWow64\GZnMacroUI.dll
    2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2012-04-17 14:11 . 2010-06-04 16:29 49152 ----a-w- c:\windows\system32\iolobtdfg.exe
    2012-04-17 14:11 . 2010-06-04 16:29 17920 ----a-w- c:\windows\system32\smrgdf.exe
    2012-04-17 13:37 . 2012-04-20 12:28 2154032 ----a-w- c:\windows\system32\Incinerator64.dll
    2012-04-17 13:37 . 2011-06-27 23:31 2095816 ----a-w- c:\windows\SysWow64\Incinerator32.dll
    2012-04-16 15:53 . 2012-04-16 15:53 4099344 ----a-w- c:\windows\uninst.exe
    2012-04-16 15:13 . 2012-04-16 15:13 18944 ----a-r- c:\users\harvey.HARVEYPIERCE0\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files (x86)\MyAshampoo\tbMyAs.dll" [2010-12-09 3911776]
    "{ca985bfe-e29c-40ca-84ac-ef21b377717a}"= "c:\program files (x86)\PCN_tools\prxtbPCN_.dll" [2011-05-09 176936]
    "{b03b3ced-82cf-43b6-b2d4-1b40851c7658}"= "c:\program files (x86)\Publishers Clearing House Prize Bar\Helper.dll" [2012-01-28 361984]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CLASSES_ROOT\clsid\{ca985bfe-e29c-40ca-84ac-ef21b377717a}]
    .
    [HKEY_CLASSES_ROOT\clsid\{b03b3ced-82cf-43b6-b2d4-1b40851c7658}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{221AF499-D49A-4668-9C29-E30FF371022C}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C7DA0384-42AA-428c-B832-88AC343DE1A8}]
    2012-05-07 21:10 487072 ----a-w- c:\program files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ca985bfe-e29c-40ca-84ac-ef21b377717a}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\PCN_tools\prxtbPCN_.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-01-20 14:34 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E32D05F6-B1BB-4F2F-A045-042144FCD2E0}]
    2012-01-28 13:26 1613312 ----a-w- c:\program files (x86)\Publishers Clearing House Prize Bar\Toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-01-20 1197448]
    "{ca985bfe-e29c-40ca-84ac-ef21b377717a}"= "c:\program files (x86)\PCN_tools\prxtbPCN_.dll" [2011-05-09 176936]
    "{0FB24E1F-D247-4F4E-8DDD-9E18EA10829F}"= "c:\program files (x86)\Publishers Clearing House Prize Bar\Toolbar.dll" [2012-01-28 1613312]
    "{BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB}"= "c:\program files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll" [2012-05-07 487072]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{ca985bfe-e29c-40ca-84ac-ef21b377717a}]
    .
    [HKEY_CLASSES_ROOT\clsid\{0fb24e1f-d247-4f4e-8ddd-9e18ea10829f}]
    [HKEY_CLASSES_ROOT\FCTB000063623.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{18B04F67-FDF8-4B14-B5BC-1C96D368EA75}]
    [HKEY_CLASSES_ROOT\FCTB000063623.IEToolbar]
    .
    [HKEY_CLASSES_ROOT\clsid\{bcce15ae-ac7e-4bc9-94af-2a714a412bcb}]
    [HKEY_CLASSES_ROOT\GZeonIEFavClient.ZeonStockbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{18C324EC-ACE9-49c5-8FCC-144D12565255}]
    [HKEY_CLASSES_ROOT\GZeonIEFavClient.ZeonStockbar]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2012-05-09 03:39 1011344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2012-05-09 03:39 1011344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2012-05-09 03:39 1011344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2012-05-09 03:39 1011344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\users\harvey.HARVEYPIERCE0\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\users\harvey.HARVEYPIERCE0\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\users\harvey.HARVEYPIERCE0\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\users\harvey.HARVEYPIERCE0\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
    @="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
    [HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
    2012-05-18 17:31 194456 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
    @="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
    [HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
    2012-05-18 17:34 194456 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-30 39408]
    "ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
    "GoToAssist Express Expert"="c:\program files (x86)\Citrix\GoToAssist Express Expert\403\g2ax_start.exe" [2012-06-02 609144]
    "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-05-23 1466760]
    "Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-04-04 1261472]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-02-23 59240]
    "PlaxoUpdate"="c:\users\harvey.HARVEYPIERCE0\AppData\Local\Plaxo\3.34.0.3\PlaxoHelper_en.exe" [2012-03-22 2074512]
    "SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-06-12 9786488]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "CAHeadless"="c:\program files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2011-09-01 835224]
    "PCShowServer"="c:\users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-04-02 351888]
    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-06-18 109336]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2012-04-17 938680]
    "Info Center"="c:\program files (x86)\PCPitstop\Info Center\InfoCenter.exe" [2011-04-22 24216]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
    "HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2009-10-06 30264]
    "DLSService"="c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe" [2010-05-11 55808]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe" [2011-06-12 506352]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
    "CPMonitor"="c:\program files (x86)\Roxio 2012\5.0\CPMonitor.exe" [2011-07-08 84464]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
    "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2011-07-22 30568]
    "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-05-23 1466760]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2011-03-01 144616]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-04-27 5955000]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\isuspm.exe" [2011-10-13 2068856]
    "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2011-07-22 46952]
    "AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-04-27 1171304]
    "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-05-09 1061520]
    "PDF8 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 8\RegistryController.exe" [2012-05-25 173968]
    "PDFProHook"="c:\program files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe" [2012-05-25 1828752]
    "Nuance PDF Converter Professional 8-reminder"="c:\program files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" [2011-09-06 333672]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2012-01-15 559616]
    .
    c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
    .
    c:\users\Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Comcast Universal Caller ID.lnk - c:\program files (x86)\Comcast Universal Caller ID\Comcast Universal Caller ID.exe [N/A]
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
    .
    c:\users\harvey.HARVEYPIERCE0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\harvey.HARVEYPIERCE0\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-6 27502520]
    FedEx Desktop.lnk - c:\program files (x86)\FedEx\FedEx Desktop\FedEx Desktop.exe [2012-1-25 142336]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Gaaiho Collaboration.lnk - c:\program files (x86)\Zeon\Gaaiho\Gaaiho Go Lite 3\bin\GaaihoGo3.exe [2012-5-16 4745096]
    Nuance Cloud Connector.lnk - c:\program files (x86)\Nuance\Nuance Cloud Connector\GladLauncher.exe [2012-5-18 87960]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoExpandedNewMenu"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli FAPassSync
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpAgent
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware15
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 136176]
    R2 gupdate1c999ea5dd8cfe4;Google Update Service (gupdate1c999ea5dd8cfe4);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 136176]
    R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-04-17 1047336]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2011-07-13 340976]
    R3 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 257224]
    R3 Agent;Agent;c:\windows\agent_x64.exe [2011-08-24 102912]
    R3 APCPBEAgent;APC PBE Agent;c:\progra~2\APC\POWERC~1\agent\pbeagent.exe [2011-01-26 34168]
    R3 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2010-10-05 263480]
    R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2008-07-29 1075712]
    R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athrxu6.sys [2007-07-05 1041920]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
    R3 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2011-07-15 21488]
    R3 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-23 127352]
    R3 CLKMSVC10_1628BCEA;CyberLink Product - 2011/11/27 19:25;c:\program files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2011-03-01 240360]
    R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-01-06 276256]
    R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-05-01 21712]
    R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
    R3 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [2012-02-28 4986032]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 136176]
    R3 HDRExpressService;HDRExpressService;c:\program files\UCT\HDR Express\HDRExpressService.exe [2011-04-05 28432]
    R3 ICDUSB3;ICDUSB3;c:\windows\system32\Drivers\ICDUSB3.sys [2008-08-18 13312]
    R3 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2009-11-13 25824]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 Ndisrd;WinpkFilter Service;c:\windows\system32\DRIVERS\ndisrd.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [x]
    R3 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [x]
    R3 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-07-22 138600]
    R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-11-20 38536]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [2007-01-24 46616]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
    R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2011-07-13 1095664]
    R3 RoxMediaDBVHS;RoxMediaDBVHS;c:\program files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [2010-02-19 1116656]
    R3 ser2at;ATEN USB to Serial port driver;c:\windows\system32\DRIVERS\ser2at64.sys [2009-10-15 96256]
    R3 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1255736]
    R3 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;c:\program files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2012-03-22 628624]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R4 BOTService;BOTService;c:\program files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2011-07-14 211440]
    R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
    R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2011-04-22 91304]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
    S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-06-06 137312]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-05-24 55952]
    S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [2011-02-09 27120]
    S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [2011-02-09 19952]
    S0 SysCow;SysCow;c:\windows\system32\drivers\syscowad64v.sys [2010-05-23 164848]
    S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-06-06 211552]
    S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [2012-06-06 146528]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2009-09-08 23464]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
    S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [2011-02-09 27632]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/11/27 19:25];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 21:35 146928]
    S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2011-02-09 457200]
    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-06-06 3459024]
    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
    S2 CLDTVHNService;CLDTVHNService;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-09-17 75048]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
    S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-01-28 32336]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
    S2 GladFileMonSvc;GladFileMonSvc;c:\program files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2012-05-18 29592]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
    S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-04-17 1047336]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 MSSQL$COMPASS20;SQL Server (COMPASS20);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    S2 ntk_dtv;ntk_dtv;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-09-17 82416]
    S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [2012-05-25 135056]
    S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-04-27 5914912]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-03-11 367200]
    S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [2009-06-30 411136]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
    S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
    S3 DYUSB;DYMO DiscPainter USB Status Monitor Driver;c:\windows\system32\Drivers\DYUSB.sys [2009-12-02 47104]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
    S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [2009-07-29 24568]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    .
    .
  8. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    Here is Part 2 of ComboFix Log:


    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 10:39]
    .
    2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 10:14]
    .
    2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 10:14]
    .
    2012-06-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
    .
    2012-06-29 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
    .
    2012-06-24 c:\windows\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
    - c:\program files (x86)\WinZip System Utilities Suite\WINZIPSSCheckUpdate.exe [2011-09-18 12:38]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2012-05-09 03:31 1280144 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2012-05-09 03:31 1280144 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2012-05-09 03:31 1280144 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 97792 ----a-w- c:\users\harvey.HARVEYPIERCE0\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 97792 ----a-w- c:\users\harvey.HARVEYPIERCE0\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 97792 ----a-w- c:\users\harvey.HARVEYPIERCE0\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 97792 ----a-w- c:\users\harvey.HARVEYPIERCE0\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
    @="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
    [HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
    2012-05-18 17:31 207768 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
    @="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
    [HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
    2012-05-18 17:34 195480 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-04-27 403112]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
    "dyaaserv.exe"="c:\program files (x86)\DYMO DiscPainter\Drivers\Amd64\DYAASERV.exe" [2010-02-03 228864]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://xfinity.comcast.net/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://search.coupons.com/
    uInternet Settings,ProxyOverride = *.local;localhost
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Open with Nuance PDF Converter 8 - c:\program files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll /100
    IE: Open with PDF Professional 8 - c:\program files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
    IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.12 208.67.220.220 208.67.222.222
    TCP: Interfaces\{A0221956-CA4F-4CAC-90E3-53A2EC034921}: NameServer = 192.168.0.12,208.67.222.222,208.67.220.220,192.168.0.1
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
    DPF: {55CEE8C1-6D7A-4711-A910-93FABAA992A9} - hxxp://www.fedex.com/downloads/woas/woas.CAB
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    DPF: {8F2EACD9-51A6-4915-B9AD-2AA8657CB472} - hxxps://webpostage.stamps.com/webpostage/plugin/SdcWebClientServices.cab
    DPF: {A0CC33E0-9DF0-4361-A94D-E55C4008788F} - hxxp://biosagentplus.com/files/biosagentplus.cab
    DPF: {C1355F7F-DF8F-4131-BAF2-2F36DE80E4C3} - hxxps://mc1.embarqnow.net/applet/soundrec.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://camera2.thevillages.com/activex/AMC.cab
    DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.ocx
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    BHO-{B288F9DE-0E51-442E-B5B0-88BA8BE7A675} - c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll
    Toolbar-Locked - (no file)
    Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll
    ShellIconOverlayIdentifiers-{01CCCC8C-1D50-4b13-B96D-4B922DD3128B} - (no file)
    Wow6432Node-HKCU-Run-PlaxoSysTray - c:\users\harvey.HARVEYPIERCE0\AppData\Local\Plaxo\3.34.0.3\PlaxoSysTray.exe
    Wow6432Node-HKCU-Run-UpdateFlow.Comcast - c:\program files (x86)\Comcast\pcBrowser.exe
    Wow6432Node-HKU-Default-Run-StartUp This - c:\program files (x86)\Laplink\PCmover\LaunchSt.exe
    Wow6432Node-HKU-Default-RunOnce-PCmover CookieMerge - c:\program files (x86)\Laplink\PCmover\CookieMerge.exe
    HKLM_Wow6432Node-ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008
    HKLM_Wow6432Node-ActiveSetup-{7070D8E0-650A-46b3-B03C-9497582E6A74} - c:\windows\system32\soundschemes.exe
    HKLM_Wow6432Node-ActiveSetup-{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - c:\windows\system32\soundschemes2.exe
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    WebBrowser-{CA985BFE-E29C-40CA-84AC-EF21B377717A} - (no file)
    WebBrowser-{0FB24E1F-D247-4F4E-8DDD-9E18EA10829F} - (no file)
    WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
    ShellIconOverlayIdentifiers- - (no file)
    ShellIconOverlayIdentifiers- - (no file)
    ShellIconOverlayIdentifiers- - (no file)
    AddRemove-SIUSBXP&10C4&EA61 - c:\windows\system32\Silabs\DriverUninstaller.exe USBXpress\SIUSBXP&10C4&EA61
    AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Citrix\GoToMyPC\g2svc.exe
    c:\program files (x86)\Citrix\GoToMyPC\g2comm.exe
    c:\program files (x86)\Citrix\GoToAssist Express Expert\403\g2ax_comm_expert.exe
    c:\users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
    c:\program files (x86)\Citrix\GoToMyPC\g2pre.exe
    c:\program files (x86)\Citrix\GoToAssist Express Expert\403\g2ax_user_expert.exe
    c:\program files (x86)\Citrix\GoToMyPC\g2tray.exe
    c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    c:\programdata\FLEXnet\Connect\11\agent.exe
    c:\program files (x86)\Visioneer\OneTouch 4.0\OtService.exe
    c:\program files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-29 07:00:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-29 11:00
    .
    Pre-Run: 218,785,927,168 bytes free
    Post-Run: 218,685,956,096 bytes free
    .
    - - End Of File - - AE32568A713AD6437290E56C8914A25D
  9. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Combo log looks good.

    How is computer doing?

    ===========================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =========================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  10. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    Here is the Malware Log taken right after the combofix finished. The computer seem to be working much better. Thanks

    2012/06/29 02:33:24 -0400 STUDIOXPS harvey MESSAGE Executing scheduled update: Daily
    2012/06/29 02:33:34 -0400 STUDIOXPS harvey MESSAGE Scheduled update executed successfully: database updated from version v2012.06.28.04 to version v2012.06.29.04
    2012/06/29 02:33:34 -0400 STUDIOXPS harvey MESSAGE Starting database refresh
    2012/06/29 02:33:36 -0400 STUDIOXPS harvey MESSAGE Database refreshed successfully
    2012/06/29 06:25:11 -0400 STUDIOXPS harvey MESSAGE Starting protection
    2012/06/29 06:25:13 -0400 STUDIOXPS harvey MESSAGE Protection started successfully
    2012/06/29 06:25:16 -0400 STUDIOXPS harvey MESSAGE Starting IP protection
    2012/06/29 06:25:16 -0400 STUDIOXPS harvey ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
    2012/06/29 07:24:11 -0400 STUDIOXPS harvey MESSAGE Starting protection
    2012/06/29 07:24:13 -0400 STUDIOXPS harvey MESSAGE Protection started successfully
    2012/06/29 07:24:16 -0400 STUDIOXPS harvey MESSAGE Starting IP protection
    2012/06/29 07:24:17 -0400 STUDIOXPS harvey MESSAGE IP Protection started successfully
  11. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    This is not correct MBAM log.
    Redo.
     
  12. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    I hope this is what we are looking for...

    Malwarebytes Anti-Malware (PRO) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.06.29.04
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    harvey :: STUDIOXPS [administrator]
    Protection: Enabled
    6/29/2012 12:15:12 PM
    mbam-log-2012-06-29 (12-15-12).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 278306
    Time elapsed: 7 minute(s), 24 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  13. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Yes.

    You didn't say:
    [​IMG]
  14. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    I thought I gave the report with the first Malware log... Anyway the system seem to be free of virus as ESET is not reporting any virus or malware... Thanks. I am running the OTL now and log to follow when done
  15. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    OTL logfile created on: 6/29/2012 12:38:33 PM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\harvey.HARVEYPIERCE0\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.96 Gb Total Physical Memory | 3.66 Gb Available Physical Memory | 45.97% Memory free
    15.92 Gb Paging File | 11.37 Gb Available in Paging File | 71.43% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 587.01 Gb Total Space | 200.42 Gb Free Space | 34.14% Space Free | Partition Type: NTFS
    Drive J: | 14.90 Gb Total Space | 9.62 Gb Free Space | 64.53% Space Free | Partition Type: FAT32
    Drive K: | 1.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: FAT
    Drive L: | 30.25 Gb Total Space | 30.24 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
    Drive N: | 587.01 Gb Total Space | 200.42 Gb Free Space | 34.14% Space Free | Partition Type: FAT

    Computer Name: STUDIOXPS | User Name: harvey | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/29 11:32:24 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\harvey.HARVEYPIERCE0\Desktop\OTL.exe
    PRC - [2012/06/27 18:39:10 | 000,662,192 | ---- | M] (The Neat Company) -- C:\Program Files (x86)\Neat\exec\Neat.exe
    PRC - [2012/06/18 06:52:37 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    PRC - [2012/06/11 20:26:10 | 009,786,488 | ---- | M] (SugarSync, Inc.) -- C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
    PRC - [2012/06/06 22:02:30 | 027,502,520 | ---- | M] (Dropbox, Inc.) -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/06/06 06:11:56 | 003,459,024 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    PRC - [2012/06/02 06:30:41 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Express Expert\403\g2ax_user_expert.exe
    PRC - [2012/06/02 06:30:41 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Express Expert\403\g2ax_start.exe
    PRC - [2012/06/02 06:30:41 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Express Expert\403\g2ax_comm_expert.exe
    PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    PRC - [2012/05/25 02:33:38 | 001,828,752 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
    PRC - [2012/05/25 02:32:46 | 000,135,056 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
    PRC - [2012/05/23 13:32:38 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
    PRC - [2012/05/19 05:28:56 | 002,906,008 | ---- | M] (Gladinet, INC) -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
    PRC - [2012/05/18 13:40:18 | 000,029,592 | ---- | M] (Gladinet, INC) -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
    PRC - [2012/05/16 13:48:18 | 004,745,096 | ---- | M] (Zeon Corporation) -- C:\Program Files (x86)\Zeon\Gaaiho\Gaaiho Go Lite 3\bin\GaaihoGo3.exe
    PRC - [2012/05/08 23:39:52 | 001,061,520 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    PRC - [2012/04/27 19:10:38 | 001,171,304 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
    PRC - [2012/04/27 19:07:12 | 005,914,912 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    PRC - [2012/04/27 19:04:16 | 000,403,112 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    PRC - [2012/04/27 19:03:28 | 005,955,000 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    PRC - [2012/04/17 09:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/04/02 16:50:14 | 000,351,888 | ---- | M] (NDS Technologies) -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
    PRC - [2012/04/02 16:49:58 | 000,686,208 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
    PRC - [2012/03/21 23:30:02 | 002,074,512 | ---- | M] (Plaxo, Inc.) -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\Plaxo\3.34.0.3\PlaxoHelper_en.exe
    PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    PRC - [2012/02/24 21:04:47 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2012/02/23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    PRC - [2012/02/23 13:22:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    PRC - [2012/02/15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
    PRC - [2012/01/25 07:15:03 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\FedEx\FedEx Desktop\FedEx Desktop.exe
    PRC - [2011/10/17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/10/17 16:12:48 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2011/10/12 23:11:34 | 002,068,856 | ---- | M] (Flexera Software LLC.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    PRC - [2011/10/12 23:11:32 | 001,446,264 | ---- | M] (Flexera Software LLC.) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
    PRC - [2011/08/22 05:39:44 | 002,995,568 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
    PRC - [2011/08/22 05:39:42 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
    PRC - [2011/08/22 05:39:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
    PRC - [2011/08/22 05:39:28 | 001,686,384 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
    PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/07/22 19:13:10 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    PRC - [2011/07/08 12:31:22 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
    PRC - [2011/06/12 19:07:24 | 000,506,352 | ---- | M] () -- C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2011/04/22 16:51:04 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
    PRC - [2011/03/01 12:23:28 | 000,144,616 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2011/02/09 17:36:58 | 000,457,200 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    PRC - [2010/10/28 20:02:02 | 000,056,952 | ---- | M] (Ipswitch) -- C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
    PRC - [2010/10/15 18:25:22 | 000,221,184 | ---- | M] (Visioneer Inc.) -- C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
    PRC - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    PRC - [2010/05/10 23:53:16 | 000,055,808 | ---- | M] (Sanford, L.P.) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
    PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    PRC - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
    PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/12 20:07:05 | 000,617,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\dea30f3639ea0e8b2d863a7b936e5520\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
    MOD - [2012/06/12 20:06:53 | 000,167,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\e1a8a0ddc283db83528f343abaa74ac5\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
    MOD - [2012/06/12 20:06:52 | 000,816,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\78dd5caf7a28d0b1b122483818205cf0\Microsoft.Office.Tools.Common.v9.0.ni.dll
    MOD - [2012/06/12 20:06:12 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
    MOD - [2012/06/12 20:06:01 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0767c3bc7cd93daf38517843d29ce808\IAStorUtil.ni.dll
    MOD - [2012/06/12 20:05:55 | 000,134,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\496fe440ed2eff2ba78aad700a052408\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
    MOD - [2012/06/12 20:05:49 | 000,152,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\51ad304ce7ae5aa72a6afdbce7661195\Microsoft.Office.Tools.v9.0.ni.dll
    MOD - [2012/06/12 20:05:48 | 000,215,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d7f1a24f4ab28ff9859120d65b72d688\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
    MOD - [2012/06/12 19:35:26 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
    MOD - [2012/06/12 19:35:25 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
    MOD - [2012/06/12 19:35:13 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
    MOD - [2012/06/12 19:35:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/12 19:34:55 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/06/12 19:34:07 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
    MOD - [2012/06/12 19:21:35 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
    MOD - [2012/06/12 19:21:25 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
    MOD - [2012/06/12 19:21:23 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
    MOD - [2012/06/12 19:21:17 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
    MOD - [2012/06/12 19:21:16 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
    MOD - [2012/05/25 02:13:52 | 000,615,424 | ---- | M] () -- C:\Program Files (x86)\Common Files\ScanSoft Shared\PDF8\OutlookAddin.dll
    MOD - [2012/05/25 02:13:04 | 000,332,288 | ---- | M] () -- C:\Program Files (x86)\Common Files\ScanSoft Shared\PDF8\MailProcessor7.dll
    MOD - [2012/05/18 13:01:48 | 000,251,800 | ---- | M] () -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSBr_nuance.dll
    MOD - [2012/05/18 12:57:14 | 000,133,016 | ---- | M] () -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui_En.dll
    MOD - [2012/05/18 12:57:04 | 000,016,280 | ---- | M] () -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui.dll
    MOD - [2012/05/18 12:56:56 | 000,079,768 | ---- | M] () -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\zlib125.dll
    MOD - [2012/05/18 12:56:40 | 000,292,760 | ---- | M] () -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\sqlite3.dll
    MOD - [2012/05/10 03:48:33 | 000,037,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\66d750f3f8dde0cc865f921497ab3545\System.Windows.Presentation.ni.dll
    MOD - [2012/05/10 03:48:12 | 009,921,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll
    MOD - [2012/05/10 03:47:50 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\543b0e12423bcec010bdd2ac27c5dc04\System.ComponentModel.DataAnnotations.ni.dll
    MOD - [2012/05/10 03:47:35 | 000,337,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cbaa2c3a4e91129440a784827d1d26bb\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.ni.dll
    MOD - [2012/05/10 03:47:34 | 000,650,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\2e2d6d0b6701f8e4fbc68cb9886893fa\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
    MOD - [2012/05/10 03:47:33 | 000,363,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a53d1b5b3a7e93bc689b3608edf2b496\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
    MOD - [2012/05/10 03:47:31 | 001,300,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0849dd848383994c63dc00278f64ddae\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.ni.dll
    MOD - [2012/05/10 03:46:32 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
    MOD - [2012/05/10 03:46:02 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
    MOD - [2012/05/10 03:45:56 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
    MOD - [2012/05/10 03:45:55 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9eed0fcdc582550a65536d1150b49574\IAStorCommon.ni.dll
    MOD - [2012/05/10 03:45:54 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6a136e5fc2c34ed7f99fb094bd968169\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
    MOD - [2012/05/10 03:45:52 | 000,112,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6c7ccf3f7fa572b45a31097585b9be71\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll
    MOD - [2012/05/10 03:45:52 | 000,035,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a3d7d37ccd26595b9858116ac8e78e42\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll
    MOD - [2012/05/10 03:45:52 | 000,028,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8dca7c59eac234524898c293abc15952\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
    MOD - [2012/05/10 03:45:51 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
    MOD - [2012/05/10 03:45:51 | 000,133,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\783a4e24531ee190eb826509f8cc2a45\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll
    MOD - [2012/05/10 03:45:48 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9e572d1a5f468ae4226d9c74a54dbf5a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll
    MOD - [2012/05/10 03:39:19 | 000,634,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\a90ec436f1d2c5cb0133a53c2e47d61a\System.AddIn.ni.dll
    MOD - [2012/05/10 03:39:19 | 000,082,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f34410ab8e82063735d876533db26c49\System.AddIn.Contract.ni.dll
    MOD - [2012/05/10 03:36:17 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/10 03:35:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/10 03:35:59 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
    MOD - [2012/05/10 03:35:58 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
    MOD - [2012/05/10 03:35:57 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
    MOD - [2012/05/10 03:35:22 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
    MOD - [2012/05/10 03:35:22 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
    MOD - [2012/05/10 03:35:22 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
    MOD - [2012/05/10 03:35:00 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/10 03:34:51 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/10 03:34:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/10 03:34:45 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/10 03:34:03 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/05/10 03:17:20 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
    MOD - [2012/05/10 03:17:20 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll
    MOD - [2012/05/10 03:07:53 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/10 03:06:23 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
    MOD - [2012/05/10 03:06:20 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
    MOD - [2012/05/10 03:06:17 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll
    MOD - [2012/05/10 03:06:16 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
    MOD - [2012/05/10 03:06:12 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
    MOD - [2012/04/18 15:52:38 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Neat\exec\CynergySystems.Commons.dll
    MOD - [2012/04/17 13:58:18 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Zeon\Gaaiho\Gaaiho Go Lite 3\bin\go-addins\GaaihoRecorder.dll
    MOD - [2012/04/12 22:49:14 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Neat\exec\qsp\Retlang.dll
    MOD - [2012/04/04 01:53:58 | 002,894,240 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
    MOD - [2012/04/02 16:52:04 | 000,091,240 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\z.dll
    MOD - [2012/04/02 16:51:50 | 001,402,488 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\libxml2-2.dll
    MOD - [2012/04/02 16:51:32 | 000,688,264 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
    MOD - [2012/04/02 16:50:40 | 006,809,720 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\gsttspplugin.dll
    MOD - [2012/04/02 16:50:30 | 000,273,528 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\ndsLogStore.dll
    MOD - [2012/04/02 16:50:24 | 000,051,864 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\boost_thread-vc90-mt-1_39.dll
    MOD - [2012/04/02 16:50:22 | 002,049,152 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\XferManagerDll.dll
    MOD - [2012/04/02 16:50:20 | 001,945,704 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\TSB.dll
    MOD - [2012/04/02 16:50:08 | 002,721,920 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\PCShowServerDll.dll
    MOD - [2012/04/02 16:49:58 | 000,686,208 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
    MOD - [2012/04/02 16:49:56 | 001,988,216 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\DrmSingleton.dll
    MOD - [2012/04/02 16:49:52 | 001,226,872 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\CatalogDll.dll
    MOD - [2012/03/31 11:20:32 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Zeon\Gaaiho\Gaaiho Go Lite 3\bin\go-addins\GaaihoTransmit.dll
    MOD - [2012/03/31 11:20:22 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\Zeon\Gaaiho\Gaaiho Go Lite 3\bin\go-addins\GaaihoBackup.dll
    MOD - [2012/03/21 23:30:04 | 000,110,992 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\Plaxo\3.34.0.3\sml.dll
    MOD - [2012/03/21 23:05:18 | 000,313,344 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\Plaxo\3.34.0.3\plx_sqlite.dll
    MOD - [2012/03/15 10:46:30 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Neat\exec\StructureMap.dll
    MOD - [2012/03/15 10:46:30 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\Neat\exec\LinFu.DynamicProxy.dll
    MOD - [2012/01/25 07:15:03 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\FedEx\FedEx Desktop\FedEx Desktop.exe
    MOD - [2011/12/10 15:08:07 | 000,296,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
    MOD - [2011/12/10 15:08:07 | 000,092,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Synchronization.Data.SqlServerCe\3.5.0.0__89845dcd8080cc91\Microsoft.Synchronization.Data.SqlServerCe.dll
    MOD - [2011/10/25 16:22:30 | 001,978,368 | ---- | M] () -- C:\Program Files (x86)\Zeon\Gaaiho\Gaaiho Go Lite 3\bin\GaaihoVideo.dll
    MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    MOD - [2011/07/08 12:31:22 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/06/13 16:47:48 | 000,814,080 | ---- | M] () -- C:\Program Files (x86)\Zeon\Gaaiho\Gaaiho Go Lite 3\bin\grecorder.dll
    MOD - [2011/06/12 19:07:24 | 000,506,352 | ---- | M] () -- C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
    MOD - [2011/06/07 19:53:43 | 000,677,144 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.QBFC7\7.0.0.134__31d8aec643e18259\Interop.QBFC7.dll
    MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2011/02/25 14:55:04 | 001,228,800 | ---- | M] () -- C:\Program Files (x86)\Zeon\Gaaiho\Gaaiho Go Lite 3\bin\zACE.dll
    MOD - [2011/02/10 13:45:16 | 000,065,536 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\assembly\dl3\D7T07KPG.LXT\ELMZVHJK.9HJ\7b092e9d\00d49700_20bfcb01\Outlook07DymoAddIn.DLL
    MOD - [2011/02/10 13:44:34 | 000,094,208 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\assembly\dl3\D7T07KPG.LXT\ELMZVHJK.9HJ\7754cc8a\004bcda4_1fbfcb01\DYMO.Common.DLL
    MOD - [2010/12/21 02:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
    MOD - [2010/11/19 20:57:43 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
    MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/10/28 19:55:42 | 006,551,672 | ---- | M] () -- C:\Program Files (x86)\Ipswitch\WS_FTP 12\res0409.dll
    MOD - [2010/10/28 19:52:36 | 000,948,496 | ---- | M] () -- C:\Program Files (x86)\Ipswitch\WS_FTP 12\libeay32.dll
    MOD - [2010/10/28 19:52:36 | 000,153,360 | ---- | M] () -- C:\Program Files (x86)\Ipswitch\WS_FTP 12\ssleay32.dll
    MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/09/28 14:03:40 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Zeon\Gaaiho\Gaaiho Go Lite 3\bin\GaaihoZPeerEx.dll
    MOD - [2010/06/02 10:08:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Zeon\Gaaiho\Gaaiho Go Lite 3\bin\G2IPC.dll
    MOD - [2010/05/29 18:45:42 | 000,972,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
    MOD - [2010/05/29 18:45:41 | 000,448,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\office\14.0.0.0__71e9bce111e9429c\office.dll
    MOD - [2010/05/29 18:45:29 | 000,115,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Synchronization.Data\1.0.0.0__89845dcd8080cc91\Microsoft.Synchronization.Data.dll
    MOD - [2010/05/29 18:45:06 | 000,115,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Synchronization.Data.Server\1.0.0.0__89845dcd8080cc91\Microsoft.Synchronization.Data.Server.dll
    MOD - [2010/04/21 09:54:42 | 000,962,560 | ---- | M] () -- C:\Program Files (x86)\Zeon\Gaaiho\Gaaiho Go Lite 3\bin\GaaihoBT.dll
    MOD - [2009/11/13 17:46:18 | 000,618,496 | ---- | M] () -- C:\Program Files (x86)\Zeon\Gaaiho\Gaaiho Go Lite 3\bin\zlib.dll
    MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
    MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
    MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
    MOD - [2009/11/13 17:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
    MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
    MOD - [2009/06/10 17:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2008/10/31 16:39:00 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Zeon\Gaaiho\Gaaiho Go Lite 3\bin\zlib1.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
    SRV:64bit: - [2012/05/08 23:31:42 | 006,715,024 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
    SRV:64bit: - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2012/02/28 16:07:40 | 004,986,032 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe -- (GsServer)
    SRV:64bit: - [2012/01/04 18:16:08 | 002,646,864 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
    SRV:64bit: - [2011/04/05 00:59:26 | 000,028,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\UCT\HDR Express\HDRExpressService.exe -- (HDRExpressService)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2012/06/10 06:39:17 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/06 06:11:56 | 003,459,024 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
    SRV - [2012/05/25 02:32:46 | 000,135,056 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe -- (PDFProFiltSrv)
    SRV - [2012/05/18 13:40:18 | 000,029,592 | ---- | M] (Gladinet, INC) [Auto | Running] -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe -- (GladFileMonSvc)
    SRV - [2012/04/27 19:07:12 | 005,914,912 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
    SRV - [2012/04/27 19:06:30 | 001,132,824 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2012/04/17 09:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
    SRV - [2012/04/17 09:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/03/22 08:38:06 | 000,628,624 | ---- | M] (WinZip Computing, S.L. (WinZip Computing)) [On_Demand | Stopped] -- C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe -- (WINZIPSSDiskOptimizer)
    SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
    SRV - [2011/10/17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2011/09/29 13:52:22 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\759\g2aservice.exe -- (GoToAssist)
    SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
    SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2011/08/24 13:59:58 | 000,102,912 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\agent_x64.exe -- (Agent)
    SRV - [2011/08/22 05:39:42 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
    SRV - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [On_Demand | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2011/07/22 19:12:04 | 000,138,600 | ---- | M] (Nuance Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
    SRV - [2011/07/15 01:03:00 | 000,021,488 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
    SRV - [2011/07/13 07:41:52 | 000,340,976 | ---- | M] (Rovi Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
    SRV - [2011/07/13 07:41:30 | 001,095,664 | ---- | M] (Rovi Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
    SRV - [2011/04/22 16:51:54 | 000,091,304 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
    SRV - [2011/03/01 12:23:42 | 000,240,360 | ---- | M] (CyberLink) [On_Demand | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe -- (CLKMSVC10_1628BCEA)
    SRV - [2011/02/09 17:36:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
    SRV - [2011/01/28 15:34:52 | 000,032,336 | ---- | M] (Sanford, L.P.) [Auto | Running] -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe -- (DymoPnpService)
    SRV - [2011/01/26 13:44:16 | 000,054,728 | ---- | M] (APC) [On_Demand | Stopped] -- C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe -- (APCPBEServer)
    SRV - [2011/01/26 13:38:24 | 000,034,168 | ---- | M] (APC) [On_Demand | Stopped] -- C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe -- (APCPBEAgent)
    SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/10/15 18:25:22 | 000,221,184 | ---- | M] (Visioneer Inc.) [Auto | Running] -- C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)
    SRV - [2010/10/05 14:59:24 | 000,263,480 | ---- | M] (Systweak Inc., (www.systweak.com)) [On_Demand | Stopped] -- C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe -- (ASO3DiskOptimizer)
    SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
    SRV - [2010/05/25 20:10:25 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/05/25 20:08:44 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 06:44:44 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe -- (RoxMediaDBVHS)
    SRV - [2009/11/12 22:30:42 | 000,025,824 | ---- | M] (Memeo) [On_Demand | Stopped] -- C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
    SRV - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe -- (CLDTVHNService)
    SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2009/06/23 17:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
  16. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    Part 2 of OTL.TXT


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/06/06 06:11:54 | 001,294,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
    DRV:64bit: - [2012/06/06 06:11:50 | 000,994,912 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
    DRV:64bit: - [2012/06/06 06:11:47 | 000,211,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
    DRV:64bit: - [2012/06/06 06:11:46 | 000,146,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt67.sys -- (vidsflt67) Acronis Disk Storage Filter (67)
    DRV:64bit: - [2012/06/06 06:11:45 | 000,320,096 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
    DRV:64bit: - [2012/06/06 06:11:42 | 000,137,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
    DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/14 08:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
    DRV:64bit: - [2012/03/14 08:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
    DRV:64bit: - [2012/03/14 08:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
    DRV:64bit: - [2012/03/14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2012/03/14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2012/03/11 15:19:22 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/01/06 11:47:21 | 000,276,256 | ---- | M] (Digiarty Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
    DRV:64bit: - [2011/10/17 15:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/08/23 06:12:58 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/05/24 03:00:00 | 000,055,952 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
    DRV:64bit: - [2011/05/09 20:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
    DRV:64bit: - [2011/03/18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/24 06:56:44 | 002,700,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/02/14 03:04:34 | 000,044,624 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
    DRV:64bit: - [2011/02/09 01:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
    DRV:64bit: - [2011/02/09 01:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
    DRV:64bit: - [2011/02/09 01:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/19 21:09:29 | 000,038,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
    DRV:64bit: - [2010/08/09 13:57:18 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
    DRV:64bit: - [2010/07/12 15:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
    DRV:64bit: - [2010/05/28 10:55:10 | 000,354,320 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
    DRV:64bit: - [2010/05/23 19:47:08 | 000,164,848 | ---- | M] (Sonic Solutions) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\syscowad64v.sys -- (SysCow)
    DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
    DRV:64bit: - [2009/12/02 19:19:10 | 000,047,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dyusb.sys -- (DYUSB)
    DRV:64bit: - [2009/10/15 09:13:44 | 000,096,256 | ---- | M] (ATEN) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2at64.sys -- (ser2at)
    DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/09/08 10:40:14 | 000,023,464 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
    DRV:64bit: - [2009/07/29 10:37:08 | 000,024,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NW1950.sys -- (NW1950)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/13 20:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
    DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
    DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
    DRV:64bit: - [2009/06/30 05:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2009/06/30 05:01:40 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWBS2.sys -- (CAXHWBS2)
    DRV:64bit: - [2009/06/30 04:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/08 11:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
    DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
    DRV:64bit: - [2008/08/18 12:11:52 | 000,013,312 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ICDUSB3.sys -- (ICDUSB3)
    DRV:64bit: - [2008/07/29 04:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
    DRV:64bit: - [2007/07/05 02:58:36 | 001,041,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxu6.sys -- (athrusb6)
    DRV:64bit: - [2007/01/24 16:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcblan.sys -- (RemoteControl-USBLAN)
    DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV:64bit: - [2006/06/19 06:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2011/05/01 11:57:05 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
    DRV - [2009/12/29 17:35:40 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/11/27 19:25:11] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
    DRV - [2009/12/02 19:19:10 | 000,039,936 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dyusb.sys -- (DYUSB)
    DRV - [2009/09/17 18:40:52 | 000,082,416 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys -- (ntk_dtv)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2006/07/24 18:51:34 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\filedisk.sys -- (FileDisk)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{6091135D-B0EC-4FC2-9A54-6346E57919F2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {ca985bfe-e29c-40ca-84ac-ef21b377717a} - C:\Program Files (x86)\PCN_tools\prxtbPCN_.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com...}&invocationType=tb50-ie-aim-chromesbox-en-us
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{878E5062-DE43-47F9-958A-205688A1AF26}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2564175


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
    IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\URLSearchHook: - No CLSID value found
    IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\URLSearchHook: {b03b3ced-82cf-43b6-b2d4-1b40851c7658} - C:\Program Files (x86)\Publishers Clearing House Prize Bar\Helper.dll ()
    IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\URLSearchHook: {ca985bfe-e29c-40ca-84ac-ef21b377717a} - C:\Program Files (x86)\PCN_tools\prxtbPCN_.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IP2TDF&PC=IP2TDF&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com...}&invocationType=tb50-ie-aim-chromesbox-en-us
    IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7GGLL_enUS381
    IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.coupons.com/search.asp?p=df&q={searchTerms}
    IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2564175
    IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={s...e=W3i_DS,136,0_0,Search,20120416,17118,0,18,0
    IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;localhost
  17. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    Part 3 of OTL.TXT


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)
    FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
    FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: File not found
    FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/06/13 13:31:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/10 19:58:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/19 10:45:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/04 09:19:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/06/13 13:31:20 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/19 10:45:32 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2012/06/29 06:49:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
    O2 - BHO: (HP Smart Print BHO) - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\PlusIEContextMenu.dll (Zeon Corporation)
    O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (TBSB07898 Class) - {B288F9DE-0E51-442E-B5B0-88BA8BE7A675} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
    O2 - BHO: (ZeonIEEventHelper Class) - {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
    O2 - BHO: (PCN tools Toolbar) - {ca985bfe-e29c-40ca-84ac-ef21b377717a} - C:\Program Files (x86)\PCN_tools\prxtbPCN_.dll (Conduit Ltd.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
    O2 - BHO: (Publishers Clearing House PrizeBar BHO) - {E32D05F6-B1BB-4F2F-A045-042144FCD2E0} - C:\Program Files (x86)\Publishers Clearing House Prize Bar\Toolbar.dll ()
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Publishers Clearing House PrizeBar) - {0FB24E1F-D247-4F4E-8DDD-9E18EA10829F} - C:\Program Files (x86)\Publishers Clearing House Prize Bar\Toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
    O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Nuance PDF) - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
    O3 - HKLM\..\Toolbar: (PCN tools Toolbar) - {ca985bfe-e29c-40ca-84ac-ef21b377717a} - C:\Program Files (x86)\PCN_tools\prxtbPCN_.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\Toolbar\WebBrowser: (Publishers Clearing House PrizeBar) - {0FB24E1F-D247-4F4E-8DDD-9E18EA10829F} - C:\Program Files (x86)\Publishers Clearing House Prize Bar\Toolbar.dll ()
    O3:64bit: - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O3 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\Toolbar\WebBrowser: (PCN tools Toolbar) - {CA985BFE-E29C-40CA-84AC-EF21B377717A} - C:\Program Files (x86)\PCN_tools\prxtbPCN_.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\Toolbar\WebBrowser: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
    O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [dyaaserv.exe] C:\Program Files (x86)\DYMO DiscPainter\Drivers\Amd64\DYAASERV.exe (DYMO, Inc.)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
    O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [CPMonitor] C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe ()
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [DLSService] C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)
    O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
    O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
    O4 - HKLM..\Run: [iolo Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
    O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Nuance PDF Converter Professional 8-reminder] C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PDF8 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
    O4 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104..\Run: [GoToAssist Express Expert] C:\Program Files (x86)\Citrix\GoToAssist Express Expert\403\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)
    O4 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104..\Run: [PCShowServer] C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)
    O4 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104..\Run: [PlaxoUpdate] C:\Users\harvey.HARVEYPIERCE0\AppData\Local\Plaxo\3.34.0.3\PlaxoHelper_en.exe (Plaxo, Inc.)
    O4 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
    O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
    O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
    O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Comcast Universal Caller ID.lnk = File not found
    O4 - Startup: C:\Users\Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FedEx Desktop.lnk = C:\Program Files (x86)\FedEx\FedEx Desktop\FedEx Desktop.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoExpandedNewMenu = 0
    O7 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll (Nuance Communications, Inc.)
    O8:64bit: - Extra context menu item: Open with PDF Professional 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: Open with Nuance PDF Converter 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll (Nuance Communications, Inc.)
    O8 - Extra context menu item: Open with PDF Professional 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation)
    O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm ()
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..Trusted Domains: apcc.com ([www] http in Local intranet)
    O15 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..Trusted Domains: localhost ([]* in Local intranet)
    O15 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..Trusted Ranges: Range1 ([*] in Local intranet)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Reg Error: Key error.)
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} https://www.plaxo.com/down/latest/PlaxoInstall.cab (Reg Error: Key error.)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Reg Error: Key error.)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (Reg Error: Key error.)
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/59.15/uploader2.cab (Reg Error: Key error.)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Reg Error: Key error.)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (Reg Error: Key error.)
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (Reg Error: Key error.)
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
    O16 - DPF: {55CEE8C1-6D7A-4711-A910-93FABAA992A9} http://www.fedex.com/downloads/woas/woas.CAB (Reg Error: Key error.)
    O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} https://lojackforlaptops.absolute.com/ctmweb/testoc.cab (Recovery ActiveX Control Module)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (Reg Error: Key error.)
    O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {8F2EACD9-51A6-4915-B9AD-2AA8657CB472} https://webpostage.stamps.com/webpostage/plugin/SdcWebClientServices.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Reg Error: Key error.)
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www1.pcpitstop.com/mhLbl.cab (Reg Error: Key error.)
    O16 - DPF: {A0CC33E0-9DF0-4361-A94D-E55C4008788F} http://biosagentplus.com/files/biosagentplus.cab (Reg Error: Key error.)
    O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab (IEAnimBehaviorFactory Class)
    O16 - DPF: {C1355F7F-DF8F-4131-BAF2-2F36DE80E4C3} https://mc1.embarqnow.net/applet/soundrec.cab (Reg Error: Key error.)
    O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics.lexmark.com/serval.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://camera2.thevillages.com/activex/AMC.cab (AxisMediaControlEmb Class)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Reg Error: Key error.)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://remote.stamps.com/dana-cached/sc/JuniperSetupClient.cab (Reg Error: Key error.)
    O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} http://www.iolo.com/app/ocx/UpgradeVerify.ocx (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.12 208.67.220.220 208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = harveypierce.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0221956-CA4F-4CAC-90E3-53A2EC034921}: DhcpNameServer = 192.168.1.12 208.67.220.220 208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0221956-CA4F-4CAC-90E3-53A2EC034921}: NameServer = 192.168.0.12,208.67.222.222,208.67.220.220,192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF117480-2B1B-419F-A2BB-944D7A9EE234}: DhcpNameServer = 192.168.1.12 208.67.220.220 208.67.222.222
    O18:64bit: - Protocol\Handler\belarc - No CLSID value found
    O18:64bit: - Protocol\Handler\HPDCS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\HPDCS {ba135f49-a12c-4e26-a2c4-6ea945999072} - C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll (Hewlett-Packard Company)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\759\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\759\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\ExplorerFrame.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - No CLSID value found.
    O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Waterfall.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Waterfall.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/02/29 14:50:36 | 000,000,079 | -H-- | M] () - K:\autorun.inf -- [ FAT ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: wave5 - serwvdrv.dll (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.pspgru - C:\Windows\SysWow64\PSPGRU.acm (Philips Austria GmbH - Speech Processing)
    Drivers32: MSVideo - C:\Windows\SysWow64\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\Windows\SysWow64\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: wave5 - C:\Windows\SysWow64\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
  18. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    Part 4 of OTL.TXT

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/29 11:32:24 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\harvey.HARVEYPIERCE0\Desktop\OTL.exe
    [2012/06/29 06:49:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/06/29 06:34:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/29 06:34:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/29 06:34:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/29 06:34:19 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/06/29 06:31:01 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/29 06:30:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/06/29 06:28:44 | 004,566,027 | R--- | C] (Swearware) -- C:\Users\harvey.HARVEYPIERCE0\Desktop\ComboFix.exe
    [2012/06/28 11:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delta Flight Schedules
    [2012/06/26 07:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PLAV
    [2012/06/26 07:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic Anti-Virus PLUS
    [2012/06/26 07:30:28 | 008,871,304 | ---- | C] (ParetoLogic Inc.) -- C:\Users\harvey.HARVEYPIERCE0\Desktop\Pareto_AV_Setup_RW.exe
    [2012/06/23 09:12:17 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/06/22 20:50:41 | 000,000,000 | ---D | C] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Malwarebytes
    [2012/06/22 20:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/06/22 20:50:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/22 20:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/06/22 20:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/06/19 20:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Gaaiho
    [2012/06/19 10:05:57 | 000,000,000 | ---D | C] -- C:\Users\harvey.HARVEYPIERCE0\Documents\PDF Favorites
    [2012/06/19 09:13:53 | 000,000,000 | ---D | C] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\gladinet
    [2012/06/19 09:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gaaiho
    [2012/06/19 09:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zeon
    [2012/06/19 09:04:57 | 000,000,000 | -H-D | C] -- C:\Gladinet
    [2012/06/19 09:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance Cloud Connector
    [2012/06/19 09:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PDF Converter Professional 8
    [2012/06/17 11:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DIRECTV2PC(TM)
    [2012/06/16 14:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
    [2012/06/14 20:41:05 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
    [2012/06/14 20:41:04 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
    [2012/06/14 20:41:04 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
    [2012/06/14 20:41:04 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
    [2012/06/14 20:41:04 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
    [2012/06/14 20:40:57 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
    [2012/06/14 20:40:55 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
    [2012/06/14 20:40:55 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
    [2012/06/14 20:40:55 | 001,247,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
    [2012/06/14 20:40:55 | 000,978,776 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
    [2012/06/14 20:40:55 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
    [2012/06/14 20:40:52 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
    [2012/06/14 20:40:52 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
    [2012/06/14 20:40:52 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
    [2012/06/14 20:40:52 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
    [2012/06/13 13:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
    [2012/06/11 05:53:55 | 000,000,000 | R--D | C] -- C:\Users\harvey.HARVEYPIERCE0\Dropbox
    [2012/06/11 05:51:48 | 000,000,000 | ---D | C] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    [2012/06/11 05:51:30 | 000,000,000 | ---D | C] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Dropbox
    [2012/06/10 06:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
    [2012/06/10 06:35:41 | 000,000,000 | ---D | C] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\WinZip
    [2012/06/10 06:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
    [2012/06/06 06:11:57 | 000,000,000 | ---D | C] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\B00A48D3-CC36-41AE-82E6-66DCDBDEC287
    [2012/06/05 07:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\Recover Keys
    [2012/06/03 13:23:40 | 000,000,000 | ---D | C] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\DIRECTV Player
    [2012/05/31 19:01:30 | 000,000,000 | ---D | C] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Motive
    [2012/05/31 19:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
    [2012/05/31 19:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
    [2012/05/31 18:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
    [2012/05/31 12:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
    [2012/05/31 12:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\{C243CCC8-5474-45FC-A546-7FBC284A692E}
    [2012/05/31 12:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
    [2012/05/31 12:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{80E49840-FEC9-4009-B2F2-83DD9B68A990}
    [2010/06/12 08:10:19 | 001,063,320 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\harvey.HARVEYPIERCE0\gotomypc_533.exe
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/06/29 12:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/29 12:09:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/29 11:32:24 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\harvey.HARVEYPIERCE0\Desktop\OTL.exe
    [2012/06/29 07:01:59 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/29 07:01:59 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/29 06:53:44 | 000,001,166 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FedEx Desktop.lnk
    [2012/06/29 06:49:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/29 06:49:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/06/29 06:49:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/29 06:48:58 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/29 06:48:17 | 000,274,854 | ---- | M] () -- C:\Windows\SysNative\RW_AppData.dat
    [2012/06/29 06:48:17 | 000,121,168 | ---- | M] () -- C:\Windows\SysNative\RW_FileType.dat
    [2012/06/29 06:48:17 | 000,002,296 | ---- | M] () -- C:\Windows\SysNative\RW_{19946526-6867-11DF-8646-806E6F6E6963}.dat
    [2012/06/29 06:48:17 | 000,001,904 | ---- | M] () -- C:\Windows\SysNative\RW_{82CB13F4-6E52-11DF-872D-002564F2904F}.dat
    [2012/06/29 06:48:17 | 000,000,720 | ---- | M] () -- C:\Windows\SysNative\RW_FileFlag.dat
    [2012/06/29 06:48:17 | 000,000,672 | ---- | M] () -- C:\Windows\SysNative\RW_{19946527-6867-11DF-8646-806E6F6E6963}.dat
    [2012/06/29 06:48:17 | 000,000,656 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{19946527-6867-11DF-8646-806E6F6E6963}.dat
    [2012/06/29 06:48:17 | 000,000,392 | ---- | M] () -- C:\Windows\SysNative\RW_{46BFBE89-140B-11E0-8937-002564F2904F}.dat
    [2012/06/29 06:48:17 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\RW_{A308052B-BD15-11E1-97FA-002564F2904F}.dat
    [2012/06/29 06:48:17 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{A308052B-BD15-11E1-97FA-002564F2904F}.dat
    [2012/06/29 06:48:17 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{82CB13F4-6E52-11DF-872D-002564F2904F}.dat
    [2012/06/29 06:48:17 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{46BFBE89-140B-11E0-8937-002564F2904F}.dat
    [2012/06/29 06:48:17 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{19946526-6867-11DF-8646-806E6F6E6963}.dat
    [2012/06/29 06:28:45 | 004,566,027 | R--- | M] (Swearware) -- C:\Users\harvey.HARVEYPIERCE0\Desktop\ComboFix.exe
    [2012/06/29 06:20:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2012/06/28 12:22:04 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2012/06/28 11:58:42 | 000,001,796 | ---- | M] () -- C:\Users\Public\Desktop\Delta Flight Schedules.lnk
    [2012/06/28 10:38:25 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2012/06/28 10:38:24 | 000,001,629 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\Desktop\DivX Movies.lnk
    [2012/06/28 10:37:53 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2012/06/26 14:51:25 | 000,000,036 | -H-- | M] () -- C:\Windows\SysWow64\f9t.dat
    [2012/06/26 07:40:06 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
    [2012/06/26 07:40:06 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
    [2012/06/26 07:30:28 | 008,871,304 | ---- | M] (ParetoLogic Inc.) -- C:\Users\harvey.HARVEYPIERCE0\Desktop\Pareto_AV_Setup_RW.exe
    [2012/06/23 09:13:49 | 000,863,736 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/23 09:13:49 | 000,719,306 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/23 09:13:49 | 000,144,306 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/22 20:50:35 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/19 09:11:09 | 002,702,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/19 09:05:43 | 000,001,249 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gaaiho Collaboration.lnk
    [2012/06/19 09:04:55 | 000,002,195 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nuance Cloud Connector.lnk
    [2012/06/19 09:04:54 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Nuance Cloud Connector.lnk
    [2012/06/18 12:19:14 | 000,038,912 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\Documents\Davis Spline.zdl
    [2012/06/18 11:21:57 | 000,014,848 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\Documents\RJ Spline 3 in.zdl
    [2012/06/18 11:19:46 | 000,020,992 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\Documents\RJ Spline 4 in.zdl
    [2012/06/17 11:03:36 | 003,507,776 | ---- | M] ( ) -- C:\Users\harvey.HARVEYPIERCE0\Documents\DIRECTV.v5618_CyberLink_DMS090512-03.exe
    [2012/06/17 11:01:07 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\DIRECTV2PC(TM).lnk
    [2012/06/17 10:38:28 | 000,001,144 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
    [2012/06/16 14:49:06 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
    [2012/06/13 11:31:56 | 000,004,758 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\SAS7_000.DAT
    [2012/06/13 11:13:52 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/06/11 05:53:55 | 000,001,059 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\Desktop\Dropbox.lnk
    [2012/06/11 05:51:53 | 000,001,069 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/06/10 15:29:07 | 000,002,373 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\Application Data\Microsoft\Internet Explorer\Quick Launch\WinZip System Utilities Suite.lnk
    [2012/06/06 06:11:37 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
    [2012/06/04 05:54:40 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/06/02 06:30:44 | 000,001,464 | ---- | M] () -- C:\Users\harvey.HARVEYPIERCE0\Desktop\GoToAssist Expert.lnk
    [2012/05/31 14:16:30 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk
    [2012/05/31 12:28:57 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Stamps.com.lnk
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/06/29 06:34:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/29 06:34:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/29 06:34:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/29 06:34:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/29 06:34:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/29 06:15:11 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\RW_{A308052B-BD15-11E1-97FA-002564F2904F}.dat
    [2012/06/29 06:15:11 | 000,000,016 | ---- | C] () -- C:\Windows\SysNative\EvGr_Data{A308052B-BD15-11E1-97FA-002564F2904F}.dat
    [2012/06/26 07:40:06 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
    [2012/06/26 07:40:06 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
    [2012/06/22 20:50:35 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/19 09:05:43 | 000,001,249 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gaaiho Collaboration.lnk
    [2012/06/19 09:04:55 | 000,002,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nuance Cloud Connector.lnk
    [2012/06/19 09:04:54 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\Nuance Cloud Connector.lnk
    [2012/06/18 12:19:14 | 000,038,912 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\Documents\Davis Spline.zdl
    [2012/06/18 11:12:36 | 000,020,992 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\Documents\RJ Spline 4 in.zdl
    [2012/06/18 11:00:27 | 000,014,848 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\Documents\RJ Spline 3 in.zdl
    [2012/06/17 11:03:26 | 003,507,776 | ---- | C] ( ) -- C:\Users\harvey.HARVEYPIERCE0\Documents\DIRECTV.v5618_CyberLink_DMS090512-03.exe
    [2012/06/17 11:01:07 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\DIRECTV2PC(TM).lnk
    [2012/06/14 20:40:56 | 000,272,629 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
    [2012/06/11 05:53:55 | 000,001,059 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\Desktop\Dropbox.lnk
    [2012/06/11 05:51:53 | 000,001,069 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/06/04 05:54:40 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/05/31 12:28:57 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Stamps.com.lnk
    [2012/04/16 12:42:35 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
    [2012/04/16 11:13:30 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2012/01/24 07:05:01 | 000,288,961 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\UNDO_5
    [2012/01/24 07:04:18 | 000,288,961 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\UNDO_4
    [2012/01/24 07:04:12 | 000,144,755 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\UNDO_3
    [2012/01/24 07:03:51 | 000,000,549 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\UNDO_2
    [2012/01/24 07:03:46 | 000,000,549 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\UNDO_1
    [2012/01/24 07:03:13 | 000,000,175 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\UNDO_0
    [2011/11/10 21:45:16 | 000,102,912 | ---- | C] () -- C:\Windows\agent_x64.exe
    [2011/09/26 20:01:02 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
    [2011/09/13 06:00:31 | 000,000,075 | RHS- | C] () -- C:\Windows\FFSSET.BIN
    [2011/09/13 06:00:29 | 000,000,083 | ---- | C] () -- C:\Windows\{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}.ini
    [2011/09/13 06:00:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}.ini
    [2011/09/10 07:26:51 | 000,000,117 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/09/05 20:30:32 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2011/07/22 18:32:34 | 000,034,326 | ---- | C] () -- C:\Windows\MAXLINK.INI
    [2011/07/05 06:20:50 | 000,000,000 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Local\rx_image32.Cache
    [2011/07/02 20:31:16 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\APCSnmp.dll
    [2011/06/27 07:40:38 | 000,247,624 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
    [2011/06/27 07:40:38 | 000,089,416 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
    [2011/06/27 07:40:38 | 000,059,208 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
    [2011/06/15 10:37:51 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2011/06/14 07:16:16 | 000,361,716 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/04/19 10:47:39 | 000,081,579 | ---- | C] () -- C:\Windows\SysWow64\epfwdata.bin
    [2011/04/19 08:58:55 | 000,000,200 | ---- | C] () -- C:\Windows\wsnk.ini
    [2011/03/12 10:54:44 | 000,433,167 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\UNDO_15
    [2011/03/12 10:54:02 | 000,432,793 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\UNDO_14
    [2011/03/12 10:53:15 | 000,288,961 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\UNDO_13
    [2011/03/12 10:53:07 | 000,288,961 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\UNDO_12
    [2011/03/12 10:53:05 | 000,288,961 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\UNDO_11
    [2011/03/12 10:53:03 | 000,288,961 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\UNDO_10
    [2011/03/12 10:53:02 | 000,288,961 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\UNDO_9
    [2011/03/12 10:52:30 | 000,288,961 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\UNDO_8
    [2011/03/12 10:51:44 | 000,288,961 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\UNDO_7
    [2011/03/12 10:51:36 | 000,288,961 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\UNDO_6
    [2011/03/10 21:16:11 | 000,000,160 | ---- | C] () -- C:\Windows\{9A5F1282-D6F8-4F04-B73E-D9286924E9AC}.ini
    [2011/03/10 21:16:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\{9A5F1282-D6F8-4F04-B73E-D9286924E9AC}.ini
    [2011/02/15 11:04:59 | 000,124,264 | ---- | C] () -- C:\Windows\SysWow64\mp3dec.dll
    [2011/02/15 11:04:59 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\dsp_trc.dll
    [2011/02/15 11:04:59 | 000,010,600 | ---- | C] () -- C:\Windows\SysWow64\IcdSptSvps.dll
    [2010/08/31 21:45:44 | 000,004,758 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\SAS7_000.DAT
    [2010/08/29 15:20:05 | 000,000,635 | ---- | C] () -- C:\Windows\WININIT.INI
    [2010/06/08 21:40:45 | 000,022,857 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2010/06/01 07:36:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/05/31 12:30:04 | 000,009,400 | ---- | C] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\DiscPainter.ini
    [2010/05/29 18:35:33 | 000,002,958 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/12/12 14:43:16 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
    [2008/04/27 19:32:05 | 000,050,882 | ---- | C] () -- C:\ProgramData\lxdo
    [2008/02/17 12:45:17 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat

    ========== LOP Check ==========

    [2010/06/02 10:14:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LinkManager 4.0
    [2010/06/02 10:14:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Online Backup
    [2010/06/02 09:29:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spearit
    [2010/06/02 09:29:50 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Spearit
    [2010/06/02 09:29:50 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Spearit
    [2010/05/30 07:35:51 | 000,000,000 | ---D | M] -- C:\Users\Harvey\AppData\Roaming\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
    [2011/11/08 13:00:04 | 000,000,000 | ---D | M] -- C:\Users\Harvey\AppData\Roaming\ESET
    [2011/11/08 12:59:59 | 000,000,000 | ---D | M] -- C:\Users\Harvey\AppData\Roaming\Garmin
    [2010/05/30 06:38:00 | 000,000,000 | ---D | M] -- C:\Users\Harvey\AppData\Roaming\GoodSync
    [2010/06/06 06:51:24 | 000,000,000 | ---D | M] -- C:\Users\Harvey\AppData\Roaming\iolo
    [2010/06/02 10:14:42 | 000,000,000 | ---D | M] -- C:\Users\Harvey\AppData\Roaming\LinkManager 4.0
    [2010/06/02 10:14:42 | 000,000,000 | ---D | M] -- C:\Users\Harvey\AppData\Roaming\Nuance
    [2010/06/02 10:14:42 | 000,000,000 | ---D | M] -- C:\Users\Harvey\AppData\Roaming\Online Backup
    [2011/11/08 12:59:59 | 000,000,000 | ---D | M] -- C:\Users\Harvey\AppData\Roaming\OpenDNS Updater
    [2010/06/02 12:02:55 | 000,000,000 | ---D | M] -- C:\Users\Harvey\AppData\Roaming\Pantone
    [2010/05/30 05:53:06 | 000,000,000 | ---D | M] -- C:\Users\Harvey\AppData\Roaming\Simple Star
    [2011/11/08 13:03:07 | 000,000,000 | ---D | M] -- C:\Users\Harvey\AppData\Roaming\SolidDocuments
    [2010/06/02 09:29:50 | 000,000,000 | ---D | M] -- C:\Users\Harvey\AppData\Roaming\Spearit
    [2010/06/02 12:03:04 | 000,000,000 | ---D | M] -- C:\Users\Harvey\AppData\Roaming\Visioneer
    [2011/09/30 07:00:12 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\.oit
    [2011/02/09 10:44:11 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\4AD33C29-B63D-43C6-A5B3-F3764A532288
    [2011/10/29 08:17:36 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\4FEEC412-3CD7-4D86-B76B-6B814C6CBB47
    [2011/02/12 20:15:25 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\5EC01B14-BCD2-4559-9809-7E17F3219A18
    [2012/03/11 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\86AB73A6-33CB-4C6E-8294-1BDC976FB24C
    [2012/03/11 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\A38F2500-1FD5-422B-B526-A71CB4DA097B
    [2010/08/22 19:44:46 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\acccore
    [2011/02/09 10:59:16 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Acronis
    [2011/07/02 21:09:00 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\APC
    [2010/12/09 09:13:54 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Avery
    [2012/06/06 06:11:57 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\B00A48D3-CC36-41AE-82E6-66DCDBDEC287
    [2011/04/01 06:50:21 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\BIAS
    [2010/05/30 12:25:58 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
    [2012/03/01 20:59:04 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\com.doxo.desktop
    [2010/07/06 14:41:55 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\DeLorme
    [2012/01/06 11:47:21 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Digiarty
    [2012/06/29 07:27:55 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Dropbox
    [2011/04/24 11:14:10 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\eBay
    [2010/11/23 08:59:21 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\ESET
    [2011/02/12 20:15:25 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\FE6EFA10-ADB8-403C-8279-DEF65235406B
    [2012/06/29 12:42:10 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\FedEx
    [2010/05/30 14:25:39 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\FedExDesktop.026F9BDCA0F141E500950436A5D33181EE6B8EF5.1
    [2010/10/31 06:22:18 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\FormTool 7
    [2010/12/27 07:35:44 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
    [2011/11/11 08:55:39 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\GARMIN
    [2012/03/04 07:42:15 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\GoodSync
    [2010/07/07 12:15:05 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\IMSIDesign
    [2010/06/04 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\iolo
    [2010/06/10 12:14:11 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Juniper Networks
    [2010/05/31 13:07:36 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\LinkManager 4.0
    [2011/09/26 21:47:52 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\MioNetApplet
    [2011/06/07 20:26:29 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Neat
    [2012/06/19 09:19:52 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Nuance
    [2011/04/07 15:04:04 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\OneTouch 4.0
    [2011/04/14 19:32:29 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\OpenDNS Updater
    [2010/05/31 19:35:15 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Pantone
    [2012/04/16 11:54:00 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\PC Cleaners
    [2011/05/24 16:02:19 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\PCDr
    [2012/04/16 11:54:02 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\PCPro
    [2011/01/09 12:54:47 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\RoboForm
    [2011/03/10 21:59:58 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Simple Star
    [2012/01/15 15:28:57 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\SolidDocuments
    [2010/06/02 09:29:49 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Spearit
    [2012/05/31 12:29:08 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Stamps.com Internet Postage
    [2010/12/31 09:29:41 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Systweak
    [2010/05/31 13:07:35 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Visioneer
    [2011/09/27 05:51:57 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\WD
    [2011/02/03 15:18:11 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\webex
    [2011/09/18 08:10:12 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\WinZip
    [2011/10/20 12:55:27 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Xilisoft
    [2012/06/19 09:07:59 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Zeon
    [2012/06/28 12:22:04 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2012/03/15 11:38:34 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/06/29 06:20:01 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012/01/11 16:38:40 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
    [2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2007/10/26 02:40:15 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2008/11/04 10:12:13 | 000,001,274 | ---- | M] () -- C:\certreq.txt
    [2012/06/17 11:03:56 | 000,000,602 | ---- | M] () -- C:\CLDTCPIPLib.log
    [2012/06/29 07:00:25 | 000,051,801 | ---- | M] () -- C:\ComboFix.txt
    [2011/03/10 20:07:39 | 000,003,776 | ---- | M] () -- C:\config.xml
    [2007/05/27 10:21:29 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
    [2010/05/25 22:31:19 | 000,004,746 | RH-- | M] () -- C:\dell.sdr
    [2010/03/28 21:42:28 | 000,000,263 | ---- | M] () -- C:\Exchange Cert scripts.txt
    [2009/06/18 13:11:11 | 000,001,610 | ---- | M] () -- C:\exchange-1_harveypierce_com.csr
    [2009/06/16 20:11:43 | 000,000,311 | ---- | M] () -- C:\faxend.log
    [2009/06/16 20:11:43 | 000,000,162 | ---- | M] () -- C:\faxendPdoc.log
    [2009/06/16 20:11:42 | 000,000,247 | ---- | M] () -- C:\faxfile.log
    [2010/03/29 16:48:35 | 000,003,937 | ---- | M] () -- C:\harveypierce.com.zip
    [2009/06/18 13:10:11 | 000,000,314 | ---- | M] () -- C:\harveypierce.txt
    [2010/03/29 17:02:24 | 000,003,937 | ---- | M] () -- C:\harveypierce3081.com.zip
    [2010/03/29 17:04:22 | 000,003,937 | ---- | M] () -- C:\harveypierce8302.com.zip
    [2012/06/29 06:48:58 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
    [2011/04/23 10:55:24 | 000,000,755 | ---- | M] () -- C:\InstallHelper.log
    [2012/04/10 05:45:21 | 000,001,630 | -H-- | M] () -- C:\IPH.PH
    [2009/04/24 09:31:12 | 000,000,482 | ---- | M] () -- C:\lxdo.log
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2011/06/01 15:30:19 | 000,066,508 | ---- | M] () -- C:\MSXML.log
    [2012/06/29 06:49:04 | 4252,057,599 | -HS- | M] () -- C:\pagefile.sys
    [2009/09/23 10:16:27 | 000,000,240 | ---- | M] () -- C:\SPCSqmDataReview.dat
    [2007/05/22 05:06:40 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
    [2009/02/18 09:11:14 | 000,000,362 | ---- | M] () -- C:\UserChoice.reg
    [2009/12/02 07:04:33 | 000,056,680 | ---- | M] () -- C:\usrdata.enc
    [2010/05/25 20:09:58 | 001,376,742 | ---- | M] () -- C:\vcredist_x86.log
    [2010/05/28 19:51:35 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
    [2010/03/28 18:51:35 | 000,032,800 | ---- | M] () -- C:\WRT610NV1_v1.00.03.cfg

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
    [2011/04/06 16:09:21 | 000,102,091 | RHS- | M] () -- C:\Program Files (x86)\DLS8Uninstall.log

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/06/15 11:45:59 | 000,000,221 | -HS- | M] () -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/06/29 06:28:45 | 004,566,027 | R--- | M] (Swearware) -- C:\Users\harvey.HARVEYPIERCE0\Desktop\ComboFix.exe
    [2012/06/29 11:32:24 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\harvey.HARVEYPIERCE0\Desktop\OTL.exe
    [2012/06/26 07:30:28 | 008,871,304 | ---- | M] (ParetoLogic Inc.) -- C:\Users\harvey.HARVEYPIERCE0\Desktop\Pareto_AV_Setup_RW.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/29 12:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/29 06:49:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/29 12:09:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/28 12:22:04 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2012/06/29 06:49:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/03/15 11:38:34 | 000,032,544 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
    [2012/06/29 06:20:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >
    [2010/06/12 08:10:23 | 001,063,320 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\harvey.HARVEYPIERCE0\gotomypc_533.exe

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2012/06/28 21:46:29 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2012/06/28 21:46:29 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2012/04/30 00:25:34 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb00006.log
    [2010/05/31 21:28:31 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2010/05/31 21:28:31 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/16 04:29:53 | 000,000,402 | -HS- | M] () -- C:\Users\harvey.HARVEYPIERCE0\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2009/12/12 14:43:20 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
    [2011/10/22 13:46:08 | 000,021,246 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2009/09/12 08:22:55 | 000,050,882 | ---- | M] () -- C:\ProgramData\lxdo
    [2009/04/11 11:49:20 | 000,000,071 | ---- | M] () -- C:\ProgramData\lxdo.log
    [2011/09/05 20:33:28 | 000,000,614 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2010/06/06 08:42:30 | 000,002,958 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >
  19. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    Part 5 of OTL.TXT

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Yul Bryner.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Wyatt Waking UP.ASF:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Windows Server 2008 RC0 Product Key.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\wife_s_school.wmv:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Water_Bill.wmv:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Village Sun Ck.bmp:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Vacation 2008 FL.iso:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\TurboCAD 9-3.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\TurboCAD 9-2.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\TurboCAD 9-1.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Trail Band.jwl:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Terry's 460.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Terry Swimsuit.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Terry Stew.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Terry Pumpkin.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Strip_Poker.wmv:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\sitting.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\server_vm_manual.pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Sean & Jeff.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\SeaLion pup.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\scan0004.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\scan0003.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\scan0002.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\scan0001.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Sarah-@-1month.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Sarah.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Santa 06.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Santa 05.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Sample - Toddler's Picture.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\RobinaHood.wmv:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\QHIM-7.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\PILOTGUNS.mpeg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\pilot.mp3:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Pierce Family.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\picture clipping.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Pete & Crickett.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Patsy & Jim.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\PapaBill2.wmv:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Pacific Explorer 2003.mov.tif:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Nursery.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\NTSBPicturesHillaryClintoncrash.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\MS Vista SP1.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\max.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Marks Grad College.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Mark Port.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Mark Grad.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Mark & Billie.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\m&B5x5.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\linksys 54x key.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Truck Stop.mp4:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Truck Stop.mp3:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Sweet 'N Sassy.mp4:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Sweet 'N Sassy.mp3:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Rock Me Back to Little Rock.mp4:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Rock Me Back to Little Rock.mp3:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Raindrops Keep Fallin' on my Head.mp4:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Raindrops Keep Fallin' on my Head.mp3:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - My Elusive Dreams.mp4:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - My Elusive Dreams.mp3:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Leaving on a Jet Plane.mp4:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Leaving on a Jet Plane.mp3:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Freight Train.mp4:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Freight Train.mp3:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Everybody's Talkin'.mp4:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Everybody's Talkin'.mp3:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Easy Come, Easy Go.mp4:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Easy Come, Easy Go.mp3:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Easy Come, Easy Go.m3u:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Early in the Morning.mp4:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Early in the Morning.mp3:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Can't Help Falling in Love.mp4:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Can't Help Falling in Love.mp3:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lauren2.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lauren1.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy Sundress.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy Port.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy Drama.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy 5th grade.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy & Kelsey.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy & Kam Ballet.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy - Tulips.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\kam's arrival.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\KamKing2.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam Woodward.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam Woodward Grad.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam Placement.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam MD Card.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam King Pgm.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam King 2.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam King 1.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam Drama.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\kam and max1.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\kam and max.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\K&K Hawaii 89.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Jeffries, Sharon (20050630115948390) 20050630122023625.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Jeffries, Sharon (20050630115948390) 20050630121424093.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\January 2007 027.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\January 2007 025.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\January 2007 019.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\January 2007 011.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\January 2007 008.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\January 2007 006.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Iraqi Clipping.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1763.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1762.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1761.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1760.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1759.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1758.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1757.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP0480.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP0479.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP0478.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP0477.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_1962.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_1956.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_1951.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_1936.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_1917.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_1911.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_0050.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_0049.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Horrorbride25Jan03.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\High-Chair.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\giggling.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\February 2007 002.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Family in Tulips.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Exch error 1.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\duckair.mpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Dscn0010.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Dscn0008.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\dogskating.wmv:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\DepartmentofHealth1.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\deltaebonics[1].wav:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Deck Plan.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 110.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 080.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 064.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 057.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 054.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 035.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 020.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 017.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 016.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 9.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 8.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 7.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 6.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 5.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 4.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 3.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 2.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 10.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 1.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Crib.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Copy of DSCN0054.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Colo-rectalSurgeonwhit.wav:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Christopher0.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Christopher.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Christopher Easter.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Christopher 1.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cat Door_1.MPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\BRUNSWICK STEW.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 024.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 023b.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 023a.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 023.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 021.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 018.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 015.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 014.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 012.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 009.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 007.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\AmyPopsTerry.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Amy & Christopher.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\album4.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Adoption Papers.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Accessories Order Form.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\70425006.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\407terry med.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\31 Dec 00.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\3 kids.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\11-10-05_1522.jpg:Roxio EMC Stream
    @Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:AEC0AC81
    @Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:0FF263E8
    @Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:FD9CE1F3
    @Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:01C66DD9
    @Alternate Data Stream - 182 bytes -> C:\ProgramData\Temp:0B9FB94D
    @Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:C6070AC3
    @Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:F35A93AD
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:652E33DB
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:9E7821E2
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:19F783D8
    < End of report >
  20. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    Part 1 of EXTRA.TXT



    OTL Extras logfile created on: 6/29/2012 12:38:33 PM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\harvey.HARVEYPIERCE0\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.96 Gb Total Physical Memory | 3.66 Gb Available Physical Memory | 45.97% Memory free
    15.92 Gb Paging File | 11.37 Gb Available in Paging File | 71.43% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 587.01 Gb Total Space | 200.42 Gb Free Space | 34.14% Space Free | Partition Type: NTFS
    Drive J: | 14.90 Gb Total Space | 9.62 Gb Free Space | 64.53% Space Free | Partition Type: FAT32
    Drive K: | 1.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: FAT
    Drive L: | 30.25 Gb Total Space | 30.24 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
    Drive N: | 587.01 Gb Total Space | 200.42 Gb Free Space | 34.14% Space Free | Partition Type: FAT

    Computer Name: STUDIOXPS | User Name: harvey | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0515B971-07BA-4AA5-8104-C162C662CDC0}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{335FA743-5B2F-40B8-BE63-9086DC687557}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D8CF826E-5665-409E-81E7-132BCDB2DF7F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
    "{DAAB8E9C-F204-4491-9197-49B516347BAD}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{4D2F98FA-CF7A-4183-AB03-00EBE4A3145E}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "TCP Query User{BD8B2097-F64F-42C9-A125-4D351E39941C}C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe |
    "UDP Query User{7A895301-AEA0-4F79-98B8-B07D852D8EC6}C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe |
    "UDP Query User{C39D02D4-8ACE-492B-B3F2-9A5A93E09F66}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{0323E2ED-1E66-4EB3-AF95-6CD66FE22719}" = TouchScreenTools
    "{0517F875-BBB2-4812-A63E-733B33CEF215}" = Roxio System Rollback
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0C73080B-A6CF-4795-B917-75095FC1BA23}" = DYMO DiscPainter
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{237E305C-B625-466A-88CE-1E121BF4FDB1}" = Send To Neat
    "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
    "{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
    "{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
    "{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)
    "{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}" = PaperPort Anywhere 1.1.4269.39023 powered by OfficeDrop
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5F2ACEFD-27E7-4CC1-BA92-1BF612649413}" = Diskeeper 2011
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6F801026-6AF0-4520-9153-4C9B4CAAB361}" = HP LaserJet P2050 Series 6.0
    "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
    "{7EA2D88A-C8B7-4102-8644-0A437B6FC143}" = Neat Mobile Scanner Driver
    "{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}" = Neat ADF Scanner 2008 Driver
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}" = Neat ADF Scanner Driver
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
    "{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}" = Neat Mobile Scanner (Silver) Driver
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D7C307E7-96A7-4BEE-ACF8-D795007E7C16}" = 64 Bit HP CIO Components Installer
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
    "{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}" = Neat Mobile Scanner 2008 Driver
    "{E645E501-5E3D-4DA2-9A47-BDC0C8A74336}" = Nuance PDF Converter Professional 8
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F7274D82-C857-4C20-AB1A-D701D64BFD90}" = ESET Smart Security
    "{F86D9734-D358-4C5B-BC2B-6D90557FF05B}" = HP Officejet Pro 8500 A909 Series
    "0DE4E732DF869019B6E2A6163BBD33296CB77D93" = Windows Driver Package - Broadcom (k57nd60a) Net (05/10/2011 14.8.0.5)
    "2A4E9D6EC744A01BCB9400D5787DE45123764DE8" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/18/2011 6.0.1.6482)
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "66A129BB411C95940270753202E51BC35C0DB0D2" = Windows Driver Package - Intel(R) Corporation (IntcDAud) MEDIA (08/23/2011 6.14.00.3086)
    "7A3873EEB4807FBDE9271D1C3DA50F100D5B8A7D" = Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02)
    "88CB7AA478955801F99FBF6D2BCF739BEB87A7F3" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (03/27/2012 6.0.1.6602)
    "890C043ACD460E71DEA497811D5B5FEEA1938DBC" = Windows Driver Package - Intel(R) Corporation (IntcDAud) MEDIA (10/15/2010 6.14.00.3074)
    "A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)
    "C6554C9DFBD939292E343034D2836B952A9D4B66" = Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02)
    "CNXT_MODEM_PCI_HSF" = PCI SoftV92 Modem
    "Dell Support Center" = Dell Support Center
    "FA4601809F7D1B1385FEB4BE26FF5ECD1D44149F" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/13/2011 6.0.1.6526)
    "HP Document Manager" = HP Document Manager 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "HPOCR" = OCR Software by I.R.I.S. 14.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "NVIDIA Drivers" = NVIDIA Drivers
    "PremElem100" = Adobe Premiere Elements 10
    "Recover Keys_is1" = Recover Keys
    "Shop for HP Supplies" = Shop for HP Supplies
    "WinX DVD Copy Pro_is1" = WinX DVD Copy Pro 3.4.3

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
    "{01B57E35-BD7B-4AF0-A73F-DFC2E5EA91DF}" = CR1-Beech18
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Dell TouchCam
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{082A3F93-B14D-49A3-8CFC-9B49A2B7E378}" = TurboCAD Symbols
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
    "{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
    "{0F86FD09-BA63-4E45-A70B-604C1106C2F2}" = PowerChute Business Edition Console
    "{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
    "{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{15210C5B-9E04-4BF7-B019-AE958F238333}" = Roxio Easy VHS to DVD
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
    "{1956e9f5-6f4b-4fc3-b6f4-5869d06d95e9}" = Actron Scanning Suite
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1978BDCF-E266-480F-9D91-B2971C464C30}" = SolidCapture
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1A22A15D-E88A-427A-90E2-137245143239}" = Garmin Lifetime Updater
    "{1B868720-ED88-4531-8892-3A35A76E48FE}" = TurboTax 2010 wfliper
    "{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
    "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{293B2D75-5735-4DFE-8642-F0EDEE9EB064}" = TurboTax 2010 wgaiper
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (COMPASS20)
    "{2B682751-E749-441C-A4B3-1F538E26E56E}" = Roxio System Rollback Recovery Disk
    "{2C63272C-32B8-4664-B8E8-58EF628612DD}" = FormTool 7
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
    "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "{302763FD-5CEA-4DFF-80C8-9B41414C4822}" = Roxio CinePlayer
    "{32D91AAF-5073-4A14-928A-A1289A3C7B98}" = TURBOFloorPlan3D Home & Landscape PRO
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{38F48AED-66D8-464C-993E-C7296C7A199B}" = Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
    "{3A1B43F9-48D2-4B86-B792-0A4FC4163005}" = Gaaiho Collaboration
    "{3A9527CF-4E91-4683-A03F-F1AD022126E5}" = DirectX 9 Runtime
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3CC19F30-6722-432D-8D76-81BD01212586}" = 8500A909n
    "{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{41915A51-6F92-4F0E-87C4-8178785B96CC}" = HP Printer Settings Tools
    "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
    "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
    "{44B23220-E68E-4FBC-B02C-1A89AC0C8C5F}" = Roxio CinePlayer Decoder Pack
    "{44B2869B-EADD-4FC8-A740-E78E1A3256BA}" = Xerox DocuMate 152 Driver
    "{45411273-7307-4F9D-BCAF-7E5ED0A36050}" = Garmin Lifetime Updater
    "{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4E5FDDEE-30DF-4E4F-BF77-4D7DB4B51B9E}" = HP Smart Print 1.0.2.0
    "{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe Update
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{4F9F49B9-DCE9-E38E-1AC9-ABE838E38E11}" = FedEx Desktop
    "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
    "{596ECF31-381D-406D-9C22-6B805C3D7A8F}" = TurboTax 2011 wgaiper
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
    "{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
    "{6146C092-B34E-4C9E-ADDB-1BEB8D20A6E5}" = Network Recording Player
    "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{68131B0A-D78D-4aed-B74E-33A6C7324E50}" = WD Anywhere Backup
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69754D89-C21E-4851-83C0-399DE63C6579}" = 8500A909_Help
    "{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6A5D1A94-624A-4D20-B178-3A283B500370}" = Adobe Setup
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}" = Garmin WebUpdater
    "{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
    "{6D3BD056-5434-4473-A995-01965DEF1786}" = Nuance PaperPort 14
    "{6F50C41C-6CFB-49E1-AF91-E1AACDE24FBA}" = Garmin City Navigator North America NT 2012.30 Update
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack
    "{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
    "{73370408-B80E-4509-B9AF-957E2E0F512F}_is1" = WinZip System Utilities Suite
    "{73568F76-7A37-9DB4-73B1-11DCF1A2FC52}" = FOX News Live Stream
    "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77CDA026-3860-4C95-8233-34F3CEF121FB}" = Roxio Creator 2012 Pro
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
    "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7DE6882A-BD17-4C55-8E8E-D03E2052CA27}" = DeLorme Phone Data 2010
    "{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
    "{7E576E0C-9609-4237-880F-6424DD70AC1A}" = TurboCAD Professional 17
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
    "{836D5E9B-6D1E-4AFF-9329-5B9CB29A73C6}" = ArcSoft Print Creations
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
    "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
    "{89B6F63A-7E0C-424A-9D39-C4EF59E96D78}" = hppQFolderP2050
    "{8A7D3D20-49DA-4ebd-9E76-3860850DE702}_is1" = Advanced Driver Updater
    "{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM
    "{8B784DB3-2DBF-4660-863C-CAD974C047C7}" = hppusgP2050
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{90849E84-F026-4638-A184-E6FCFD472C34}" = Brother P-touch Software
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
    "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
    "{92A70E71-4F0E-4C05-A777-16424E89F162}" = Garmin Communicator Plugin with myGarmin Agent
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn - Secure
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{99432E4C-1189-4887-9D75-DAA796015FFD}" = Neat Core Files
    "{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer
    "{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
    "{A1E21995-127E-4B7F-8C4D-CB04AA8A58EF}_is1" = Advanced System Optimizer
    "{A1E98303-102A-46FB-A2D0-3838C3F64DF2}" = Core Communication Components
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A6491A4A-AAA0-4892-BFEF-ECD6CECE2FF3}" = PowerChute Business Edition Server
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA9CCE14-D83E-4d12-9C1A-79EF7EBA4175}" = HP Smart Print 1.0.9.0
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAB42DD0-9551-4E30-A3E4-F87D4A4E1C52}" = Roxio Creator 2012 Pro
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
    "{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-1033-0000-7760-000000000005}" = Adobe Acrobat X Pro
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
    "{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12
    "{AE32C9D5-0C89-435D-BA9F-2C84484FCCD7}" = Nuance Cloud Connector
    "{AEEB3643-71DE-414d-9E3F-1159177FE211}" = Office Animation Runtime
    "{AF8B1525-17EF-4D2E-A018-8D79CE260BA8}" = OneTouch 4.6
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{B1DD6EFC-ED7C-42D5-85D9-8C8C4B09AC5E}" = BIAS SoundSaver
    "{B232BB05-F567-4D68-9836-67421F6CAC2B}" = 1stPricing
    "{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
    "{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
    "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
    "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
    "{BCE9F441-9027-4911-82E0-5FB28057897D}" = PowerChute Business Edition Agent
    "{BD3EAE4D-862D-4D41-8BB5-F5C2CFFE6022}" = Roxio BackOnTrackPE
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BE0CD30D-69A6-4B3A-857D-218C2C32E912}" = Acronis True Image Home 2012
    "{BE0CD30D-69A6-4B3A-857D-218C2C32E912}Visible" = Acronis True Image Home 2012
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
    "{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}" = Roxio CinePlayer
    "{C0990649-FEC2-423A-8F37-A8952404E6CD}" = Roxio Easy VHS to DVD
    "{C0A8F64F-36C8-489F-B813-90D60B541D1E}" = Device Data Communication Components
    "{C347D234-93D8-4595-BDAA-C04638B23B48}" = Adobe Creative Suite 3 Web Premium
    "{C505742A-0F8E-467B-8763-31588A777BC2}" = Garmin City Navigator North America NT 2011.30 Update
    "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
    "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
  21. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    Part 2 of EXTRA.TXT

    "{C6270F59-57C0-4924-B5EB-E79616B5590F}" = Garmin City Navigator North America NT 2011.40 Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}" = WinZip Courier
    "{CDE9C04A-7F8B-40A8-A4A5-875E228254A6}" = Roxio Creator Content 2012
    "{CE4C9170-F517-42EB-A5CB-F16DE610315A}" = Stamps.com Application Support for Microsoft Outlook 2000-2010
    "{CE86D656-C887-4EF1-B2D7-2A1075435964}" = Face Filter
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D23111E1-FF38-44A5-BA9B-05C1FD38F883}" = Compass 2.0
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D5842AC3-59C7-4DDD-BB33-54FE544DB3DA}" = Operating System Communication Components
    "{D61C1058-EDC7-48D0-85B2-B322BE385059}" = Stamps.com Address Book Support for Microsoft Outlook 97-2010
    "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
    "{D83A2A9F-30A8-4DED-FCC7-6F30939B1334}" = doxo Desktop
    "{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
    "{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000-2010
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{DBF0A096-6EE7-488E-8C04-2536C7B3F120}" = Dell Touch Zone
    "{DC5E76D8-EED5-4E23-8FCF-D5C9D9DC5AA9}" = Drawing Compare
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE2E1909-12C2-4249-8003-7978BEA3A14F}" = Garmin City Navigator North America NT 2013.10 Update
    "{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E645E501-5E3D-4DA2-9A47-BDC0C8A74336}" = Nuance PDF Converter Professional 8
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}" = DIRECTV2PC(TM)
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ECB904FE-CB4D-40A4-A884-E278410F0CE1}" = HP Printer Usage Report
    "{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
    "{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
    "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F3561AD8-BDB2-467F-BB03-69B3890BEC36}" = DeLorme Street Atlas USA 2010 Plus
    "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
    "{F53529E7-07B1-409A-ACE0-3910D2338D12}" = Roxio Creator 2012 Pro
    "{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio 2
    "{F6BA8EF2-A9F8-45B7-BD59-0A15DA9F7D68}" = Omron Health Management Software
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "{FAE74C2C-298A-41BA-8BDB-F5A005F93278}" = Roxio Express Labeler
    "{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}" = DesignPro 5
    "{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
    "{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack
    "ActiveTouchMeetingClient" = WebEx
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
    "Adobe_247961ef275e20c5cb073c36394ac32" = Add or Remove Adobe Creative Suite 3 Web Premium
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "AI RoboForm" = RoboForm 7-7-8-8 (All Users)
    "AIM_7" = AIM 7
    "Amazon Add to Wish List IE Extension" = Amazon Add to Wish List IE Extension 1.1
    "Ashampoo WinOptimizer 9_is1" = Ashampoo WinOptimizer 9 v.9.2.0
    "AXIS Media Control Embedded" = AXIS Media Control Embedded
    "Belarc Advisor" = Belarc Advisor 8.1
    "Carbonite Backup" = Carbonite
    "com.doxo.desktop" = doxo Desktop
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "Dell Dock" = Dell Dock
    "DivX Setup.divx.com" = DivX Setup
    "DL" = Delta Flight Schedules
    "DYMO Label v.8" = DYMO Label v.8
    "FedExDesktop.026F9BDCA0F141E500950436A5D33181EE6B8EF5.1" = FedEx Desktop
    "FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1" = FOX News Live Stream
    "GoToAssist" = GoToAssist Corporate
    "HDR Express" = HDR Express
    "huey_is1" = hueyPRO 1.5.1
    "Info Center_is1" = Info Center 1.0.0.5
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Dell TouchCam
    "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "InstallShield_{32D91AAF-5073-4A14-928A-A1289A3C7B98}" = TURBOFloorPlan3D Home & Landscape PRO
    "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
    "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
    "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "InstallShield_{D23111E1-FF38-44A5-BA9B-05C1FD38F883}" = Compass 2.0
    "InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
    "InstallShield_{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}" = DIRECTV2PC(TM)
    "InstallShield_{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}" = DesignPro 5
    "iZotope Music & Speech Cleaner_is1" = iZotope Music & Speech Cleaner
    "JukeBox" = JukeBox
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "MyAshampoo Toolbar" = MyAshampoo Toolbar
    "Neat" = Neat
    "Network MagicUninstall" = Network Magic
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "OpenDNS Updater" = OpenDNS Updater 2.2.1
    "PC Matic_is1" = PC Matic 1.1.0.41
    "PCN_tools Toolbar" = PCN tools Toolbar
    "Picasa 3" = Picasa 3
    "Plaxo" = Plaxo Toolbar for Windows
    "Publishers Clearing House Prize Bar" = Publishers Clearing House Prize Bar
    "Recover Keys_is1" = Recover Keys
    "RegClean Pro_is1" = RegClean Pro
    "Roxio PhotoShow" = Roxio PhotoShow
    "SIUSBXP&10C4&EA61" = Silicon Laboratories USBXpress Device (Driver Removal)
    "SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
    "Stamps.com" = Stamps.com
    "Stamps.com support for Microsoft Outlook 2000-2010" = Stamps.com support for Microsoft Outlook 2000-2010
    "Stamps.com support for Microsoft Outlook 97-2010" = Stamps.com support for Microsoft Outlook 97-2010
    "Stamps.com support for Microsoft Word 2000-2010" = Stamps.com support for Microsoft Word 2000-2010
    "SugarSync" = SugarSync Manager
    "SystemRequirementsLab" = System Requirements Lab
    "TurboTax 2010" = TurboTax 2010
    "TurboTax 2011" = TurboTax 2011
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "WinLiveSuite" = Windows Live Essentials
    "WS_Ping ProPack" = Ipswitch WS_Ping ProPack Uninstall
    "Xilisoft iPhone Ringtone Maker" = Xilisoft iPhone Ringtone Maker

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3211687241-72407742-1219062426-1104\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Adobe Connect Add-in" = Adobe Connect Add-in
    "Dropbox" = Dropbox
    "f031ef6ac137efc5" = Dell Driver Download Manager
    "GoToAssist Express Expert" = GoToAssist Expert 1.6.0.403
    "Juniper Secure Meeting 6.3.0" = Juniper Networks Secure Meeting 6.3.0
    "Juniper_Setup_Client" = Juniper Networks Setup Client
    "Plaxo" = Plaxo Toolbar for Windows

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/29/2012 7:27:48 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = Bonjour Service | ID = 100
    Description = ERROR: handle_resolve_request bad interfaceIndex 17

    Error - 6/29/2012 7:27:48 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = Bonjour Service | ID = 100
    Description = ERROR: handle_resolve_request bad interfaceIndex 18

    Error - 6/29/2012 7:27:48 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = Bonjour Service | ID = 100
    Description = ERROR: handle_resolve_request bad interfaceIndex 19

    Error - 6/29/2012 7:27:48 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = Bonjour Service | ID = 100
    Description = ERROR: handle_resolve_request bad interfaceIndex 20

    Error - 6/29/2012 7:27:48 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = Bonjour Service | ID = 100
    Description = ERROR: handle_resolve_request bad interfaceIndex 21

    Error - 6/29/2012 7:27:48 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = Bonjour Service | ID = 100
    Description = ERROR: handle_resolve_request bad interfaceIndex 23

    Error - 6/29/2012 7:27:48 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = Bonjour Service | ID = 100
    Description = ERROR: handle_resolve_request bad interfaceIndex 24

    Error - 6/29/2012 7:30:03 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(00:26:b0:92:da:90@fe80::226:b0ff:fe92:da90._apple-mobdev._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 6/29/2012 7:30:03 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(f0:cb:a1:ce:00:05@fe80::f2cb:a1ff:fece:5._apple-mobdev._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 6/29/2012 9:04:33 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
    time stamp: 0x4e211319 Exception code: 0xc0020001 Fault offset: 0x0000b9bc Faulting
    process id: 0x608 Faulting application start time: 0x01cd55f50091beaf Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\syswow64\KERNELBASE.dll Report Id: f81799c3-c1ea-11e1-82d5-002564f2904f

    Error - 6/29/2012 12:00:01 PM | Computer Name = STUDIOXPS.harveypierce.com | Source = Acronis Scheduler | ID = 1
    Description = Scheduler failed to run task with GUID 'DBF82A6E-8270-4171-8A2F-17FE189F9F8B'
    because of error 2 (Failed to find the file (folder) or the key (value) in the
    registry.).

    Error - 6/29/2012 12:06:27 PM | Computer Name = STUDIOXPS.harveypierce.com | Source = Application Hang | ID = 1002
    Description = The program OTL.exe version 3.2.53.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 31f8 Start Time:
    01cd560c81bd9a20 Termination Time: 34554 Application Path: C:\Users\harvey.HARVEYPIERCE0\Desktop\OTL.exe
    Report
    Id: 452da6f3-c204-11e1-82d5-002564f2904f

    [ Dell Events ]
    Error - 3/29/2011 6:07:43 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 4/19/2011 10:51:52 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 4/19/2011 10:51:53 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 4/23/2011 5:30:58 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 4/23/2011 5:30:58 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/31/2011 6:55:23 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/31/2011 6:55:23 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 12/14/2011 9:37:26 PM | Computer Name = STUDIOXPS.harveypierce.com | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 1/15/2012 3:06:16 PM | Computer Name = STUDIOXPS.harveypierce.com | Source = DataSafe | ID = 3
    Description = The process was interrupted before completion.

    Error - 1/15/2012 3:06:16 PM | Computer Name = STUDIOXPS.harveypierce.com | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ Media Center Events ]
    Error - 5/25/2012 5:00:12 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = MCUpdate | ID = 0
    Description = 5:00:06 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/26/2012 4:57:58 PM | Computer Name = STUDIOXPS.harveypierce.com | Source = MCUpdate | ID = 0
    Description = 4:57:57 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/26/2012 5:58:11 PM | Computer Name = STUDIOXPS.harveypierce.com | Source = MCUpdate | ID = 0
    Description = 5:58:11 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/26/2012 6:58:18 PM | Computer Name = STUDIOXPS.harveypierce.com | Source = MCUpdate | ID = 0
    Description = 6:58:17 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/26/2012 7:58:25 PM | Computer Name = STUDIOXPS.harveypierce.com | Source = MCUpdate | ID = 0
    Description = 7:58:25 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/27/2012 3:54:39 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = MCUpdate | ID = 0
    Description = 3:54:39 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/27/2012 4:48:40 PM | Computer Name = STUDIOXPS.harveypierce.com | Source = MCUpdate | ID = 0
    Description = 4:48:40 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/28/2012 4:17:01 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = MCUpdate | ID = 0
    Description = 4:16:53 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/28/2012 4:26:17 PM | Computer Name = STUDIOXPS.harveypierce.com | Source = MCUpdate | ID = 0
    Description = 4:26:17 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    Error - 5/29/2012 4:27:24 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = MCUpdate | ID = 0
    Description = 4:26:56 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    [ System Events ]
    Error - 6/29/2012 6:41:26 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 6/29/2012 6:46:06 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 6/29/2012 6:47:54 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 6/29/2012 6:48:57 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\FileDisk.SYS has been blocked from loading
    due to incompatibility with this system. Please contact your software vendor for
    a compatible version of the driver.

    Error - 6/29/2012 6:50:54 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = Service Control Manager | ID = 7000
    Description = The iolo FileInfoList Service service failed to start due to the following
    error: %%1083

    Error - 6/29/2012 6:52:16 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 6/29/2012 6:53:36 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    FileDisk

    Error - 6/29/2012 7:58:22 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = volsnap | ID = 393241
    Description = The shadow copies of volume C: were deleted because the shadow copy
    storage could not grow in time. Consider reducing the IO load on the system or
    choose a shadow copy storage volume that is not being shadow copied.

    Error - 6/29/2012 8:00:42 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition
    1.129.688.0).

    Error - 6/29/2012 8:23:18 AM | Computer Name = STUDIOXPS.harveypierce.com | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.


    < End of report >
  22. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\URLSearchHook: - No CLSID value found
      IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;localhost 
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (TBSB07898 Class) - {B288F9DE-0E51-442E-B5B0-88BA8BE7A675} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
      O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
      O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
      O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\Toolbar\WebBrowser: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
      O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
      O15 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..Trusted Domains: apcc.com ([www] http in Local intranet)
      O15 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      O15 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..Trusted Domains: localhost ([]* in Local intranet)
      O15 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..Trusted Ranges: Range1 ([*] in Local intranet)
      O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Reg Error: Key error.)
      O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} https://www.plaxo.com/down/latest/PlaxoInstall.cab (Reg Error: Key error.)
      O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Reg Error: Key error.)
      O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (Reg Error: Key error.)
      O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/59.15/uploader2.cab (Reg Error: Key error.)
      O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Reg Error: Key error.)
      O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (Reg Error: Key error.)
      O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (Reg Error: Key error.)
      O16 - DPF: {55CEE8C1-6D7A-4711-A910-93FABAA992A9} http://www.fedex.com/downloads/woas/woas.CAB (Reg Error: Key error.)
      O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (Reg Error: Key error.)
      O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (Reg Error: Key error.)
      O16 - DPF: {8F2EACD9-51A6-4915-B9AD-2AA8657CB472} https://webpostage.stamps.com/webpostage/plugin/SdcWebClientServices.cab (Reg Error: Key error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Reg Error: Key error.)
      O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www1.pcpitstop.com/mhLbl.cab (Reg Error: Key error.)
      O16 - DPF: {A0CC33E0-9DF0-4361-A94D-E55C4008788F} http://biosagentplus.com/files/biosagentplus.cab (Reg Error: Key error.)
      O16 - DPF: {C1355F7F-DF8F-4131-BAF2-2F36DE80E4C3} https://mc1.embarqnow.net/applet/soundrec.cab (Reg Error: Key error.)
      O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics.lexmark.com/serval.cab (Reg Error: Key error.)
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Reg Error: Key error.)
      O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://remote.stamps.com/dana-cached/sc/JuniperSetupClient.cab (Reg Error: Key error.)
      O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} http://www.iolo.com/app/ocx/UpgradeVerify.ocx (Reg Error: Key error.)
      O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
      O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - No CLSID value found.
      [2011/02/09 10:44:11 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\4AD33C29-B63D-43C6-A5B3-F3764A532288
      [2011/10/29 08:17:36 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\4FEEC412-3CD7-4D86-B76B-6B814C6CBB47
      [2011/02/12 20:15:25 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\5EC01B14-BCD2-4559-9809-7E17F3219A18
      [2012/03/11 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\86AB73A6-33CB-4C6E-8294-1BDC976FB24C
      [2012/03/11 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\A38F2500-1FD5-422B-B526-A71CB4DA097B
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Yul Bryner.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Wyatt Waking UP.ASF:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Windows Server 2008 RC0 Product Key.txt:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\wife_s_school.wmv:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Water_Bill.wmv:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Village Sun Ck.bmp:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Vacation 2008 FL.iso:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\TurboCAD 9-3.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\TurboCAD 9-2.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\TurboCAD 9-1.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Trail Band.jwl:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Terry's 460.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Terry Swimsuit.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Terry Stew.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Terry Pumpkin.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Strip_Poker.wmv:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\sitting.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\server_vm_manual.pdf:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Sean & Jeff.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\SeaLion pup.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\scan0004.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\scan0003.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\scan0002.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\scan0001.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Sarah-@-1month.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Sarah.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Santa 06.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Santa 05.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Sample - Toddler's Picture.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\RobinaHood.wmv:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\QHIM-7.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\PILOTGUNS.mpeg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\pilot.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Pierce Family.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\picture clipping.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Pete & Crickett.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Patsy & Jim.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\PapaBill2.wmv:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Pacific Explorer 2003.mov.tif:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Nursery.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\NTSBPicturesHillaryClintoncrash.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\MS Vista SP1.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\max.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Marks Grad College.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Mark Port.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Mark Grad.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Mark & Billie.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\m&B5x5.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\linksys 54x key.txt:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Truck Stop.mp4:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Truck Stop.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Sweet 'N Sassy.mp4:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Sweet 'N Sassy.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Rock Me Back to Little Rock.mp4:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Rock Me Back to Little Rock.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Raindrops Keep Fallin' on my Head.mp4:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Raindrops Keep Fallin' on my Head.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - My Elusive Dreams.mp4:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - My Elusive Dreams.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Leaving on a Jet Plane.mp4:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Leaving on a Jet Plane.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Freight Train.mp4:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Freight Train.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Everybody's Talkin'.mp4:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Everybody's Talkin'.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Easy Come, Easy Go.mp4:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Easy Come, Easy Go.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Easy Come, Easy Go.m3u:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Early in the Morning.mp4:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Early in the Morning.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Can't Help Falling in Love.mp4:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Can't Help Falling in Love.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lauren2.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lauren1.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy Sundress.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy Port.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy Drama.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy 5th grade.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy & Kelsey.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy & Kam Ballet.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy - Tulips.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\kam's arrival.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\KamKing2.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam Woodward.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam Woodward Grad.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam Placement.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam MD Card.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam King Pgm.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam King 2.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam King 1.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam Drama.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\kam and max1.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\kam and max.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\K&K Hawaii 89.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Jeffries, Sharon (20050630115948390) 20050630122023625.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Jeffries, Sharon (20050630115948390) 20050630121424093.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\January 2007 027.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\January 2007 025.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\January 2007 019.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\January 2007 011.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\January 2007 008.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\January 2007 006.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Iraqi Clipping.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1763.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1762.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1761.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1760.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1759.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1758.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1757.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP0480.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP0479.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP0478.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP0477.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_1962.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_1956.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_1951.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_1936.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_1917.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_1911.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_0050.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_0049.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Horrorbride25Jan03.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\High-Chair.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\giggling.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\February 2007 002.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Family in Tulips.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Exch error 1.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\duckair.mpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Dscn0010.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Dscn0008.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\dogskating.wmv:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\DepartmentofHealth1.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\deltaebonics[1].wav:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Deck Plan.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 110.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 080.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 064.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 057.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 054.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 035.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 020.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 017.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 016.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 9.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 8.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 7.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 6.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 5.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 4.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 3.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 2.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 10.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 1.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Crib.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Copy of DSCN0054.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Colo-rectalSurgeonwhit.wav:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Christopher0.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Christopher.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Christopher Easter.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Christopher 1.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cat Door_1.MPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\BRUNSWICK STEW.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 024.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 023b.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 023a.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 023.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 021.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 018.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 015.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 014.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 012.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 009.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 007.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\AmyPopsTerry.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Amy & Christopher.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\album4.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Adoption Papers.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Accessories Order Form.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\70425006.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\407terry med.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\31 Dec 00.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\3 kids.jpg:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\11-10-05_1522.jpg:Roxio EMC Stream
      @Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:AEC0AC81
      @Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:0FF263E8
      @Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:FD9CE1F3
      @Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:01C66DD9
      @Alternate Data Stream - 182 bytes -> C:\ProgramData\Temp:0B9FB94D
      @Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:C6070AC3
      @Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:F35A93AD
      @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:652E33DB
      @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:9E7821E2
      @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:19F783D8
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files (x86)\Ask.com
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ========================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
  23. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    The OTL Fixlog.

    All processes killed
    Error: Unable to interpret <• :OTL> in the current context!
    Error: Unable to interpret <• IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\URLSearchHook: - No CLSID value found> in the current context!
    Error: Unable to interpret <• IE - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;localhost > in the current context!
    Error: Unable to interpret <• O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.> in the current context!
    Error: Unable to interpret <• O2 - BHO: (TBSB07898 Class) - {B288F9DE-0E51-442E-B5B0-88BA8BE7A675} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found> in the current context!
    Error: Unable to interpret <• O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)> in the current context!
    Error: Unable to interpret <• O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found> in the current context!
    Error: Unable to interpret <• O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)> in the current context!
    Error: Unable to interpret <• O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
    Error: Unable to interpret <• O3 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..\Toolbar\WebBrowser: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)> in the current context!
    Error: Unable to interpret <• O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found> in the current context!
    Error: Unable to interpret <• O15 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..Trusted Domains: apcc.com ([www] http in Local intranet)> in the current context!
    Error: Unable to interpret <• O15 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)> in the current context!
    Error: Unable to interpret <• O15 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..Trusted Domains: localhost ([]* in Local intranet)> in the current context!
    Error: Unable to interpret <• O15 - HKU\S-1-5-21-3211687241-72407742-1219062426-1104\..Trusted Ranges: Range1 ([*] in Local intranet)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} https://www.plaxo.com/down/latest/PlaxoInstall.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/59.15/uploader2.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {55CEE8C1-6D7A-4711-A910-93FABAA992A9} http://www.fedex.com/downloads/woas/woas.CAB (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {8F2EACD9-51A6-4915-B9AD-2AA8657CB472} https://webpostage.stamps.com/webpostage/plugin/SdcWebClientServices.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www1.pcpitstop.com/mhLbl.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {A0CC33E0-9DF0-4361-A94D-E55C4008788F} http://biosagentplus.com/files/biosagentplus.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {C1355F7F-DF8F-4131-BAF2-2F36DE80E4C3} https://mc1.embarqnow.net/applet/soundrec.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics.lexmark.com/serval.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://remote.stamps.com/dana-cached/sc/JuniperSetupClient.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} http://www.iolo.com/app/ocx/UpgradeVerify.ocx (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - No CLSID value found.> in the current context!
    Error: Unable to interpret <• [2011/02/09 10:44:11 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\4AD33C29-B63D-43C6-A5B3-F3764A532288> in the current context!
    Error: Unable to interpret <• [2011/10/29 08:17:36 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\4FEEC412-3CD7-4D86-B76B-6B814C6CBB47> in the current context!
    Error: Unable to interpret <• [2011/02/12 20:15:25 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\5EC01B14-BCD2-4559-9809-7E17F3219A18> in the current context!
    Error: Unable to interpret <• [2012/03/11 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\86AB73A6-33CB-4C6E-8294-1BDC976FB24C> in the current context!
    Error: Unable to interpret <• [2012/03/11 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\harvey.HARVEYPIERCE0\AppData\Roaming\A38F2500-1FD5-422B-B526-A71CB4DA097B> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Yul Bryner.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Wyatt Waking UP.ASF:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Windows Server 2008 RC0 Product Key.txt:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\wife_s_school.wmv:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Water_Bill.wmv:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Village Sun Ck.bmp:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Vacation 2008 FL.iso:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\TurboCAD 9-3.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\TurboCAD 9-2.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\TurboCAD 9-1.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Trail Band.jwl:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Terry's 460.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Terry Swimsuit.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Terry Stew.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Terry Pumpkin.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Strip_Poker.wmv:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\sitting.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\server_vm_manual.pdf:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Sean & Jeff.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\SeaLion pup.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\scan0004.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\scan0003.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\scan0002.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\scan0001.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Sarah-@-1month.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Sarah.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Santa 06.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Santa 05.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Sample - Toddler's Picture.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\RobinaHood.wmv:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\QHIM-7.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\PILOTGUNS.mpeg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\pilot.mp3:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Pierce Family.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\picture clipping.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Pete & Crickett.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Patsy & Jim.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\PapaBill2.wmv:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Pacific Explorer 2003.mov.tif:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Nursery.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\NTSBPicturesHillaryClintoncrash.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\MS Vista SP1.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\max.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Marks Grad College.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Mark Port.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Mark Grad.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Mark & Billie.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\m&B5x5.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\linksys 54x key.txt:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Truck Stop.mp4:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Truck Stop.mp3:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Sweet 'N Sassy.mp4:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Sweet 'N Sassy.mp3:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Rock Me Back to Little Rock.mp4:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Rock Me Back to Little Rock.mp3:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Raindrops Keep Fallin' on my Head.mp4:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Raindrops Keep Fallin' on my Head.mp3:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - My Elusive Dreams.mp4:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - My Elusive Dreams.mp3:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Leaving on a Jet Plane.mp4:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Leaving on a Jet Plane.mp3:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Freight Train.mp4:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Freight Train.mp3:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Everybody's Talkin'.mp4:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Everybody's Talkin'.mp3:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Easy Come, Easy Go.mp4:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Easy Come, Easy Go.mp3:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Easy Come, Easy Go.m3u:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Early in the Morning.mp4:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Early in the Morning.mp3:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Can't Help Falling in Love.mp4:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lenny Dee - Can't Help Falling in Love.mp3:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lauren2.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Lauren1.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy Sundress.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy Port.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy Drama.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy 5th grade.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy & Kelsey.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy & Kam Ballet.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kathy - Tulips.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\kam's arrival.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\KamKing2.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam Woodward.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam Woodward Grad.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam Placement.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam MD Card.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam King Pgm.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam King 2.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam King 1.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Kam Drama.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\kam and max1.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\kam and max.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\K&K Hawaii 89.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Jeffries, Sharon (20050630115948390) 20050630122023625.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Jeffries, Sharon (20050630115948390) 20050630121424093.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\January 2007 027.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\January 2007 025.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\January 2007 019.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\January 2007 011.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\January 2007 008.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\January 2007 006.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Iraqi Clipping.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1763.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1762.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1761.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1760.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1759.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1758.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP1757.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP0480.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP0479.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP0478.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMGP0477.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_1962.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_1956.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_1951.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_1936.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_1917.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_1911.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_0050.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\IMG_0049.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Horrorbride25Jan03.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\High-Chair.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\giggling.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\February 2007 002.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Family in Tulips.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Exch error 1.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\duckair.mpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Dscn0010.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Dscn0008.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\dogskating.wmv:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\DepartmentofHealth1.doc:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\deltaebonics[1].wav:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Deck Plan.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 110.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 080.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 064.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 057.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 054.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 035.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 020.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 017.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\December 2006 016.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 9.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 8.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 7.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 6.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 5.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 4.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 3.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 2.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 10.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cruise West Day 1.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Crib.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Copy of DSCN0054.JPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Colo-rectalSurgeonwhit.wav:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Christopher0.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Christopher.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Christopher Easter.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Christopher 1.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Cat Door_1.MPG:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\BRUNSWICK STEW.doc:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 024.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 023b.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 023a.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 023.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 021.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 018.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 015.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 014.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 012.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 009.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\April 07 007.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\AmyPopsTerry.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Amy & Christopher.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\album4.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Adoption Papers.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\Accessories Order Form.doc:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\70425006.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\407terry med.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\31 Dec 00.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\3 kids.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 76 bytes -> C:\Users\harvey.HARVEYPIERCE0\Documents\11-10-05_1522.jpg:Roxio EMC Stream> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:AEC0AC81> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:0FF263E8> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:FD9CE1F3> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:01C66DD9> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 182 bytes -> C:\ProgramData\Temp:0B9FB94D> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:C6070AC3> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:F35A93AD> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:652E33DB> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:9E7821E2> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:19F783D8> in the current context!
    Error: Unable to interpret <• > in the current context!
    Error: Unable to interpret <• :Services> in the current context!
    Error: Unable to interpret <• > in the current context!
    Error: Unable to interpret <• :Reg> in the current context!
    Error: Unable to interpret <• > in the current context!
    Error: Unable to interpret <• :Files> in the current context!
    Error: Unable to interpret <• C:\Program Files (x86)\Ask.com> in the current context!
    Error: Unable to interpret <• > in the current context!
    Error: Unable to interpret <• :Commands> in the current context!
    Error: Unable to interpret <• [purity]> in the current context!
    Error: Unable to interpret <• [emptytemp]> in the current context!
    Error: Unable to interpret <• [emptyjava]> in the current context!
    Error: Unable to interpret <• [emptyflash]> in the current context!
    Error: Unable to interpret <• [Reboot]> in the current context!

    OTL by OldTimer - Version 3.2.53.0 log created on 06292012_155331
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
  24. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    Checkup.txt

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    iolo technologies' System Mechanic Professional
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    iZotope Music & Speech Cleaner
    Java(TM) 6 Update 30
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    iolo Common Lib ioloServiceManager.exe
    ``````````End of Log````````````
  25. Harvey Pierce

    Harvey Pierce Newcomer, in training Topic Starter Posts: 24

    FSS.TXT

    Farbar Service Scanner Version: 25-06-2012 01
    Ran by harvey (administrator) on 29-06-2012 at 16:27:52
    Running from "C:\Users\harvey.HARVEYPIERCE0\Desktop"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.